Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avgui software restriction policy


  • This topic is locked This topic is locked
13 replies to this topic

#1 Thriller2

Thriller2

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 12 April 2015 - 07:51 AM

Hello!

 

I have the same problem many people have had before not being to run AVG. I have run Farbar and here are the logs, hope you can help (thank you very much):

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2015
Ran by John (administrator) on JOHN on 12-04-2015 13:44:16
Running from C:\Documents and Settings\John\Local Settings\Temp
Loaded Profiles: John (Available profiles: John)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Maxthon4\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Solid Documents, LLC) C:\WINDOWS\Installer\MSI8C.tmp
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\PROGRA~1\SEARCH~1\SearchProtect\bin\cltmng.exe
() C:\PROGRA~1\SEARCH~1\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(cyberlink) C:\Program Files\CyberLink\Shared Files\brs.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
() C:\Documents and Settings\John\Application Data\AceWebExtension\updater\ace_web_extension.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Cerulean Studios) C:\Program Files\Trillian\trillian.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
() C:\Program Files\Trillian\plugins\skypekit.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(AVG Secure Search) C:\Program Files\AVG Web TuneUp\avgcefrend.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [JMB36X IDE Setup] => C:\WINDOWS\JM\JMInsIDE.exe [36864 2006-10-30] ()
HKLM\...\Run: [36X Raid Configurer] => C:\WINDOWS\system32\JMRaidSetup.exe [1953792 2007-02-06] (Gigabyte Technology Corp.)
HKLM\...\Run: [P17Helper] => Rundll32 P17.dll,P17Helper
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [56080 2007-04-11] (Logitech Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47392 2010-03-16] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-04-02] (cyberlink)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-08-26] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-11] (Avast Software s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3033112 2015-04-12] ()
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [AceWebException] => C:\Documents and Settings\John\Application Data\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-03-16] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1220945662-179605362-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1220945662-179605362-839522115-1003] => 62.82.84.1:8082
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={9C6A8996-CA32-4D9F-B828-E03CB700D8E4}&mid=d3f4836dfff97cce9231450a218eb90b-dc5fa2e1e72bbe4e1a511e1f9e8542de4064cf77&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-04-12 13:40:15&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> {5F4764C9-A953-44D8-BA81-4C334ADB8090} URL = http://rover.ebay.com/rover/1/711-53200-19255-0/1?satitle={searchTerms}&ext={searchTerms}&customid=&toolid=10001&campid=5336017972&type=3
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> {6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035} URL = http://www.amazon.com/gp/search?keywords={searchTerms}&index=blended&tag=dffx-20&camp=1789&creative=9325&linkCode=ur2&ie=UTF-8
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> {7E8A4B92-CE05-4B40-92D2-4B8A0F636CD5} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9C6A8996-CA32-4D9F-B828-E03CB700D8E4}&mid=d3f4836dfff97cce9231450a218eb90b-dc5fa2e1e72bbe4e1a511e1f9e8542de4064cf77&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-04-12 13:40:15&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-04-12] (AVG)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll [2009-11-03] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-08] (Sun Microsystems, Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-09-08] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1220945662-179605362-839522115-1003: @acestream.net/acestreamplugin,version=3.0.2 -> C:\Documents and Settings\John\Application Data\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1220945662-179605362-839522115-1003: @Google.com/GoogleEarthPlugin -> C:\Documents and Settings\John\Local Settings\Application Data\Google\Google Earth\plugin\npgeplugin.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-04]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-09-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-21]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Google Drive) - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21]
CHR Extension: (YouTube) - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21]
CHR Extension: (Google Search) - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-12]
CHR Extension: (No Name) - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-10-18]
CHR Extension: (Google Wallet) - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Gmail) - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-11] (Avast Software s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S2 gupdate1c98578cbd7373e; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-09-08] (Sun Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-05-24] (Lexmark International, Inc.)
R2 SCPDFReadSpool; C:\WINDOWS\Installer\MSI8C.tmp [189760 2014-05-06] (Solid Documents, LLC)
R2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-04-12] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-12] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2008-07-26] (Meetinghouse Data Communications) [File not signed]
S3 AF05BDA; C:\WINDOWS\System32\drivers\AF05BDA.sys [133504 2006-03-02] (AfaTech                  )
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-11] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-04-11] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-11] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-11] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-04-11] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427736 2015-04-11] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-11] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208024 2015-04-11] ()
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [209376 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, s.r.o.)
S3 Belkin700F; C:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys [303616 2006-10-19] (Belkin Corporation.                          )
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DCamUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emDevice.sys [100957 2004-04-06] (eMPIA Technology, Inc.)
S3 emAudio; C:\WINDOWS\System32\drivers\emAudio.sys [19712 2004-04-26] (eMPIA Technology, Inc.)
R3 fcdabus; C:\WINDOWS\System32\DRIVERS\fcdabus.sys [17840 2006-11-09] (FarStone Inc.)
S3 FiltUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emFilter.sys [5245 2004-04-06] (eMPIA Technology, Inc.)
R3 fsRamDsk; C:\WINDOWS\System32\DRIVERS\fsRamDsk.sys [37120 2006-11-09] () [File not signed]
R0 FVXSCSI; C:\WINDOWS\System32\DRIVERS\fvxscsi.sys [81944 2007-01-26] (FarStone Inc.)
S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2007-10-05] (Windows ® 2000 DDK provider)
R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [44928 2007-02-16] (JMicron Technology Corp.)
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28688 2007-04-11] (Logitech, Inc.)
S3 LwUsbHid; C:\WINDOWS\System32\DRIVERS\LwUsbHid.sys [22848 2001-08-17] (Logitech Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 OVT511Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision Technologies, Inc.) [File not signed]
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1389056 2005-07-07] (Creative Technology Ltd.)
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [483968 2007-07-28] (Ralink Technology, Corp.)
S3 RTL2831UBDA; C:\WINDOWS\System32\drivers\RTL2831UBDA.sys [94112 2008-01-31] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2831UUSB; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys [32800 2008-01-31] (REALTEK SEMICONDUCTOR Corp.)
S3 SbcpHid; C:\WINDOWS\system32\Drivers\SbcpHid.sys [22400 2001-08-23] () [File not signed]
S3 ScanUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emScan.sys [4493 2004-04-06] (eMPIA Technology, Inc.)
S3 SjyPkt; C:\WINDOWS\System32\Drivers\SjyPkt.sys [13532 2002-10-02] (Windows ® 2000 DDK provider) [File not signed]
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [361728 2007-01-29] (eMPIA Technology, Inc.) [File not signed]
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [39680 2007-01-29] (eMPIA Technology, Inc.) [File not signed]
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
S3 WmUsbHid; C:\WINDOWS\System32\drivers\WmUsbHid.sys [22944 2004-05-19] (Logitech Inc.) [File not signed]
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-04-02] (CyberLink Corp.)
R1 {7b7db604-54eb-492b-a629-19e0f0c6ac57}Gt; C:\WINDOWS\System32\drivers\{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gt.sys [55824 2015-01-03] (StdLib)
S3 catchme; \??\C:\commy\catchme.sys [X]
S3 GTNDIS5; \??\C:\PROGRA~1\Belkin\F5D900~1\GTNDIS5.SYS [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 13:44 - 2015-04-12 13:44 - 00000000 ____D () C:\FRST
2015-04-12 13:40 - 2015-04-12 13:40 - 00000168 _____ () C:\WINDOWS\system32\debug.log
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\John\Local Settings\Application Data\AVG Web TuneUp
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\John\Application Data\AVG Web TuneUp
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2015-04-12 13:39 - 2015-04-12 13:40 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-04-12 13:31 - 2015-04-12 13:31 - 00000000 ____D () C:\Documents and Settings\John\Application Data\AVG2015
2015-04-12 13:30 - 2015-04-12 13:30 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-04-12 13:30 - 2015-04-12 13:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-04-12 13:29 - 2015-04-12 13:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2015-04-12 13:29 - 2015-04-12 13:29 - 00007235 _____ () C:\WINDOWS\setupapi.log
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ___HD () C:\$AVG
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ____D () C:\WINDOWS\LastGood
2015-04-12 13:23 - 2015-04-12 13:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-04-12 13:23 - 2015-04-12 13:31 - 00000000 ____D () C:\Documents and Settings\John\Local Settings\Application Data\Avg2015
2015-04-12 13:23 - 2015-04-12 13:23 - 04818760 _____ (AVG Technologies) C:\Documents and Settings\John\Desktop\avg_free_stb_all_5863p1_177.exe
2015-04-12 13:23 - 2015-04-12 13:23 - 00000000 ____D () C:\Documents and Settings\John\Local Settings\Application Data\MFAData
2015-04-12 13:10 - 2015-04-12 13:10 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-04-12 13:10 - 2015-04-12 13:10 - 00001689 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-04-12 13:10 - 2015-04-12 13:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-04-12 13:07 - 2015-04-11 16:09 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-11 16:10 - 2015-04-11 16:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-04-11 16:09 - 2015-04-11 16:09 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-05 20:39 - 2015-04-05 20:39 - 00062158 _____ () C:\Documents and Settings\John\Desktop\RealFeel101612.rar
2015-04-05 12:20 - 2015-04-11 12:36 - 00000000 ____D () C:\Documents and Settings\John\Desktop\Heaving airfoil Toni
2015-04-02 08:51 - 2015-04-01 21:08 - 06821496 _____ (TomTom International B.V.) C:\Documents and Settings\John\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2015-03-25 11:24 - 2015-03-25 11:24 - 00209376 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-03-24 21:02 - 2015-04-12 12:59 - 00000568 _____ () C:\WINDOWS\Tasks\avaavxvyex.job
2015-03-21 13:37 - 2015-03-21 13:37 - 00000116 _____ () C:\WINDOWS\ConverterCore.INI
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 13:45 - 2007-10-06 11:38 - 00012831 _____ () C:\Documents and Settings\John\Desktop\notes.txt
2015-04-12 13:45 - 2007-10-05 14:20 - 00000000 ____D () C:\Documents and Settings\John\Local Settings\Temp
2015-04-12 13:43 - 2014-02-07 21:38 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-04-12 13:28 - 2009-03-30 00:34 - 00000000 ____D () C:\Program Files\AVG
2015-04-12 13:19 - 2007-10-05 14:15 - 01410741 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-12 13:16 - 2011-07-31 20:01 - 00000000 ____D () C:\Program Files\Trillian
2015-04-12 13:15 - 2014-07-21 23:10 - 00000326 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-04-12 13:15 - 2007-10-05 15:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-12 13:15 - 2007-10-05 15:10 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-04-12 13:14 - 2009-07-01 00:59 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 13:14 - 2007-10-05 14:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-12 13:12 - 2014-07-20 23:27 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat
2015-04-12 13:12 - 2007-10-05 14:19 - 00032618 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-12 13:09 - 2007-11-04 15:10 - 00000000 ____D () C:\Program Files\Google
2015-04-12 12:55 - 2004-08-04 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-12 01:10 - 2014-10-18 15:57 - 00000000 ____D () C:\Documents and Settings\John\Application Data\.ACEStream
2015-04-12 00:52 - 2009-07-01 00:59 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 20:43 - 2014-02-07 21:38 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-04-11 16:15 - 2014-10-18 15:57 - 00000000 ___HD () C:\_acestream_cache_
2015-04-11 16:09 - 2014-07-21 23:07 - 00788272 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00427736 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00208024 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00073440 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-07 23:17 - 2015-01-31 12:44 - 00020307 _____ () C:\Documents and Settings\John\Desktop\hackdiet_db.csv
2015-04-05 19:02 - 2011-04-18 23:41 - 00027186 _____ () C:\Documents and Settings\John\My Documents\££.xlsx
2015-04-02 08:52 - 2007-10-05 15:08 - 00513676 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-29 23:00 - 2007-11-03 19:27 - 00000000 ____D () C:\Documents and Settings\John\Application Data\Skype
2015-03-25 21:32 - 2012-09-02 19:39 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-24 21:07 - 2007-10-05 15:07 - 00189425 _____ () C:\WINDOWS\setupact.log
2015-03-24 21:02 - 2015-01-04 11:37 - 00000000 ____D () C:\Program Files\SearchProtect
2015-03-21 11:53 - 2014-09-28 09:43 - 00000000 ___RD () C:\Program Files\Skype
2015-03-21 11:53 - 2007-11-03 19:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
 
==================== Files in the root of some directories =======
 
2009-08-09 19:43 - 2009-08-09 19:43 - 0002528 _____ () C:\Documents and Settings\John\Application Data\$_hpcst$.hpc
2009-11-10 12:48 - 2009-11-10 12:48 - 23373120 _____ (Solid Documents, LLC) C:\Documents and Settings\John\Application Data\solidconverterpdf.exe
2007-10-28 20:52 - 2015-01-11 14:09 - 0179200 _____ () C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-29 21:11 - 2013-01-29 21:11 - 0026900 _____ () C:\Documents and Settings\John\Local Settings\Application Data\dt.dat
 
Some content of TEMP:
====================
C:\Documents and Settings\John\Local Settings\Temp\avast_free_antivirus_setup_online_cnet.exe
C:\Documents and Settings\John\Local Settings\Temp\FRST.exe
C:\Documents and Settings\John\Local Settings\Temp\parctmp.exe
C:\Documents and Settings\John\Local Settings\Temp\powarc150106.exe
C:\Documents and Settings\John\Local Settings\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2015
Ran by John at 2015-04-12 13:46:15
Running from C:\Documents and Settings\John\Local Settings\Temp
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ace Stream Media 3.0.2 (HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\AceStream) (Version: 3.0.2 - Ace Stream Media)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4328 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bahrain International Circuit by CTDP V2.0 BETA (HKLM\...\{F72CC350-CDF1-47AF-A474-4E2404EBBEB9}_is1) (Version: 2.0 - Cars & Tracks Development Project)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cambridge Advanced Learner's Dictionary (HKLM\...\Cambridge Advanced Learner's Dictionary) (Version:  - )
CDDRV_Installer (Version: 1.00.0000 - Logitech) Hidden
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version:  - )
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1705 - CyberLink Corp.)
DiRT (HKLM\...\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}) (Version: 1.00.0000 - Codemasters)
F1 2010 (HKLM\...\GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}) (Version: 1.0.0000.132 - Codemasters)
F1 2010 (Version: 1.0.0000.132 - Codemasters) Hidden
F1 2010 (Version: 1.0.0001.132 - Codemasters) Hidden
F1 2011 (HKLM\...\Steam App 44360) (Version:  - Codemasters Birmingham)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Gigabyte Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Grand Prix 4 (HKLM\...\{C7D27207-0F86-4B6F-859C-21800A2C592E}) (Version:  - )
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 2 Runtime Environment, SE v1.4.2_15 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142150}) (Version: 1.4.2_15 - Sun Microsystems, Inc.)
Java™ 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Java™ 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
KhalInstallWrapper (Version: 4.00.121 - Logitech) Hidden
Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version:  - )
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
Logitech SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 4.00 - Logitech)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Bookshelf en Español (HKLM\...\Bookshelf96E) (Version:  - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{51F96AEC-D902-4434-A0DC-B9692A21AE7C}) (Version: 3.0.0.101 - Apple Inc.)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NVIDIA Graphics Driver 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.99 - NVIDIA Corporation)
NVIDIA nView 135.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.36 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PatchBeam (HKLM\...\PatchBeam) (Version: 1.20 - ConeXware, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerArchiver 2015 (HKLM\...\PowerArchiver 2015 15.00.42) (Version: 15.00.42 - ConeXware, Inc.)
PowerArchiver 2015 (Version: 15.00.42 - ConeXware, Inc.) Hidden
Public Edition Version 2.1 patch. You must have 2.0 installed p (HKLM\...\{E475BD43-9722-4FAE-BFBE-B8061C34583C}_is1) (Version:  - Mak Modding Group)
Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.11.31 - Intuit)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Rapture3D 2.4.9 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Real Alternative 1.52 (HKLM\...\RealAlt_is1) (Version: 1.52 - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.08.0000 - Realtek)
rFactor (remove only) (HKLM\...\rFactor) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Search Protect (HKLM\...\SearchProtect) (Version: 2.22.0.160 - Client Connect LTD) <==== ATTENTION
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Solid Converter PDF (HKLM\...\{56BFAA6E-2BCC-4AED-9233-84731E66B205}) (Version: 6.0.669.0 - SolidDocuments)
SopCast 3.8.3 (HKLM\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Sound Blaster Audigy (HKLM\...\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}) (Version: 1.0 - )
SPB Backup (HKLM\...\SPB Backup) (Version:  - )
SPB Backup 2.1.0 (HKLM\...\SPB Backup_is1) (Version:  - SPB Software)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TrackMania United DVD Patch 2006-12-15 (HKLM\...\TmUnited_is1) (Version:  - Nadeo)
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
Tv Style Beta 0.9 (HKLM\...\rF Tv Style_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
V8Factor Season 2006 (HKLM\...\V8Factor Season 2006) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtualDrive Pro (HKLM\...\{EEE22184-B53C-4B87-9F5B-53638160B966}) (Version: 11.10 - FarStone Technology Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 Hotfix - KB894476 (HKLM\...\KB894476) (Version:  - Microsoft Corporation)
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Mobile Resources (HKLM\...\Windows Mobile Device Handbook) (Version: 1.0 - Microsoft Corporation)
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\Maxthon4\Bin\Maxthon.exe (Maxthon International ltd.)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{B7125B4E-CA73-47f1-AEAA-6B3EFA553F5A}\InprocServer32 -> C:\Program Files\Trillian\events.dll (Cerulean Studios)
CustomCLSID: HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
 
==================== Restore Points  =========================
 
ATTENTION: System Restore is disabled.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 13:00 - 2014-07-21 20:02 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avaavxvyex.job => C:\Documents and Settings\John\Local Settings\Application Data\avaavxvyex\avaavxvyex.exe C:\Documents and Settings\John\Local Settings\Application Data\avaavxvyex\avaavxvyex.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-12 13:07 - 2015-04-12 13:07 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2014-05-06 20:58 - 2009-10-23 21:20 - 00027456 _____ () C:\WINDOWS\system32\solidlocalmon.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-16 19:55 - 2015-03-16 19:55 - 04462864 _____ () C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
2015-03-16 19:55 - 2015-03-16 19:55 - 03270928 _____ () C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
2005-05-03 12:38 - 2005-05-03 12:38 - 00064512 ____R () C:\WINDOWS\system32\P17.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2015-03-07 17:47 - 2015-02-28 04:23 - 00022824 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\ace_web_extension.exe
2015-03-07 17:47 - 2011-06-12 15:09 - 00038400 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\_socket.pyd
2015-03-07 17:47 - 2011-06-12 15:09 - 00720896 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\_ssl.pyd
2015-03-07 17:47 - 2014-01-23 14:37 - 00036352 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\_psutil_mswindows.pyd
2015-03-07 17:47 - 2012-02-07 19:37 - 00098816 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\win32api.pyd
2015-03-07 17:47 - 2012-02-07 19:35 - 00110080 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\pywintypes27.dll
2015-03-07 17:47 - 2012-02-07 19:38 - 00358912 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\pythoncom27.dll
2015-03-07 17:47 - 2012-02-07 19:42 - 00266240 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\win32com.shell.shell.pyd
2015-03-07 17:47 - 2011-06-12 15:06 - 00287232 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\_hashlib.pyd
2015-03-07 17:47 - 2011-06-12 15:06 - 00106496 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\_ctypes.pyd
2015-03-07 17:47 - 2010-10-11 00:23 - 00723968 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\apsw.pyd
2015-03-07 17:47 - 2011-01-19 00:56 - 00334336 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd
2015-03-07 17:47 - 2011-06-12 15:06 - 00011776 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\select.pyd
2015-03-07 17:47 - 2011-06-12 15:06 - 00152576 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\pyexpat.pyd
2015-03-07 17:47 - 2011-06-12 15:06 - 00688128 _____ () C:\Documents and Settings\John\Application Data\AceWebExtension\updater\lib\unicodedata.pyd
2014-12-18 01:00 - 2014-12-18 01:00 - 00059904 _____ () C:\Program Files\Trillian\zlib1.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00187392 _____ () C:\Program Files\Trillian\libpng15.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00006656 _____ () c:\program files\trillian\languages\en\trillian.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00065536 _____ () C:\Program Files\Trillian\libungif.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00003584 _____ () c:\program files\trillian\languages\en\toolkit.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00006656 _____ () c:\program files\trillian\languages\en\events.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00010752 _____ () c:\program files\trillian\languages\en\buddy.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00007168 _____ () c:\program files\trillian\languages\en\talk.dll
2010-11-13 12:51 - 2003-07-17 17:57 - 00091136 _____ () c:\documents and settings\John\application data\trillian\plugins\calendar_v0.8.dll
2010-11-13 19:26 - 2006-07-30 02:52 - 00233472 _____ () c:\documents and settings\John\application data\trillian\plugins\bdc.dll
2004-08-04 13:00 - 2008-04-14 01:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 13:00 - 2008-04-14 01:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-08-21 09:10 - 2014-10-10 23:25 - 10809344 _____ () c:\program files\trillian\plugins\skypekit.exe
2014-10-18 11:24 - 2014-09-11 04:19 - 00258944 _____ () C:\Program Files\Maxthon4\bin\Maxzlib.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 00247096 _____ () C:\Program Files\Maxthon4\Addons\Mobile\MxMobile.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 00258944 _____ () C:\Program Files\Maxthon4\Bin\maxzlib.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 00887064 _____ () C:\Program Files\Maxthon4\Core\Webkit\libglesv2.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 00109336 _____ () C:\Program Files\Maxthon4\Core\Webkit\libegl.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 04055504 _____ () C:\Program Files\Maxthon4\Core\Webkit\pdf.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 17029808 _____ () C:\Program Files\Maxthon4\Core\Webkit\Npplugins\NPSWF32_14_0_0_145.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 02128152 _____ () C:\Program Files\Maxthon4\Core\Webkit\ffmpegsumo.dll
2015-04-12 13:39 - 2015-04-12 13:39 - 00620056 ____N () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2015-04-12 13:40 - 2015-04-12 13:39 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2015-04-12 13:40 - 2015-04-12 13:39 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2015-04-12 13:40 - 2015-04-12 13:39 - 03033112 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2015-04-12 13:40 - 2015-04-12 13:39 - 40630296 _____ () C:\Program Files\AVG Web TuneUp\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogitechCommunicationsManager => "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
MSCONFIG\startupreg: LVCOMSX => "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RAMDrive => "C:\Program Files\VirtualDrive\VHD\RDTask.exe"
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\UpdReg.EXE
MSCONFIG\startupreg: VirtualDrive => "C:\Program Files\VirtualDrive\VDTask.exe" /AutoRestore
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1220945662-179605362-839522115-500 - Administrator - Enabled)
Guest (S-1-5-21-1220945662-179605362-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1220945662-179605362-839522115-1000 - Limited - Disabled)
John (S-1-5-21-1220945662-179605362-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\John
SUPPORT_388945a0 (S-1-5-21-1220945662-179605362-839522115-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/06/2015 07:58:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application trillian.exe, version 5.5.0.19, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/06/2015 07:54:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application trillian.exe, version 5.5.0.19, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/22/2015 10:23:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ace_player.exe, version 2.2.3.0, faulting module libqt4_plugin.dll, version 0.0.0.0, fault address 0x00580a0a.
Processing media-specific event for [ace_player.exe!ws!]
 
Error: (02/11/2015 10:32:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Maxthon.exe, version 4.4.3.4000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/24/2015 04:01:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SopCast.exe, version 3.8.3.501, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/24/2015 03:58:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SopCast.exe, version 3.8.3.501, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/24/2015 03:55:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SopCast.exe, version 3.8.3.501, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/10/2014 10:04:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Maxthon.exe, version 4.4.2.2000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/03/2014 10:42:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application TmUnited.exe, version 0.0.0.0, faulting module TmUnited.exe, version 0.0.0.0, fault address 0x00005ca8.
Processing media-specific event for [TmUnited.exe!ws!]
 
Error: (12/01/2014 10:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application TmUnited.exe, version 0.0.0.0, faulting module TmUnited.exe, version 0.0.0.0, fault address 0x00005ca8.
Processing media-specific event for [TmUnited.exe!ws!]
 
 
System errors:
=============
Error: (04/12/2015 01:44:37 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 01:44:35 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 01:44:33 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 01:44:31 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 01:44:29 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 01:44:28 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 01:44:26 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 01:44:24 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 01:31:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Search Protect Service service, but this action failed with the following error: 
%%1058
 
Error: (04/12/2015 01:31:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Search Protect Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 20000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (03/23/2013 08:39:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/23/2013 08:28:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/23/2013 08:28:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/23/2013 08:27:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2013 09:13:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2013 08:55:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 56 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/08/2011 06:36:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (09/26/2011 10:42:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 192 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/20/2008 05:37:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 3881 seconds with 120 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E6850 @ 3.00GHz
Percentage of memory in use: 52%
Total physical RAM: 3070.42 MB
Available physical RAM: 1450.93 MB
Total Pagefile: 5980.52 MB
Available Pagefile: 4376.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.61 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:372.6 GB) (Free:32.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (F1_2010) (CDROM) (Total:5.62 GB) (Free:0 GB) UDF
Drive i: () (Fixed) (Total:139.73 GB) (Free:102.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: 00E700E6)
Partition 1: (Active) - (Size=372.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 139.7 GB) (Disk ID: E01AE01A)
Partition 1: (Not Active) - (Size=139.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by Thriller2, 12 April 2015 - 07:58 AM.


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 AM

Posted 12 April 2015 - 08:46 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
windows_xp_logo.jpg Windows XP notes

I've noticed that you're a Windows XP user. I need to tell you that my canned speeches (texts I use to present instructions) are designed for newer systems in first place. Therefore, whenever you will see a request to Run as Administrator, please ignore it and instead run the tool just by a double-click on the aforementioned icon.

warning.gif Windows XP end of support warning!

As 8th of April 2014 has passed, this Operating System is not longer supported by the Microsoft.
Any patches, updates or security releases are ceased for this System.This is just an information for you if not aware.
My recommendation would be to start thinking about replacing it with some newer edition, like Windows Vista, Windows 7 or Windows 8.

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Search Protect
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Thriller2

Thriller2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 12 April 2015 - 09:42 AM

Thanks for your prompt reply Jurgen!

 

I am aware of the Win XP differences so don't worry about it. I was running MBAM before you posted your reply so I am posting those results even though I didn't have Scan for Rootkits enabled. It takes a long time so I was hoping you can shed some light in the meantime. Thank you lots.

 

# AdwCleaner v4.201 - Logfile created 12/04/2015 at 15:29:41
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : John - JOHN
# Running from : C:\Documents and Settings\John\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater18.4.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\John\Application Data\AceWebExtension
[!] Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\Layers\VC32Ldr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionSetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SearchProtectionStub.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iLivid.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\SetupDataMngr_iMesh.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AceStream
Key Deleted : HKLM\SOFTWARE\AVG Nation toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AceStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 62.82.84.1:8082
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mfhnkgpdlogbknkhlgdjlejeljbhflim
 
*************************
 
AdwCleaner[R0].txt - [8166 bytes] - [12/04/2015 15:10:09]
AdwCleaner[R1].txt - [7441 bytes] - [12/04/2015 15:28:39]
AdwCleaner[S0].txt - [7314 bytes] - [12/04/2015 15:29:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7373  bytes] ##########
 
 
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/04/2015
Scan Time: 14:27:05
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.12.02
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320987
Time Elapsed: 53 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1220945662-179605362-839522115-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [c6ec7cefa8e2fc3a4d8ec476db283cc4], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gt, Quarantined, [7b374a211d6d9e98e4b8bf29fb08ce32], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.MyFreeze.A, HKLM\SOFTWARE\Freeze.com, Quarantined, [eec485e64545af8789102fa20bf829d7], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [486ac0abec9e5bdbb750ae9a0203966a], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT, Quarantined, [c2f00368adddd95dcea2d11d1ae9b848], 
 
Registry Values: 4
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT|InstallDir, C:\PROGRA~1\SearchProtect, Quarantined, [c2f00368adddd95dcea2d11d1ae9b848]
PUP.Optional.Trovi.A, HKU\S-1-5-21-1220945662-179605362-839522115-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://www.trovi.com/Results.aspx?gd=&ctid=CT3319733&octid=EB_ORIGINAL_CTID&ISID=MDD1F421B-BA75-4A18-A74F-50B2E741DD62&SearchSource=58&CUI=&UM=8&UP=SPF8EF948D-31C2-4867-8564-E41CC86F3E62&q={searchTerms}&SSPV=, Quarantined, [149e0f5c85055dd981cae86b16efb947]
PUP.Optional.Conduit.A, HKU\S-1-5-21-1220945662-179605362-839522115-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, Quarantined, [a70b7cef92f8af877a22ad10ff04619f]
PUP.Optional.Trovi.A, HKU\S-1-5-21-1220945662-179605362-839522115-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi search, Quarantined, [01b152192961e74fb09bc09364a16d93]
 
Registry Data: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll, Good: (), Bad: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll),Replaced,[a909d398e2a80e283cc20daf03fef30d]
 
Folders: 30
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect, Delete-on-Reboot, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect, Delete-on-Reboot, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin, Delete-on-Reboot, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\rep, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI, Delete-on-Reboot, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin, Delete-on-Reboot, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\rep, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect, Delete-on-Reboot, [04aedb90f199979f2cee8219946f48b8], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect\SearchProtect, Delete-on-Reboot, [04aedb90f199979f2cee8219946f48b8], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect\SearchProtect\rep, Quarantined, [04aedb90f199979f2cee8219946f48b8], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect\SearchProtect\STG, Quarantined, [04aedb90f199979f2cee8219946f48b8], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect\UI, Quarantined, [04aedb90f199979f2cee8219946f48b8], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect\UI\rep, Quarantined, [04aedb90f199979f2cee8219946f48b8], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect, Quarantined, [288abcaf3654f343ae6cfe9d7e85c739], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect\SearchProtect, Quarantined, [288abcaf3654f343ae6cfe9d7e85c739], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect\SearchProtect\rep, Quarantined, [288abcaf3654f343ae6cfe9d7e85c739], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect, Quarantined, [fbb798d3bccecb6ba971ebb060a3fd03], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect\SearchProtect, Quarantined, [fbb798d3bccecb6ba971ebb060a3fd03], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect\SearchProtect\rep, Quarantined, [fbb798d3bccecb6ba971ebb060a3fd03], 
 
Files: 99
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe, Delete-on-Reboot, [90225d0e5a30241243bb4775ff0218e8], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin\cltmngui.exe, Delete-on-Reboot, [6e44600b42481f17b34bd0ec54ad01ff], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll, Quarantined, [a909d398e2a80e283cc20daf03fef30d], 
PUP.Optional.SearchProtect.A, C:\RECYCLER\S-1-5-21-1220945662-179605362-839522115-1003\Dc1\pbqrmvbub, Quarantined, [644e5417800aa1950ef09725c0414bb5], 
PUP.Optional.SearchProtect.A, C:\WINDOWS\AppPatch\nbin\VC32Loader.dll, Quarantined, [09a985e61c6e49ed3fbfac1011f0d42c], 
PUP.Optional.SearchProtect.A, C:\WINDOWS\Tasks\avaavxvyex.job, Quarantined, [486ae586c9c191a505518d39966db947], 
PUP.Optional.Sanbreel.A, C:\WINDOWS\system32\drivers\{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gt.sys, Quarantined, [7b374a211d6d9e98e4b8bf29fb08ce32], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\EULA.txt, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1420751044703, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1422996124562, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1423600595937, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1424358980062, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1426709405843, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1426984925140, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1427227289531, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\uninstall.exe, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\uninstall.pun, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\cfi.bin, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\edk.bin, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\pni.bin, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\trn.bin, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\RN32.dll, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPtool64.exe, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC32.dll, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC64.dll, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings.html, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\style.css, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.css, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.html, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\defaults.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def-grey.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-dia.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\DialogAPI.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [ded4bab144468da9e8ff0f1fac597c84], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [04aedb90f199979f2cee8219946f48b8], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [04aedb90f199979f2cee8219946f48b8], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [04aedb90f199979f2cee8219946f48b8], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\John\Local Settings\Application Data\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [04aedb90f199979f2cee8219946f48b8], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [288abcaf3654f343ae6cfe9d7e85c739], 
PUP.Optional.SearchProtect.A, C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [fbb798d3bccecb6ba971ebb060a3fd03], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2015
Ran by John (administrator) on JOHN on 12-04-2015 15:38:21
Running from C:\Documents and Settings\John\Desktop
Loaded Profiles: John (Available profiles: John)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United 
 
States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Maxthon4\Bin\Maxthon.exe" 
 
"%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 
 
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device 
 
Support\AppleMobileDeviceService.exe
(cyberlink) C:\Program Files\CyberLink\Shared Files\brs.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cerulean Studios) C:\Program Files\Trillian\trillian.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Solid Documents, LLC) C:\WINDOWS\Installer\MSI8C.tmp
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Trillian\plugins\skypekit.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgdumpx.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\fixcfg.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgdiagex.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. 
 
The file will not be moved.)
 
HKLM\...\Run: [JMB36X IDE Setup] => C:\WINDOWS\JM\JMInsIDE.exe [36864 2006-10-30] ()
HKLM\...\Run: [36X Raid Configurer] => C:\WINDOWS\system32\JMRaidSetup.exe [1953792 2007-02-06] 
 
(Gigabyte Technology Corp.)
HKLM\...\Run: [P17Helper] => Rundll32 P17.dll,P17Helper
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [56080 
 
2007-04-11] (Logitech Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe 
 
bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device 
 
Support\AppleSyncNotifier.exe [47392 2010-03-16] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe 
 
[248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-04-02] 
 
(cyberlink)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 
 
2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-08-26] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple 
 
Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 
 
9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 
 
2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application 
 
Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 
 
2015-04-11] (Avast Software s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] 
 
(Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG 
 
Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [H/PC Connection Agent] => C:\Program 
 
Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [MyDriveConnect.exe] => C:\Program 
 
Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows 
 
Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [AceWebException] => C:\Documents and 
 
Settings\John\Application Data\AceWebExtension\updater\ace_web_extension.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech 
 
Inc.)
Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program 
 
Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to 
 
default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1220945662-179605362-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: 
 
Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start 
 
Page = 
 
 
18eb90b-dc5fa2e1e72bbe4e1a511e1f9e8542de4064cf77&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d
 
=2015-04-12 13:40:15&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search 
 
Page = 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search 
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{5F4764C9-A953-44D8-BA81-4C334ADB8090} URL = 
 
 
=&toolid=10001&campid=5336017972&type=3
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035} URL = 
 
 
e=9325&linkCode=ur2&ie=UTF-8
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{7E8A4B92-CE05-4B40-92D2-4B8A0F636CD5} URL = 
 
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
 
 
1450a218eb90b-dc5fa2e1e72bbe4e1a511e1f9e8542de4064cf77&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&p
 
r=fr&d=2015-04-12 13:40:15&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common 
 
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program 
 
Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft 
 
Corporation)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program 
 
Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll [2009-11-03] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program 
 
Files\Java\jre6\bin\jp2ssv.dll [2010-09-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program 
 
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-08] (Sun Microsystems, Inc.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} 
 
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} 
 
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} 
 
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} 
 
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 
 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} 
 
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - 
 
C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll 
 
[2014-02-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS 
 
Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google 
 
Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll 
 
[2014-01-06] (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll 
 
[2010-09-08] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows 
 
Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program 
 
Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program 
 
Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] 
 
(Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> 
 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application 
 
Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> 
 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application 
 
Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1220945662-179605362-839522115-1003: 
 
@acestream.net/acestreamplugin,version=3.0.2 -> C:\Documents and Settings\John\Application 
 
Data\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1220945662-179605362-839522115-1003: @Google.com/GoogleEarthPlugin -> 
 
C:\Documents and Settings\John\Local Settings\Application Data\Google\Google 
 
Earth\plugin\npgeplugin.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - 
 
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows 
 
Presentation Foundation\DotNetAssistantExtension [2009-05-04]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-09-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-21]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Google Drive) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21]
CHR Extension: (YouTube) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21]
CHR Extension: (Google Search) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\John\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\John\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Gmail) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST 
 
Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file 
 
will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-11] (Avast 
 
Software s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG 
 
Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, 
 
s.r.o.)
S2 gupdate1c98578cbd7373e; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-25] 
 
(Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-09-08] (Sun 
 
Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-05-24] (Lexmark International, Inc.)
R2 SCPDFReadSpool; C:\WINDOWS\Installer\MSI8C.tmp [189760 2014-05-06] (Solid Documents, LLC)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-12] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file 
 
will not be moved unless listed separately.)
 
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2008-07-26] (Meetinghouse Data 
 
Communications) [File not signed]
S3 AF05BDA; C:\WINDOWS\System32\drivers\AF05BDA.sys [133504 2006-03-02] (AfaTech                  
 
)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-11] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-04-11] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-11] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-11] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-04-11] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427736 2015-04-11] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-11] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208024 2015-04-11] ()
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, 
 
s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [209376 2015-03-25] (AVG 
 
Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, 
 
s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies 
 
CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, 
 
s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, 
 
s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, 
 
s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, 
 
s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, 
 
s.r.o.)
S3 Belkin700F; C:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys [303616 2006-10-19] (Belkin Corporation.   
 
                       )
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DCamUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emDevice.sys [100957 2004-04-06] (eMPIA Technology, 
 
Inc.)
S3 emAudio; C:\WINDOWS\System32\drivers\emAudio.sys [19712 2004-04-26] (eMPIA Technology, Inc.)
R3 fcdabus; C:\WINDOWS\System32\DRIVERS\fcdabus.sys [17840 2006-11-09] (FarStone Inc.)
S3 FiltUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emFilter.sys [5245 2004-04-06] (eMPIA Technology, 
 
Inc.)
R3 fsRamDsk; C:\WINDOWS\System32\DRIVERS\fsRamDsk.sys [37120 2006-11-09] () [File not signed]
R0 FVXSCSI; C:\WINDOWS\System32\DRIVERS\fvxscsi.sys [81944 2007-01-26] (FarStone Inc.)
S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2007-10-05] (Windows ® 2000 DDK provider)
R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [44928 2007-02-16] (JMicron Technology Corp.)
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28688 2007-04-11] (Logitech, Inc.)
S3 LwUsbHid; C:\WINDOWS\System32\DRIVERS\LwUsbHid.sys [22848 2001-08-17] (Logitech Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 OVT511Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision 
 
Technologies, Inc.) [File not signed]
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1389056 2005-07-07] (Creative Technology Ltd.)
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [483968 2007-07-28] (Ralink Technology, Corp.)
S3 RTL2831UBDA; C:\WINDOWS\System32\drivers\RTL2831UBDA.sys [94112 2008-01-31] (REALTEK 
 
SEMICONDUCTOR Corp.)
S3 RTL2831UUSB; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys [32800 2008-01-31] (REALTEK 
 
SEMICONDUCTOR Corp.)
S3 SbcpHid; C:\WINDOWS\system32\Drivers\SbcpHid.sys [22400 2001-08-23] () [File not signed]
S3 ScanUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emScan.sys [4493 2004-04-06] (eMPIA Technology, Inc.)
S3 SjyPkt; C:\WINDOWS\System32\Drivers\SjyPkt.sys [13532 2002-10-02] (Windows ® 2000 DDK 
 
provider) [File not signed]
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [361728 2007-01-29] (eMPIA Technology, Inc.) 
 
[File not signed]
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [39680 2007-01-29] (eMPIA Technology, Inc.) 
 
[File not signed]
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
S3 WmUsbHid; C:\WINDOWS\System32\drivers\WmUsbHid.sys [22944 2004-05-19] (Logitech Inc.) [File not 
 
signed]
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl 
 
[87536 2010-04-02] (CyberLink Corp.)
S3 catchme; \??\C:\commy\catchme.sys [X]
S3 GTNDIS5; \??\C:\PROGRA~1\Belkin\F5D900~1\GTNDIS5.SYS [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file 
 
could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 15:38 - 2015-04-12 15:39 - 00025240 _____ () C:\Documents and 
 
Settings\John\Desktop\FRST.txt
2015-04-12 15:34 - 2015-04-12 15:35 - 00007386 _____ () C:\Documents and 
 
Settings\John\Desktop\AdwCleaner[S0].txt
2015-04-12 15:31 - 2015-04-12 15:31 - 00000340 _____ () C:\avenger.txt
2015-04-12 15:27 - 2015-04-12 15:35 - 00022195 _____ () C:\Documents and 
 
Settings\John\Desktop\mbam.txt
2015-04-12 15:15 - 2015-04-12 15:15 - 02217984 _____ () C:\Documents and 
 
Settings\John\Desktop\adwcleaner_4.201.exe
2015-04-12 15:15 - 2015-04-12 15:15 - 01135104 _____ (Farbar) C:\Documents and 
 
Settings\John\Desktop\FRST.exe
2015-04-12 15:09 - 2015-04-12 15:30 - 00000000 ____D () C:\AdwCleaner
2015-04-12 14:59 - 2015-04-12 14:59 - 00000917 _____ () C:\Documents and 
 
Settings\John\Desktop\Revo Uninstaller.lnk
2015-04-12 14:59 - 2015-04-12 14:59 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-12 14:41 - 2015-04-12 14:41 - 00350080 _____ (AVAST Software) C:\Documents and 
 
Settings\John\Desktop\aswCmnBS.dll
2015-04-12 14:26 - 2015-04-12 14:26 - 00119512 _____ (Malwarebytes Corporation) 
 
C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 14:26 - 2015-04-12 14:26 - 00000777 _____ () C:\Documents and Settings\All 
 
Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-12 14:26 - 2015-04-12 14:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-12 14:26 - 2015-04-12 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Malwarebytes Anti-Malware
2015-04-12 14:26 - 2015-03-17 06:15 - 00120024 _____ (Malwarebytes Corporation) 
 
C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-12 14:26 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) 
 
C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-12 14:25 - 2015-04-12 14:25 - 21540440 _____ (Malwarebytes Corporation ) C:\Documents and 
 
Settings\John\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-12 14:13 - 2009-07-12 00:05 - 00225280 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcm90.dll
2015-04-12 14:13 - 2009-07-12 00:05 - 00059904 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfcm90u.dll
2015-04-12 14:13 - 2009-07-12 00:05 - 00059904 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfcm90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 03780424 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90u.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 03765048 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00653120 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcr90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00569664 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcp90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00159032 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\atl90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00063296 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90deu.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00062800 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90fra.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00061776 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90esn.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00061760 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90esp.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00061264 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90ita.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00059728 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90rus.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00053568 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90enu.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00051008 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\vcomp90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00043344 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90jpn.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00042832 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90kor.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00036688 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90cht.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00035648 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90chs.dll
2015-04-12 14:13 - 2006-12-02 01:46 - 00065536 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\vcomp.dll
2015-04-12 14:13 - 2006-12-02 01:26 - 00057856 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfcm80u.dll
2015-04-12 14:13 - 2006-12-02 01:25 - 01101824 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80.dll
2015-04-12 14:13 - 2006-12-02 01:25 - 01093120 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80u.dll
2015-04-12 14:13 - 2006-12-02 01:25 - 00069632 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfcm80.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00065536 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80DEU.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00061440 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80ITA.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00061440 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80FRA.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00061440 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80ESP.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00057344 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80ENU.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00049152 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80KOR.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00049152 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80JPN.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00045056 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80CHT.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00040960 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80CHS.dll
2015-04-12 14:13 - 2006-12-01 23:56 - 00096256 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\ATL80.dll
2015-04-12 14:13 - 2006-12-01 23:54 - 00626688 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcr80.dll
2015-04-12 14:13 - 2006-12-01 23:54 - 00548864 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcp80.dll
2015-04-12 14:13 - 2006-12-01 23:54 - 00479232 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcm80.dll
2015-04-12 13:59 - 2015-04-12 14:01 - 00000000 ____D () C:\Documents and 
 
Settings\John\Desktop\workdir
2015-04-12 13:44 - 2015-04-12 15:38 - 00000000 ____D () C:\FRST
2015-04-12 13:40 - 2015-04-12 15:29 - 00000168 _____ () C:\WINDOWS\system32\debug.log
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\John\Local 
 
Settings\Application Data\AVG Web TuneUp
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\John\Application 
 
Data\AVG Web TuneUp
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\All 
 
Users\Application Data\AVG Web TuneUp
2015-04-12 13:39 - 2015-04-12 13:40 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-04-12 13:31 - 2015-04-12 13:31 - 00000000 ____D () C:\Documents and Settings\John\Application 
 
Data\AVG2015
2015-04-12 13:30 - 2015-04-12 13:30 - 00000702 _____ () C:\Documents and Settings\All 
 
Users\Desktop\AVG 2015.lnk
2015-04-12 13:30 - 2015-04-12 13:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start 
 
Menu\Programs\AVG
2015-04-12 13:29 - 2015-04-12 13:30 - 00000000 ____D () C:\Documents and Settings\All 
 
Users\Application Data\AVG2015
2015-04-12 13:29 - 2015-04-12 13:29 - 00007235 _____ () C:\WINDOWS\setupapi.log
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ___HD () C:\$AVG
2015-04-12 13:23 - 2015-04-12 13:37 - 00000000 ____D () C:\Documents and Settings\All 
 
Users\Application Data\MFAData
2015-04-12 13:23 - 2015-04-12 13:31 - 00000000 ____D () C:\Documents and Settings\John\Local 
 
Settings\Application Data\Avg2015
2015-04-12 13:23 - 2015-04-12 13:23 - 04818760 _____ (AVG Technologies) C:\Documents and 
 
Settings\John\Desktop\avg_free_stb_all_5863p1_177.exe
2015-04-12 13:23 - 2015-04-12 13:23 - 00000000 ____D () C:\Documents and Settings\John\Local 
 
Settings\Application Data\MFAData
2015-04-12 13:10 - 2015-04-12 13:10 - 00001689 _____ () C:\Documents and Settings\All 
 
Users\Desktop\Avast Free Antivirus.lnk
2015-04-12 13:10 - 2015-04-12 13:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Google Chrome
2015-04-12 13:07 - 2015-04-11 16:09 - 00291312 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\aswBoot.exe
2015-04-11 16:10 - 2015-04-11 16:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start 
 
Menu\Programs\AVAST Software
2015-04-11 16:09 - 2015-04-11 16:09 - 00043112 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\avastSS.scr
2015-04-05 20:39 - 2015-04-05 20:39 - 00062158 _____ () C:\Documents and 
 
Settings\John\Desktop\RealFeel101612.rar
2015-04-05 12:20 - 2015-04-11 12:36 - 00000000 ____D () C:\Documents and 
 
Settings\John\Desktop\Heaving airfoil Toni
2015-04-02 08:51 - 2015-04-01 21:08 - 06821496 _____ (TomTom International B.V.) C:\Documents and 
 
Settings\John\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2015-03-25 11:24 - 2015-03-25 11:24 - 00209376 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-03-21 13:37 - 2015-03-21 13:37 - 00000116 _____ () C:\WINDOWS\ConverterCore.INI
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 15:40 - 2007-10-05 14:20 - 00000000 ____D () C:\Documents and Settings\John\Local 
 
Settings\Temp
2015-04-12 15:38 - 2007-10-05 14:15 - 01417741 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-12 15:35 - 2014-07-21 23:10 - 00000326 ____H () C:\WINDOWS\Tasks\avast! Emergency 
 
Update.job
2015-04-12 15:33 - 2007-10-05 15:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-12 15:33 - 2007-10-05 15:10 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-04-12 15:32 - 2009-07-01 00:59 - 00000882 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 15:32 - 2007-10-05 14:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-12 15:31 - 2009-04-03 18:30 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2015-04-12 15:30 - 2014-07-20 23:27 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat
2015-04-12 15:30 - 2007-10-05 14:19 - 00032618 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-12 15:27 - 2008-12-18 23:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960714$
2015-04-12 14:52 - 2009-07-01 00:59 - 00000886 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 14:43 - 2014-02-07 21:38 - 00000998 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-04-12 14:10 - 2011-07-31 20:01 - 00000000 ____D () C:\Program Files\Trillian
2015-04-12 13:45 - 2007-10-06 11:38 - 00012831 _____ () C:\Documents and 
 
Settings\John\Desktop\notes.txt
2015-04-12 13:28 - 2009-03-30 00:34 - 00000000 ____D () C:\Program Files\AVG
2015-04-12 13:09 - 2007-11-04 15:10 - 00000000 ____D () C:\Program Files\Google
2015-04-12 12:55 - 2004-08-04 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-12 01:10 - 2014-10-18 15:57 - 00000000 ____D () C:\Documents and Settings\John\Application 
 
Data\.ACEStream
2015-04-11 20:43 - 2014-02-07 21:38 - 00000946 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-04-11 16:15 - 2014-10-18 15:57 - 00000000 ___HD () C:\_acestream_cache_
2015-04-11 16:09 - 2014-07-21 23:07 - 00788272 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00427736 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00208024 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00073440 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00057888 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00055200 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-07 23:17 - 2015-01-31 12:44 - 00020307 _____ () C:\Documents and 
 
Settings\John\Desktop\hackdiet_db.csv
2015-04-05 19:02 - 2011-04-18 23:41 - 00027186 _____ () C:\Documents and Settings\John\My 
 
Documents\££.xlsx
2015-04-02 08:52 - 2007-10-05 15:08 - 00513676 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-29 23:00 - 2007-11-03 19:27 - 00000000 ____D () C:\Documents and Settings\John\Application 
 
Data\Skype
2015-03-25 21:32 - 2012-09-02 19:39 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-24 21:07 - 2007-10-05 15:07 - 00189425 _____ () C:\WINDOWS\setupact.log
2015-03-21 11:53 - 2014-09-28 09:43 - 00000000 ___RD () C:\Program Files\Skype
2015-03-21 11:53 - 2007-11-03 19:27 - 00000000 ____D () C:\Documents and Settings\All 
 
Users\Application Data\Skype
 
==================== Files in the root of some directories =======
 
2009-08-09 19:43 - 2009-08-09 19:43 - 0002528 _____ () C:\Documents and Settings\John\Application 
 
Data\$_hpcst$.hpc
2009-11-10 12:48 - 2009-11-10 12:48 - 23373120 _____ (Solid Documents, LLC) C:\Documents and 
 
Settings\John\Application Data\solidconverterpdf.exe
2007-10-28 20:52 - 2015-01-11 14:09 - 0179200 _____ () C:\Documents and Settings\John\Local 
 
Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-29 21:11 - 2013-01-29 21:11 - 0026900 _____ () C:\Documents and Settings\John\Local 
 
Settings\Application Data\dt.dat
 
Some content of TEMP:
====================
C:\Documents and Settings\John\Local Settings\Temp\adwcleaner_4.201.exe
C:\Documents and Settings\John\Local Settings\Temp\avast_free_antivirus_setup_online_cnet.exe
C:\Documents and Settings\John\Local Settings\Temp\FRST.exe
C:\Documents and Settings\John\Local Settings\Temp\parctmp.exe
C:\Documents and Settings\John\Local Settings\Temp\powarc150106.exe
C:\Documents and Settings\John\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\John\Local Settings\Temp\revosetup.exe
C:\Documents and Settings\John\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\John\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2015
Ran by John at 2015-04-12 15:40:59
Running from C:\Documents and Settings\John\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The 
 
adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe 
 
Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe 
 
Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 
 
- Vantage Software Technologies)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple 
 
Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - 
 
Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - 
 
Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4328 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bahrain International Circuit by CTDP V2.0 BETA 
 
(HKLM\...\{F72CC350-CDF1-47AF-A474-4E2404EBBEB9}_is1) (Version: 2.0 - Cars & Tracks Development 
 
Project)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cambridge Advanced Learner's Dictionary (HKLM\...\Cambridge Advanced Learner's Dictionary) 
 
(Version:  - )
CDDRV_Installer (Version: 1.00.0000 - Logitech) Hidden
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version:  - )
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 
 
10.0.1705 - CyberLink Corp.)
DiRT (HKLM\...\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}) (Version: 1.00.0000 - Codemasters)
F1 2010 (HKLM\...\GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}) (Version: 1.0.0000.132 - 
 
Codemasters)
F1 2010 (Version: 1.0.0000.132 - Codemasters) Hidden
F1 2010 (Version: 1.0.0001.132 - Codemasters) Hidden
F1 2011 (HKLM\...\Steam App 44360) (Version:  - Codemasters Birmingham)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Gigabyte Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - 
 
Gigabyte Technology Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Grand Prix 4 (HKLM\...\{C7D27207-0F86-4B6F-859C-21800A2C592E}) (Version:  - )
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 
 
010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 2 Runtime Environment, SE v1.4.2_15 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142150}) 
 
(Version: 1.4.2_15 - Sun Microsystems, Inc.)
Java™ 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Java™ 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun 
 
Microsystems, Inc.)
KhalInstallWrapper (Version: 4.00.121 - Logitech) Hidden
Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version:  - )
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 
 
- Logitech)
Logitech SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 4.00 - Logitech)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 
 
2.1.4.1018 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) 
 
(Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) 
 
(Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - 
 
Microsoft Corporation)
Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - 
 
Microsoft Corporation)
Microsoft Bookshelf en Español (HKLM\...\Bookshelf96E) (Version:  - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - 
 
Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable 
 
(HKLM\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) 
 
(Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) 
 
(HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
 
) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft 
 
Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft 
 
Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 
 
(HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{51F96AEC-D902-4434-A0DC-B9692A21AE7C}) (Version: 3.0.0.101 - 
 
Apple Inc.)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - 
 
Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - 
 
Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - 
 
Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 
 
6.10.1200.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero 
 
AG)
NVIDIA Graphics Driver 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) 
 
(Version: 260.99 - NVIDIA Corporation)
NVIDIA nView 135.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 
 
135.36 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 
 
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA 
 
Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PatchBeam (HKLM\...\PatchBeam) (Version: 1.20 - ConeXware, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerArchiver 2015 (HKLM\...\PowerArchiver 2015 15.00.42) (Version: 15.00.42 - ConeXware, Inc.)
PowerArchiver 2015 (Version: 15.00.42 - ConeXware, Inc.) Hidden
Public Edition Version 2.1 patch. You must have 2.0 installed p 
 
(HKLM\...\{E475BD43-9722-4FAE-BFBE-B8061C34583C}_is1) (Version:  - Mak Modding Group)
Quicken 2013 (HKLM\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.11.31 - Intuit)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Rapture3D 2.4.9 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue 
 
Ripple Sound)
Real Alternative 1.52 (HKLM\...\RealAlt_is1) (Version: 1.52 - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) 
 
(Version: 1.08.0000 - Realtek)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
rFactor (remove only) (HKLM\...\rFactor) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 
 
1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype 
 
Technologies S.A.)
Solid Converter PDF (HKLM\...\{56BFAA6E-2BCC-4AED-9233-84731E66B205}) (Version: 6.0.669.0 - 
 
SolidDocuments)
SopCast 3.8.3 (HKLM\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Sound Blaster Audigy (HKLM\...\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}) (Version: 1.0 - )
SPB Backup (HKLM\...\SPB Backup) (Version:  - )
SPB Backup 2.1.0 (HKLM\...\SPB Backup_is1) (Version:  - SPB Software)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) 
 
(Version: 9.0.0 - Adobe Systems Incorporated)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TrackMania United DVD Patch 2006-12-15 (HKLM\...\TmUnited_is1) (Version:  - Nadeo)
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
Tv Style Beta 0.9 (HKLM\...\rF Tv Style_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) 
 
(HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
 
) (Version:  - Microsoft)
V8Factor Season 2006 (HKLM\...\V8Factor Season 2006) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VirtualDrive Pro (HKLM\...\{EEE22184-B53C-4B87-9F5B-53638160B966}) (Version: 11.10 - FarStone 
 
Technology Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) 
 
(Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 
 
- TomTom International B.V.)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 
 
1.0 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 
 
6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 Hotfix - KB894476 (HKLM\...\KB894476) (Version:  - Microsoft Corporation)
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Mobile Resources (HKLM\...\Windows Mobile Device Handbook) (Version: 1.0 - Microsoft 
 
Corporation)
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft 
 
Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will 
 
not be moved.)
 
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{0002DF01-0000-0000-C000-0000000000
 
46}\localserver32 -> C:\Program Files\Maxthon4\Bin\Maxthon.exe (Maxthon International ltd.)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D5241
 
36}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5
 
CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8D
 
C0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE
 
0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251
 
E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{B7125B4E-CA73-47f1-AEAA-6B3EFA553F
 
5A}\InprocServer32 -> C:\Program Files\Trillian\events.dll (Cerulean Studios)
CustomCLSID: 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7
 
A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
 
==================== Restore Points  =========================
 
ATTENTION: System Restore is disabled.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 13:00 - 2014-07-21 20:02 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is 
 
running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software 
 
Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST 
 
Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program 
 
Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program 
 
Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => 
 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application 
 
Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => 
 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application 
 
Data\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-12 13:39 - 2015-04-12 13:39 - 00620056 ____N () C:\Program Files\AVG Web 
 
TuneUp\WtuSystemSupport.exe
2015-04-12 13:07 - 2015-04-12 13:07 - 00104400 _____ () C:\Program Files\AVAST 
 
Software\Avast\log.dll
2014-05-06 20:58 - 2009-10-23 21:20 - 00027456 _____ () C:\WINDOWS\system32\solidlocalmon.dll
2005-05-03 12:38 - 2005-05-03 12:38 - 00064512 ____R () C:\WINDOWS\system32\P17.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple 
 
Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple 
 
Application Support\libxml2.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files\MyDrive 
 
Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files\MyDrive 
 
Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files\MyDrive 
 
Connect\TomTomSupporterProxy.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00059904 _____ () C:\Program Files\Trillian\zlib1.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00187392 _____ () C:\Program Files\Trillian\libpng15.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00006656 _____ () c:\program 
 
files\trillian\languages\en\trillian.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00065536 _____ () C:\Program Files\Trillian\libungif.dll
2004-08-04 13:00 - 2008-04-14 01:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 13:00 - 2008-04-14 01:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00003584 _____ () c:\program 
 
files\trillian\languages\en\toolkit.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00006656 _____ () c:\program 
 
files\trillian\languages\en\events.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00010752 _____ () c:\program 
 
files\trillian\languages\en\buddy.dll
2014-12-18 01:00 - 2014-12-18 01:00 - 00007168 _____ () c:\program 
 
files\trillian\languages\en\talk.dll
2010-11-13 12:51 - 2003-07-17 17:57 - 00091136 _____ () c:\documents and settings\John\application 
 
data\trillian\plugins\calendar_v0.8.dll
2010-11-13 19:26 - 2006-07-30 02:52 - 00233472 _____ () c:\documents and settings\John\application 
 
data\trillian\plugins\bdc.dll
2014-08-21 09:10 - 2014-10-10 23:25 - 10809344 _____ () c:\program 
 
files\trillian\plugins\skypekit.exe
2014-10-18 11:24 - 2014-09-11 04:19 - 00258944 _____ () C:\Program Files\Maxthon4\bin\Maxzlib.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 00258944 _____ () C:\Program Files\Maxthon4\Bin\maxzlib.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 00247096 _____ () C:\Program 
 
Files\Maxthon4\Addons\Mobile\MxMobile.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 00887064 _____ () C:\Program 
 
Files\Maxthon4\Core\Webkit\libglesv2.dll
2014-10-18 11:24 - 2014-09-11 04:19 - 00109336 _____ () C:\Program 
 
Files\Maxthon4\Core\Webkit\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" 
 
will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will 
 
be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common 
 
Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogitechCommunicationsManager => "C:\Program Files\Common 
 
Files\LogiShrd\LComMgr\Communications_Helper.exe"
MSCONFIG\startupreg: LVCOMSX => "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RAMDrive => "C:\Program Files\VirtualDrive\VHD\RDTask.exe"
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming 
 
Software\LWEMon.exe /noui
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\UpdReg.EXE
MSCONFIG\startupreg: VirtualDrive => "C:\Program Files\VirtualDrive\VDTask.exe" /AutoRestore
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1220945662-179605362-839522115-500 - Administrator - Enabled)
Guest (S-1-5-21-1220945662-179605362-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1220945662-179605362-839522115-1000 - Limited - Disabled)
John (S-1-5-21-1220945662-179605362-839522115-1003 - Administrator - Enabled) => 
 
%SystemDrive%\Documents and Settings\John
SUPPORT_388945a0 (S-1-5-21-1220945662-179605362-839522115-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/12/2015 03:38:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgidsagent.exe, version 15.0.0.5863, faulting module ntdll.dll, 
 
version 5.1.2600.6055, fault address 0x00001de6.
Processing media-specific event for [avgidsagent.exe!ws!]
 
Error: (04/12/2015 03:38:18 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\JMRaidSetup.exe for one of the 
 
following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the 
 
storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program JMRaidSetup.exe because of this error.
 
Program: JMRaidSetup.exe
File: C:\WINDOWS\system32\JMRaidSetup.exe
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the 
 
server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is 
 
fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type 
 
CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be 
 
damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (04/12/2015 02:03:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgidsagent.exe, version 15.0.0.5863, faulting module ntdll.dll, 
 
version 5.1.2600.6055, fault address 0x00001de6.
Processing media-specific event for [avgidsagent.exe!ws!]
 
Error: (04/12/2015 02:03:23 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\JMRaidSetup.exe for one of the 
 
following reasons: 
there is a problem with the network connection, the disk that the file is stored on, or the 
 
storage 
drivers installed on this computer; or the disk is missing. 
Windows closed the program JMRaidSetup.exe because of this error.
 
Program: JMRaidSetup.exe
File: C:\WINDOWS\system32\JMRaidSetup.exe
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again. 
This situation might be a temporary problem that corrects itself when the program runs again.
2. 
If the file still cannot be accessed and
- It is on the network, 
your network administrator should verify that there is not a problem with the network and that the 
 
server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is 
 
fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type 
 
CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be 
 
damaged. If it is a hard disk, contact your administrator or computer hardware vendor for 
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (04/06/2015 07:58:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application trillian.exe, version 5.5.0.19, hang module hungapp, version 
 
0.0.0.0, hang address 0x00000000.
 
Error: (04/06/2015 07:54:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application trillian.exe, version 5.5.0.19, hang module hungapp, version 
 
0.0.0.0, hang address 0x00000000.
 
Error: (02/22/2015 10:23:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ace_player.exe, version 2.2.3.0, faulting module 
 
libqt4_plugin.dll, version 0.0.0.0, fault address 0x00580a0a.
Processing media-specific event for [ace_player.exe!ws!]
 
Error: (02/11/2015 10:32:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Maxthon.exe, version 4.4.3.4000, hang module hungapp, version 
 
0.0.0.0, hang address 0x00000000.
 
Error: (01/24/2015 04:01:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SopCast.exe, version 3.8.3.501, hang module hungapp, version 
 
0.0.0.0, hang address 0x00000000.
 
Error: (01/24/2015 03:58:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SopCast.exe, version 3.8.3.501, hang module hungapp, version 
 
0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (04/12/2015 03:37:33 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 03:36:02 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 03:36:00 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 03:35:58 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 03:35:56 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 03:35:55 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 03:35:53 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 03:35:51 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 03:35:49 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/12/2015 03:35:47 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
 
 
Microsoft Office Sessions:
=========================
Error: (03/23/2013 08:39:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 
 
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 
 
seconds of active time.  This session ended with a crash.
 
Error: (03/23/2013 08:28:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 
 
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 
 
seconds of active time.  This session ended with a crash.
 
Error: (03/23/2013 08:28:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 
 
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 
 
seconds of active time.  This session ended with a crash.
 
Error: (03/23/2013 08:27:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 
 
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27 seconds with 0 
 
seconds of active time.  This session ended with a crash.
 
Error: (02/20/2013 09:13:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 
 
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 
 
seconds of active time.  This session ended with a crash.
 
Error: (02/20/2013 08:55:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 
 
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 56 seconds with 0 
 
seconds of active time.  This session ended with a crash.
 
Error: (10/08/2011 06:36:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 
 
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 23 seconds with 0 
 
seconds of active time.  This session ended with a crash.
 
Error: (09/26/2011 10:42:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 
 
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 192 seconds with 0 
 
seconds of active time.  This session ended with a crash.
 
Error: (01/20/2008 05:37:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 
 
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 3881 seconds with 
 
120 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E6850 @ 3.00GHz
Percentage of memory in use: 35%
Total physical RAM: 3070.42 MB
Available physical RAM: 1970.88 MB
Total Pagefile: 5979.98 MB
Available Pagefile: 5049.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.61 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:372.6 GB) (Free:31.62 GB) NTFS ==>[Drive with boot components (Windows 
 
XP)]
Drive d: (F1_2010) (CDROM) (Total:5.62 GB) (Free:0 GB) UDF
Drive i: () (Fixed) (Total:139.73 GB) (Free:102.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: 00E700E6)
Partition 1: (Active) - (Size=372.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 139.7 GB) (Disk ID: E01AE01A)
Partition 1: (Not Active) - (Size=139.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 AM

Posted 12 April 2015 - 10:37 AM

Hi there,

please attach the latest FRST-logs.

attachlogs.png
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Thriller2

Thriller2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 12 April 2015 - 11:51 AM

Hello, sorry I thought I had copied it on the previous post!

 

IGNORE, see next post :-)


Edited by Thriller2, 12 April 2015 - 12:02 PM.


#6 Thriller2

Thriller2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 12 April 2015 - 12:01 PM

Sorry I misread your post. Here you are. Thank you very much!

Attached Files



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 AM

Posted 12 April 2015 - 12:04 PM

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Thriller2

Thriller2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 12 April 2015 - 12:13 PM

18:08:06.0406 0x16ec  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:08:09.0156 0x16ec  ============================================================
18:08:09.0156 0x16ec  Current date / time: 2015/04/12 18:08:09.0156
18:08:09.0156 0x16ec  SystemInfo:
18:08:09.0156 0x16ec  
18:08:09.0156 0x16ec  OS Version: 5.1.2600 ServicePack: 3.0
18:08:09.0156 0x16ec  Product type: Workstation
18:08:09.0156 0x16ec  ComputerName: JOHN
18:08:09.0156 0x16ec  UserName: John
18:08:09.0156 0x16ec  Windows directory: C:\WINDOWS
18:08:09.0156 0x16ec  System windows directory: C:\WINDOWS
18:08:09.0156 0x16ec  Processor architecture: Intel x86
18:08:09.0156 0x16ec  Number of processors: 2
18:08:09.0156 0x16ec  Page size: 0x1000
18:08:09.0156 0x16ec  Boot type: Normal boot
18:08:09.0156 0x16ec  ============================================================
18:08:42.0984 0x16ec  KLMD registered as C:\WINDOWS\system32\drivers\03769065.sys
18:08:43.0125 0x16ec  System UUID: {A030401A-E163-AB1A-C458-0AD018E3CFF6}
18:08:44.0562 0x16ec  Drive \Device\Harddisk0\DR0 - Size: 0x5D2710DE00 ( 372.61 Gb ), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:08:44.0640 0x16ec  Drive \Device\Harddisk1\DR1 - Size: 0x22EF13E000 ( 139.74 Gb ), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:08:44.0906 0x16ec  ============================================================
18:08:44.0906 0x16ec  \Device\Harddisk0\DR0:
18:08:44.0937 0x16ec  MBR partitions:
18:08:44.0953 0x16ec  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E933DC1
18:08:44.0953 0x16ec  \Device\Harddisk1\DR1:
18:08:45.0000 0x16ec  MBR partitions:
18:08:45.0000 0x16ec  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x117775C2
18:08:45.0000 0x16ec  ============================================================
18:08:45.0062 0x16ec  C: <-> \Device\Harddisk0\DR0\Partition1
18:08:45.0156 0x16ec  I: <-> \Device\Harddisk1\DR1\Partition1
18:08:45.0171 0x16ec  ============================================================
18:08:45.0171 0x16ec  Initialize success
18:08:45.0171 0x16ec  ============================================================
18:09:14.0828 0x17b8  ============================================================
18:09:14.0828 0x17b8  Scan started
18:09:14.0828 0x17b8  Mode: Manual; SigCheck; TDLFS; 
18:09:14.0828 0x17b8  ============================================================
18:09:14.0828 0x17b8  KSN ping started
18:09:19.0156 0x17b8  KSN ping finished: true
18:09:20.0687 0x17b8  ================ Scan system memory ========================
18:09:20.0703 0x17b8  System memory - ok
18:09:20.0703 0x17b8  ================ Scan services =============================
18:09:21.0171 0x17b8  Abiosdsk - ok
18:09:21.0171 0x17b8  abp480n5 - ok
18:09:21.0218 0x17b8  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:09:22.0234 0x17b8  ACPI - ok
18:09:22.0375 0x17b8  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
18:09:22.0500 0x17b8  ACPIEC - ok
18:09:22.0500 0x17b8  adpu160m - ok
18:09:22.0546 0x17b8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
18:09:22.0656 0x17b8  aec - ok
18:09:22.0703 0x17b8  [ 15E655BAA989444F56787EF558823643, CAAD1CD268C83DFABA28CA4686128A62FA8D4DCA2C3D267A2EE6AA41F0AC9347 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:09:22.0718 0x17b8  AegisP - detected UnsignedFile.Multi.Generic ( 1 )
18:09:25.0187 0x17b8  Detect skipped due to KSN trusted
18:09:25.0187 0x17b8  AegisP - ok
18:09:25.0218 0x17b8  [ 4C35B9B2D62C1F6F66D07125C7CDBD8B, 435835154B76C0F014974E30DA061584697D9FB72D1C1FFF06960A3EC8C6852A ] AF05BDA         C:\WINDOWS\system32\drivers\AF05BDA.sys
18:09:25.0328 0x17b8  AF05BDA - ok
18:09:25.0375 0x17b8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
18:09:25.0515 0x17b8  AFD - ok
18:09:25.0515 0x17b8  Aha154x - ok
18:09:25.0531 0x17b8  aic78u2 - ok
18:09:25.0531 0x17b8  aic78xx - ok
18:09:25.0562 0x17b8  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
18:09:25.0671 0x17b8  Alerter - ok
18:09:25.0703 0x17b8  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
18:09:25.0812 0x17b8  ALG - ok
18:09:25.0828 0x17b8  AliIde - ok
18:09:25.0828 0x17b8  amsint - ok
18:09:26.0140 0x17b8  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:09:26.0156 0x17b8  Apple Mobile Device - ok
18:09:26.0203 0x17b8  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
18:09:26.0296 0x17b8  AppMgmt - ok
18:09:26.0296 0x17b8  asc - ok
18:09:26.0312 0x17b8  asc3350p - ok
18:09:26.0312 0x17b8  asc3550 - ok
18:09:26.0375 0x17b8  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:09:26.0468 0x17b8  aspnet_state - ok
18:09:26.0500 0x17b8  [ FE99FCB91E93BC4A7E222928A06411DE, C0F9A2A6324B17D435A7C62EB133E3E529D5622ED83C65E48F092CAB79D9A787 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
18:09:26.0578 0x17b8  aswHwid - ok
18:09:26.0609 0x17b8  [ 5D70C1C6C61C5A034BD086AD219A0237, 318C3CC5AF2A4B99C6C3938B36C95ECA63EABC5E93A2A3D7C729BA0BF191CDF1 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
18:09:26.0625 0x17b8  aswMonFlt - ok
18:09:26.0640 0x17b8  [ 794B69DB528D35FB8F0BA5D0BB8736AF, 1AB85734DDE2C5F8FD31F9D9184C4E17768AFE12215A6D1F9D745E7CD1608783 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
18:09:26.0765 0x17b8  aswRdr - ok
18:09:26.0796 0x17b8  [ 74E84C8CEB52042E8A1EA3104D151843, B9D1ADC6A0FF31EE18E2EECCCC3D98C41FAE9E37295A0F555DAB59D0B6028A6E ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
18:09:26.0828 0x17b8  aswRvrt - ok
18:09:27.0187 0x17b8  [ 48FA0C8E04A37A619C894A1C02D5AB96, F79C7252D0C578F827EED28630D97F2B5E3B361F920AF626343D8A71CDD86288 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
18:09:27.0234 0x17b8  aswSnx - ok
18:09:27.0421 0x17b8  [ 2AB454C9C10C427738426C06D3749361, BC604BC9006CF52520FA962055F391A806B7452639640F13516B151E34517643 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
18:09:27.0453 0x17b8  aswSP - ok
18:09:27.0500 0x17b8  [ F6AB3DD747DA3505B3E8F0532905A21F, 52828A956B16B2491E805A78C6D2B03E6E72AD482ED3A3A47C1E1321196B8A8F ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
18:09:27.0578 0x17b8  aswTdi - ok
18:09:27.0593 0x17b8  [ 0AE22EAD6B30E448160338E708BCB71D, 4657A7C60635B916FFBC0A731D52E944FDDE6B052AD0DBD0848C3C7A5C15DD0D ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
18:09:27.0656 0x17b8  aswVmm - ok
18:09:27.0718 0x17b8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:09:27.0875 0x17b8  AsyncMac - ok
18:09:27.0906 0x17b8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
18:09:28.0046 0x17b8  atapi - ok
18:09:28.0046 0x17b8  Atdisk - ok
18:09:28.0109 0x17b8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:09:28.0281 0x17b8  Atmarpc - ok
18:09:28.0343 0x17b8  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
18:09:28.0468 0x17b8  AudioSrv - ok
18:09:28.0515 0x17b8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
18:09:28.0625 0x17b8  audstub - ok
18:09:28.0859 0x17b8  [ 210A326658D72D7F2EE2267F3D9C44D4, 25BC620209B5F4BCF5C3F323290E41255F68660F3DFF901FA5A78423A7293D73 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:09:28.0968 0x17b8  avast! Antivirus - ok
18:09:29.0000 0x17b8  [ CB2C2B24BD7E64CFB2B24D401FF5BBC0, F48ABD9F5BF91BF5F25E6D5EE02647F7DD8E1C1A11FEEE2C1C1B3BD34E3D0F85 ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
18:09:29.0062 0x17b8  Avgdiskx - ok
18:09:29.0765 0x17b8  [ E2FDE8691C03525F095C8D01F005FA97, B234D8642F528550FB246127CBA24A2A115F8EAF8ED1BC8FD37562AFEBEF4978 ] AVGIDSAgent     C:\Program Files\AVG\AVG2015\avgidsagent.exe
18:09:30.0296 0x17b8  AVGIDSAgent - ok
18:09:30.0343 0x17b8  [ BF031BED7962A6157769618250BDE900, 0211AC7B84B84CB670EACBBD86733211E16BB8636C4033B7985A0AE7242CF39D ] AVGIDSDriverl   C:\WINDOWS\system32\DRIVERS\avgidsdriverlx.sys
18:09:30.0359 0x17b8  AVGIDSDriverl - ok
18:09:30.0468 0x17b8  [ D1663A0114691080C624D857A8343D5B, 8E7029A8FE7A62F4BED7687C54699D0709876D05D93CAA499B4BC69BF8C59091 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
18:09:30.0500 0x17b8  AVGIDSHX - ok
18:09:30.0531 0x17b8  [ 2429F7F025F63532B6B264D97E4ECA49, EDE2C88B3B4B2A3AC59A3AB0B2FEC1D2CC75AA8AFFF0F5011D07AB4F053390D9 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
18:09:30.0546 0x17b8  AVGIDSShim - ok
18:09:30.0609 0x17b8  [ 9AFD535116E986D49877B811F3665E8E, 6843415ED638BB26A17BE9AB7A49D36070A588088256D4D0D1B4789FBDA6730B ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:09:30.0656 0x17b8  Avgldx86 - ok
18:09:30.0750 0x17b8  [ B97A84EE582A0241E6E08AD07DFE2F74, C3362B9261B4DA099AFC544A2C7F2B3659AE0BDA5DC9DCBD5E383464F9F56A4D ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
18:09:30.0781 0x17b8  Avglogx - ok
18:09:30.0812 0x17b8  [ 99D968295470D3DE76CADD876F4090F0, FAA00C5AE99FA3B3CB6A1F815DC80579101E627206694304FB6BA3F9F4E60E76 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:09:30.0843 0x17b8  Avgmfx86 - ok
18:09:30.0875 0x17b8  [ F016B95273E0B1961F204F7FD2FFD811, 9F89323177B68DEDE6B1F09790E6A978376B4FCBDC029283B297A3C4D9B242FF ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:09:30.0890 0x17b8  Avgrkx86 - ok
18:09:30.0953 0x17b8  [ B2E8473C080FEFB41E984CB6034112F0, 34DEC37A6A61BD7C643AC9CABA9105B15DE201117FEBB238C3DD713A0833A3CF ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:09:30.0968 0x17b8  Avgtdix - ok
18:09:31.0031 0x17b8  [ DCF350D917112A03D3CDC33C8ADEA87A, 78E7B8E6575EEB07C993EA71D699443C428B3258A748236264F75571FE23D796 ] avgwd           C:\Program Files\AVG\AVG2015\avgwdsvc.exe
18:09:31.0093 0x17b8  avgwd - ok
18:09:31.0140 0x17b8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:09:31.0250 0x17b8  Beep - ok
18:09:31.0328 0x17b8  [ 1D26E3A3EA0234D54D14D4E45E2A84E9, 7E01B7AA2A171ABC10AFA6D81129C563C384E78E01596FBD4DC6CA5673AADA83 ] Belkin700F      C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys
18:09:31.0453 0x17b8  Belkin700F - ok
18:09:31.0531 0x17b8  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
18:09:31.0875 0x17b8  BITS - ok
18:09:32.0093 0x17b8  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:09:32.0125 0x17b8  Bonjour Service - ok
18:09:32.0187 0x17b8  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
18:09:32.0312 0x17b8  Browser - ok
18:09:32.0359 0x17b8  [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
18:09:32.0500 0x17b8  BthEnum - ok
18:09:32.0531 0x17b8  [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM        C:\WINDOWS\system32\DRIVERS\bthmodem.sys
18:09:32.0656 0x17b8  BTHMODEM - ok
18:09:32.0656 0x17b8  [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
18:09:32.0765 0x17b8  BthPan - ok
18:09:32.0781 0x17b8  [ 662BFD909447DD9CC15B1A1C366583B4, 2E012304336769C24A6EFB4D975BA3F21289827A5EB4C9A8216E941344348447 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
18:09:32.0828 0x17b8  BTHPORT - ok
18:09:32.0859 0x17b8  [ F4C43C66471B87996D95DB7A3A664A37, C7324DBF75376578EC254FD64E2564FEF9A35B58DFE1095389F769F37EA68B21 ] BthServ         C:\WINDOWS\System32\bthserv.dll
18:09:33.0062 0x17b8  BthServ - ok
18:09:33.0125 0x17b8  [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
18:09:33.0328 0x17b8  BTHUSB - ok
18:09:33.0328 0x17b8  catchme - ok
18:09:33.0453 0x17b8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
18:09:33.0593 0x17b8  cbidf2k - ok
18:09:33.0625 0x17b8  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:09:33.0953 0x17b8  CCDECODE - ok
18:09:33.0953 0x17b8  cd20xrnt - ok
18:09:34.0015 0x17b8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
18:09:34.0171 0x17b8  Cdaudio - ok
18:09:34.0187 0x17b8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
18:09:34.0515 0x17b8  Cdfs - ok
18:09:34.0531 0x17b8  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:09:34.0750 0x17b8  Cdrom - ok
18:09:34.0765 0x17b8  Changer - ok
18:09:34.0828 0x17b8  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
18:09:34.0953 0x17b8  CiSvc - ok
18:09:34.0968 0x17b8  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
18:09:35.0125 0x17b8  ClipSrv - ok
18:09:35.0156 0x17b8  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:09:35.0671 0x17b8  clr_optimization_v2.0.50727_32 - ok
18:09:35.0687 0x17b8  CmdIde - ok
18:09:35.0718 0x17b8  COMSysApp - ok
18:09:35.0734 0x17b8  Cpqarray - ok
18:09:35.0828 0x17b8  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
18:09:36.0062 0x17b8  CryptSvc - ok
18:09:36.0109 0x17b8  [ 8DB84DE3AAB34A8B4C2F644EFF41CD76, 02154E064651269EEF51BA6D68285A05E1552D3FFDCA97ED810EAEB26EAF4573 ] ctsfm2k         C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
18:09:36.0312 0x17b8  ctsfm2k - ok
18:09:36.0312 0x17b8  dac2w2k - ok
18:09:36.0328 0x17b8  dac960nt - ok
18:09:36.0390 0x17b8  [ 5118EA8A2F55FA4D4295516500B78229, 2DED5B8F45AF5D09BE91DC61FBC64E3A3405AD62CE6F21512AC76726CF101C86 ] DCamUSBEMPIA    C:\WINDOWS\system32\DRIVERS\emDevice.sys
18:09:36.0656 0x17b8  DCamUSBEMPIA - ok
18:09:36.0718 0x17b8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:09:37.0093 0x17b8  DcomLaunch - ok
18:09:37.0125 0x17b8  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
18:09:37.0250 0x17b8  Dhcp - ok
18:09:37.0296 0x17b8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
18:09:37.0531 0x17b8  Disk - ok
18:09:37.0531 0x17b8  dmadmin - ok
18:09:37.0687 0x17b8  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
18:09:38.0093 0x17b8  dmboot - ok
18:09:38.0125 0x17b8  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
18:09:38.0296 0x17b8  dmio - ok
18:09:38.0328 0x17b8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
18:09:38.0500 0x17b8  dmload - ok
18:09:38.0546 0x17b8  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
18:09:38.0703 0x17b8  dmserver - ok
18:09:38.0718 0x17b8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
18:09:38.0843 0x17b8  DMusic - ok
18:09:38.0859 0x17b8  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:09:38.0953 0x17b8  Dnscache - ok
18:09:39.0000 0x17b8  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:09:39.0093 0x17b8  Dot3svc - ok
18:09:39.0109 0x17b8  dpti2o - ok
18:09:39.0109 0x17b8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:09:39.0218 0x17b8  drmkaud - ok
18:09:39.0234 0x17b8  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
18:09:39.0390 0x17b8  EapHost - ok
18:09:39.0484 0x17b8  [ 014F00B93BD7AB08AB14C580EC0BCCFD, 69140550CBC06459E457F0A3EDD19C600CBDA7FCC0ABEE2FE0489F7B3B1470FE ] emAudio         C:\WINDOWS\system32\drivers\emAudio.sys
18:09:39.0546 0x17b8  emAudio - ok
18:09:39.0593 0x17b8  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
18:09:39.0812 0x17b8  ERSvc - ok
18:09:39.0875 0x17b8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
18:09:39.0906 0x17b8  Eventlog - ok
18:09:39.0937 0x17b8  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
18:09:40.0109 0x17b8  EventSystem - ok
18:09:40.0140 0x17b8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
18:09:40.0328 0x17b8  Fastfat - ok
18:09:40.0406 0x17b8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:09:40.0500 0x17b8  FastUserSwitchingCompatibility - ok
18:09:40.0531 0x17b8  [ 8AFD80FA4D00075CBFFD77F12411A381, 8BD6DF005B19EAC94BDDCF407C8622B126C454394146787FF670762A5F907161 ] fcdabus         C:\WINDOWS\system32\DRIVERS\fcdabus.sys
18:09:40.0562 0x17b8  fcdabus - ok
18:09:40.0578 0x17b8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
18:09:40.0718 0x17b8  Fdc - ok
18:09:40.0734 0x17b8  [ 6F87E4706F59463B74BC4FAD0F67338F, 6E5D6DE84452891B751433B64DAE7F05AC53620F1A803350F797A9EC6171F1B6 ] FiltUSBEMPIA    C:\WINDOWS\system32\DRIVERS\emFilter.sys
18:09:40.0765 0x17b8  FiltUSBEMPIA - ok
18:09:40.0812 0x17b8  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
18:09:40.0921 0x17b8  Fips - ok
18:09:40.0921 0x17b8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
18:09:41.0031 0x17b8  Flpydisk - ok
18:09:41.0093 0x17b8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:09:41.0203 0x17b8  FltMgr - ok
18:09:41.0250 0x17b8  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:09:41.0265 0x17b8  FontCache3.0.0.0 - ok
18:09:41.0296 0x17b8  [ E9EA38FC9284480AB77DA3BD9BF434F7, 97E13081B71745397548CD6CD7C230146C064DC530E01695F82921B8F3C950DF ] fsRamDsk        C:\WINDOWS\system32\DRIVERS\fsRamDsk.sys
18:09:41.0328 0x17b8  fsRamDsk - detected UnsignedFile.Multi.Generic ( 1 )
18:09:43.0953 0x17b8  Detect skipped due to KSN trusted
18:09:43.0953 0x17b8  fsRamDsk - ok
18:09:43.0968 0x17b8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:09:44.0078 0x17b8  Fs_Rec - ok
18:09:44.0093 0x17b8  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:09:44.0265 0x17b8  Ftdisk - ok
18:09:44.0312 0x17b8  [ EF1DB93645FFEA9F657D632D830E6040, F1F748393E97A8FEDBFECE53E08C325ED5E96889B11A08315A29DB62FD67C888 ] FVXSCSI         C:\WINDOWS\system32\DRIVERS\fvxscsi.sys
18:09:44.0390 0x17b8  FVXSCSI - ok
18:09:44.0421 0x17b8  [ 54789F9BA0D59072CDD4E7C200E122C4, EAA497A97E2097CCEF5F7549E35CC87F652923E31BFDB9B590B54D7D8C72050A ] gdrv            C:\WINDOWS\gdrv.sys
18:09:46.0859 0x17b8  gdrv - ok
18:09:46.0906 0x17b8  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:09:46.0937 0x17b8  GEARAspiWDM - ok
18:09:46.0968 0x17b8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:09:47.0078 0x17b8  Gpc - ok
18:09:47.0078 0x17b8  GTNDIS5 - ok
18:09:47.0140 0x17b8  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate1c98578cbd7373e C:\Program Files\Google\Update\GoogleUpdate.exe
18:09:47.0156 0x17b8  gupdate1c98578cbd7373e - ok
18:09:47.0171 0x17b8  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:09:47.0187 0x17b8  gupdatem - ok
18:09:47.0312 0x17b8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:09:47.0406 0x17b8  gusvc - ok
18:09:47.0453 0x17b8  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:09:47.0578 0x17b8  helpsvc - ok
18:09:47.0609 0x17b8  [ 7BD2DE4C85EB4241EED57672B16A7D8D, BF793AA7B3C7077F25B155ECC6D3F1496F0079B5E0311F8804FACA03A99AC285 ] HidBth          C:\WINDOWS\system32\DRIVERS\hidbth.sys
18:09:47.0781 0x17b8  HidBth - ok
18:09:47.0828 0x17b8  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
18:09:47.0968 0x17b8  HidServ - ok
18:09:48.0000 0x17b8  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:09:48.0078 0x17b8  hidusb - ok
18:09:48.0109 0x17b8  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
18:09:48.0343 0x17b8  hkmsvc - ok
18:09:48.0343 0x17b8  hpn - ok
18:09:48.0406 0x17b8  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
18:09:48.0484 0x17b8  HTTP - ok
18:09:48.0515 0x17b8  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
18:09:48.0609 0x17b8  HTTPFilter - ok
18:09:48.0625 0x17b8  i2omgmt - ok
18:09:48.0625 0x17b8  i2omp - ok
18:09:48.0671 0x17b8  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
18:09:48.0843 0x17b8  i8042prt - ok
18:09:48.0921 0x17b8  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:09:49.0062 0x17b8  idsvc - ok
18:09:49.0125 0x17b8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
18:09:49.0234 0x17b8  Imapi - ok
18:09:49.0281 0x17b8  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
18:09:49.0406 0x17b8  ImapiService - ok
18:09:49.0406 0x17b8  ini910u - ok
18:09:49.0421 0x17b8  IntelIde - ok
18:09:49.0437 0x17b8  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:09:49.0578 0x17b8  intelppm - ok
18:09:49.0609 0x17b8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
18:09:49.0734 0x17b8  Ip6Fw - ok
18:09:49.0796 0x17b8  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:09:49.0937 0x17b8  IpFilterDriver - ok
18:09:49.0968 0x17b8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:09:50.0187 0x17b8  IpInIp - ok
18:09:50.0218 0x17b8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:09:50.0406 0x17b8  IpNat - ok
18:09:50.0500 0x17b8  [ 4D800977F7EB0C310AF04BF5B517985A, DD4EC347D4759AC401BD08739DE012E5F1903DF2EDEBEA17CCD3C19FF1F6005E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:09:50.0546 0x17b8  iPod Service - ok
18:09:50.0578 0x17b8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:09:50.0750 0x17b8  IPSec - ok
18:09:50.0796 0x17b8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
18:09:50.0984 0x17b8  IRENUM - ok
18:09:51.0000 0x17b8  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:09:51.0109 0x17b8  isapnp - ok
18:09:51.0281 0x17b8  [ 126A16F569122AE00AD3D12EF831D651, D8C109F7B47F7E09CE3D0C9CB98920DA653B364B610C11ABE911BD0EB5EF436F ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:09:51.0296 0x17b8  JavaQuickStarterService - ok
18:09:51.0343 0x17b8  [ C995C0E8B4503FAC38793BB0236AD246, 5147C90053C8DBAFA9A7E4457A03AA2BCF5EC1A7367526FD102D4B542CC357B0 ] JGOGO           C:\WINDOWS\system32\DRIVERS\JGOGO.sys
18:09:51.0546 0x17b8  JGOGO - ok
18:09:51.0609 0x17b8  [ F90A4E8657319A652E04C5362926CFEA, 38169807B92FB550385DD5D73AFC4CB92D2F40FA29C803D6E94FD87349EB4CEE ] JRAID           C:\WINDOWS\system32\DRIVERS\jraid.sys
18:09:51.0703 0x17b8  JRAID - ok
18:09:51.0718 0x17b8  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:09:51.0890 0x17b8  Kbdclass - ok
18:09:51.0921 0x17b8  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:09:52.0031 0x17b8  kbdhid - ok
18:09:52.0078 0x17b8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
18:09:52.0171 0x17b8  kmixer - ok
18:09:52.0203 0x17b8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
18:09:52.0296 0x17b8  KSecDD - ok
18:09:52.0312 0x17b8  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
18:09:52.0390 0x17b8  lanmanserver - ok
18:09:52.0437 0x17b8  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:09:52.0500 0x17b8  lanmanworkstation - ok
18:09:52.0500 0x17b8  lbrtfdc - ok
18:09:52.0562 0x17b8  [ E873CD021ECD79831B1C5B95512B84CE, 51032AC69092650D36DDF7EC0A409B035A191D1FA8C0EE4FE8E09B18C77A070F ] LexBceS         C:\WINDOWS\system32\LEXBCES.EXE
18:09:52.0640 0x17b8  LexBceS - ok
18:09:52.0703 0x17b8  [ 3FA98339E8D9E007726BE62F231E2015, 805AC025F50C8A9BC6617F2C44F4686C903102B4E59DA02DB7115A4EECA0A20F ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:09:52.0734 0x17b8  LHidFilt - ok
18:09:52.0828 0x17b8  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
18:09:52.0984 0x17b8  LmHosts - ok
18:09:52.0984 0x17b8  [ F259F758E04D8FB8D48C6CDBE45223E8, 35C2801135920809D709FFD05CD99A95F0E616BD6C29F8A141A0A8221425E302 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
18:09:53.0000 0x17b8  LMouFilt - ok
18:09:53.0046 0x17b8  [ CA26E46EC8891058C9E10363DF4E4650, 21AC5EB65CCD9B2CBA13777CEDF1582BB9A1BB2ED8FAF86C750EAD55C36E1A29 ] LUsbFilt        C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
18:09:53.0062 0x17b8  LUsbFilt - ok
18:09:53.0078 0x17b8  [ 066ED0BAA4FAEB1475B9F06B8C319FC6, 5E34BAB2AB3EECB3B0A49F457387F8754AFDDFE2AF8722D15DCB355D7E64F4C9 ] LwUsbHid        C:\WINDOWS\system32\DRIVERS\LwUsbHid.sys
18:09:53.0218 0x17b8  LwUsbHid - ok
18:09:53.0250 0x17b8  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
18:09:53.0343 0x17b8  Messenger - ok
18:09:53.0406 0x17b8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
18:09:53.0500 0x17b8  mnmdd - ok
18:09:53.0531 0x17b8  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
18:09:53.0640 0x17b8  mnmsrvc - ok
18:09:53.0656 0x17b8  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
18:09:53.0750 0x17b8  Modem - ok
18:09:53.0765 0x17b8  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:09:54.0000 0x17b8  Mouclass - ok
18:09:54.0031 0x17b8  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:09:54.0140 0x17b8  mouhid - ok
18:09:54.0156 0x17b8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
18:09:54.0250 0x17b8  MountMgr - ok
18:09:54.0281 0x17b8  [ C0F8E0C2C3C0437CF37C6781896DC3EC, 12196EF5A94BD011B5D578E755B51424E3238437A028CC1EDFB53138C00D3339 ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
18:09:54.0406 0x17b8  MPE - ok
18:09:54.0406 0x17b8  mraid35x - ok
18:09:54.0421 0x17b8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:09:54.0515 0x17b8  MRxDAV - ok
18:09:54.0578 0x17b8  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:09:54.0703 0x17b8  MRxSmb - ok
18:09:54.0718 0x17b8  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
18:09:54.0812 0x17b8  MSDTC - ok
18:09:54.0828 0x17b8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:09:54.0937 0x17b8  Msfs - ok
18:09:54.0937 0x17b8  MSIServer - ok
18:09:54.0968 0x17b8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:09:55.0093 0x17b8  MSKSSRV - ok
18:09:55.0109 0x17b8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:09:55.0203 0x17b8  MSPCLOCK - ok
18:09:55.0218 0x17b8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:09:55.0328 0x17b8  MSPQM - ok
18:09:55.0359 0x17b8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:09:55.0437 0x17b8  mssmbios - ok
18:09:55.0468 0x17b8  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:09:55.0562 0x17b8  MSTEE - ok
18:09:55.0593 0x17b8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
18:09:55.0640 0x17b8  Mup - ok
18:09:55.0671 0x17b8  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:09:55.0765 0x17b8  NABTSFEC - ok
18:09:55.0812 0x17b8  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
18:09:55.0921 0x17b8  napagent - ok
18:09:56.0062 0x17b8  [ B498A14133BD09AD0817590ACE4470AD, 14CCC922C6596C97A5CF580209C4AFB6138A8FFD3A0E60CD506810DFCBC43A1A ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:09:56.0109 0x17b8  NBService - ok
18:09:56.0171 0x17b8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
18:09:56.0406 0x17b8  NDIS - ok
18:09:56.0453 0x17b8  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:09:56.0609 0x17b8  NdisIP - ok
18:09:56.0656 0x17b8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:09:56.0750 0x17b8  NdisTapi - ok
18:09:56.0781 0x17b8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:09:56.0875 0x17b8  Ndisuio - ok
18:09:56.0890 0x17b8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:09:57.0000 0x17b8  NdisWan - ok
18:09:57.0031 0x17b8  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:09:57.0156 0x17b8  NDProxy - ok
18:09:57.0203 0x17b8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:09:57.0312 0x17b8  NetBIOS - ok
18:09:57.0375 0x17b8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:09:57.0500 0x17b8  NetBT - ok
18:09:57.0531 0x17b8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
18:09:57.0671 0x17b8  NetDDE - ok
18:09:57.0687 0x17b8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
18:09:57.0796 0x17b8  NetDDEdsdm - ok
18:09:57.0843 0x17b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:09:57.0953 0x17b8  Netlogon - ok
18:09:58.0000 0x17b8  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
18:09:58.0187 0x17b8  Netman - ok
18:09:58.0312 0x17b8  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:09:58.0421 0x17b8  NetTcpPortSharing - ok
18:09:58.0484 0x17b8  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
18:09:58.0546 0x17b8  Nla - ok
18:09:58.0781 0x17b8  [ A328A46D87BB92CE4D8A4528E9D84787, D3245ED700151111592BA82FB675B284DA7FCE52B07A7F68352F64A402CAB37C ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:09:58.0953 0x17b8  NMIndexingService - ok
18:09:59.0000 0x17b8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:09:59.0171 0x17b8  Npfs - ok
18:09:59.0250 0x17b8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:09:59.0609 0x17b8  Ntfs - ok
18:09:59.0640 0x17b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
18:09:59.0750 0x17b8  NtLmSsp - ok
18:09:59.0828 0x17b8  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
18:10:00.0109 0x17b8  NtmsSvc - ok
18:10:00.0140 0x17b8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:10:00.0375 0x17b8  Null - ok
18:10:01.0265 0x17b8  [ B9B1BB146EB9A83DCF0F5635B09D3D43, 1A630E955811E9D317B1A23B6E18658AAE1696E709213A1FA25D8B7AD171EEAE ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:10:02.0625 0x17b8  nv - ok
18:10:02.0703 0x17b8  [ CC4F8220EAD1F6A38D51679708F435B9, 0A46901A282E6A8CCA5ED7CE1BE53315DBB29A9ABC590AB08625978B9AB35D17 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
18:10:02.0734 0x17b8  NVSvc - ok
18:10:02.0765 0x17b8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:10:02.0875 0x17b8  NwlnkFlt - ok
18:10:03.0234 0x17b8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:10:03.0359 0x17b8  NwlnkFwd - ok
18:10:03.0500 0x17b8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:10:03.0531 0x17b8  odserv - ok
18:10:03.0578 0x17b8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:10:03.0593 0x17b8  ose - ok
18:10:03.0625 0x17b8  [ 103A9B117A7D9903111955CDAFE65AC6, 06060CA6036F757ABB6C9CFD8376D70996E80ACC7896896DD426AEA0786E2B15 ] ossrv           C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
18:10:03.0656 0x17b8  ossrv - ok
18:10:03.0718 0x17b8  [ C5739BE3A8EECDF951955A38E1741F45, 3E2724CFCA62CD60A6CDBBCB83D3C67CD3BCD622DFB74B78A3B865475F879DDD ] OVT511Plus      C:\WINDOWS\system32\Drivers\omcamvid.sys
18:10:03.0765 0x17b8  OVT511Plus - detected UnsignedFile.Multi.Generic ( 1 )
18:10:07.0765 0x17b8  Detect skipped due to KSN trusted
18:10:07.0765 0x17b8  OVT511Plus - ok
18:10:07.0859 0x17b8  [ 1DB419CB76493F6292CCFBDC3466F5FF, 28C12CA350FA9D33C31AC03F8EB6A7075E5CC3D45EDC083BFC2DE0C3C89185E2 ] P17             C:\WINDOWS\system32\drivers\P17.sys
18:10:08.0046 0x17b8  P17 - ok
18:10:08.0093 0x17b8  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
18:10:08.0281 0x17b8  Parport - ok
18:10:08.0312 0x17b8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
18:10:08.0468 0x17b8  PartMgr - ok
18:10:08.0515 0x17b8  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
18:10:08.0640 0x17b8  ParVdm - ok
18:10:08.0671 0x17b8  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
18:10:08.0765 0x17b8  PCI - ok
18:10:08.0781 0x17b8  PCIDump - ok
18:10:08.0796 0x17b8  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
18:10:08.0890 0x17b8  PCIIde - ok
18:10:08.0921 0x17b8  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
18:10:09.0046 0x17b8  Pcmcia - ok
18:10:09.0046 0x17b8  PDCOMP - ok
18:10:09.0046 0x17b8  PDFRAME - ok
18:10:09.0046 0x17b8  PDRELI - ok
18:10:09.0046 0x17b8  PDRFRAME - ok
18:10:09.0062 0x17b8  perc2 - ok
18:10:09.0062 0x17b8  perc2hib - ok
18:10:09.0093 0x17b8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
18:10:09.0125 0x17b8  PlugPlay - ok
18:10:09.0125 0x17b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
18:10:09.0218 0x17b8  PolicyAgent - ok
18:10:09.0234 0x17b8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:10:09.0328 0x17b8  PptpMiniport - ok
18:10:09.0343 0x17b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:10:09.0421 0x17b8  ProtectedStorage - ok
18:10:09.0437 0x17b8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
18:10:09.0546 0x17b8  PSched - ok
18:10:09.0562 0x17b8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:10:09.0671 0x17b8  Ptilink - ok
18:10:09.0703 0x17b8  [ 153D02480A0A2F45785522E814C634B6, 02B7590F2F4A8FA0B031CDA7A28BD55E7C04A080C1EA810BF3AC3212A62153A6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:10:09.0734 0x17b8  PxHelp20 - ok
18:10:09.0734 0x17b8  ql1080 - ok
18:10:09.0734 0x17b8  Ql10wnt - ok
18:10:09.0734 0x17b8  ql12160 - ok
18:10:09.0734 0x17b8  ql1240 - ok
18:10:09.0750 0x17b8  ql1280 - ok
18:10:09.0765 0x17b8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:10:09.0859 0x17b8  RasAcd - ok
18:10:09.0890 0x17b8  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:10:10.0015 0x17b8  RasAuto - ok
18:10:10.0031 0x17b8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:10:10.0171 0x17b8  Rasl2tp - ok
18:10:10.0265 0x17b8  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:10:10.0468 0x17b8  RasMan - ok
18:10:10.0484 0x17b8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:10:10.0625 0x17b8  RasPppoe - ok
18:10:10.0656 0x17b8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
18:10:10.0765 0x17b8  Raspti - ok
18:10:10.0812 0x17b8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:10:10.0937 0x17b8  Rdbss - ok
18:10:10.0968 0x17b8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:10:11.0140 0x17b8  RDPCDD - ok
18:10:11.0187 0x17b8  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:10:11.0375 0x17b8  rdpdr - ok
18:10:11.0406 0x17b8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
18:10:11.0734 0x17b8  RDPWD - ok
18:10:11.0796 0x17b8  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
18:10:12.0109 0x17b8  RDSessMgr - ok
18:10:12.0125 0x17b8  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
18:10:12.0359 0x17b8  redbook - ok
18:10:12.0406 0x17b8  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:10:12.0531 0x17b8  RemoteAccess - ok
18:10:12.0593 0x17b8  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:10:12.0750 0x17b8  RemoteRegistry - ok
18:10:12.0812 0x17b8  [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
18:10:13.0062 0x17b8  RFCOMM - ok
18:10:13.0093 0x17b8  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:10:13.0250 0x17b8  RpcLocator - ok
18:10:13.0328 0x17b8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
18:10:13.0390 0x17b8  RpcSs - ok
18:10:13.0421 0x17b8  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
18:10:13.0562 0x17b8  RSVP - ok
18:10:13.0671 0x17b8  [ EF64988C8E699E2481D1FD45BF472EF0, 216D89FC2556AE1115B353973DBD1E91A43F2D33AD62928349630CA7AFB14B6D ] RT61            C:\WINDOWS\system32\DRIVERS\RT61.sys
18:10:13.0765 0x17b8  RT61 - ok
18:10:13.0796 0x17b8  [ 89B3F2495F517718782CE96804C18760, F770FBEF476112E370D0111EAA17932186DFD11B971239D0F0A0756F67E7E932 ] RTL2831UBDA     C:\WINDOWS\system32\drivers\RTL2831UBDA.sys
18:10:13.0812 0x17b8  RTL2831UBDA - ok
18:10:13.0859 0x17b8  [ 910FAE67F0650ABC1DA6CA4772DCA938, 359033AC7A7CAAF8ADBA7BB285B3499878C2C23382459E454C5AECE5195DD4C6 ] RTL2831UUSB     C:\WINDOWS\system32\Drivers\RTL2831UUSB.sys
18:10:13.0875 0x17b8  RTL2831UUSB - ok
18:10:13.0906 0x17b8  [ 098DE621085D7F922871A99B0EC7DDD6, 95725678F2DE64ACF342BEC08C052D3F6FD91A70A6B051BC79581B06D49D2965 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:10:14.0015 0x17b8  RTLE8023xp - ok
18:10:14.0046 0x17b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:10:14.0140 0x17b8  SamSs - ok
18:10:14.0156 0x17b8  [ 30D94039A729571146EB9D736EC1AADD, BFDF554932CE1EB8FB4FCE3F249B0438CAE3B7621D85A2B3C6898E83A8A0677D ] SbcpHid         C:\WINDOWS\system32\Drivers\SbcpHid.sys
18:10:14.0218 0x17b8  SbcpHid - detected UnsignedFile.Multi.Generic ( 1 )
18:10:17.0015 0x17b8  SbcpHid ( UnsignedFile.Multi.Generic ) - warning
18:10:19.0562 0x17b8  [ F5A633609777C212EC5FF19927FC5955, 2AEC6B017B339907293FE7748D1ED8B871A4A458CA67DA8481D718D1B4825BCD ] ScanUSBEMPIA    C:\WINDOWS\system32\DRIVERS\emScan.sys
18:10:19.0640 0x17b8  ScanUSBEMPIA - ok
18:10:19.0718 0x17b8  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
18:10:19.0937 0x17b8  SCardSvr - ok
18:10:20.0000 0x17b8  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:10:20.0187 0x17b8  Schedule - ok
18:10:21.0281 0x17b8  [ 87E1F99C82208238F40BB1079D1CE4AC, 78F2A74B1892054CD66A0453A65E26169CCBA514F8E5DF8F7A556412AD37620C ] SCPDFReadSpool  C:\WINDOWS\Installer\MSI8C.tmp
18:10:21.0328 0x17b8  SCPDFReadSpool - ok
18:10:21.0375 0x17b8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:10:22.0125 0x17b8  Secdrv - ok
18:10:22.0171 0x17b8  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
18:10:22.0296 0x17b8  seclogon - ok
18:10:22.0406 0x17b8  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
18:10:22.0546 0x17b8  SENS - ok
18:10:22.0609 0x17b8  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
18:10:22.0765 0x17b8  serenum - ok
18:10:22.0781 0x17b8  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
18:10:22.0890 0x17b8  Serial - ok
18:10:22.0937 0x17b8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
18:10:23.0031 0x17b8  Sfloppy - ok
18:10:23.0125 0x17b8  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:10:23.0250 0x17b8  SharedAccess - ok
18:10:23.0265 0x17b8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:10:23.0328 0x17b8  ShellHWDetection - ok
18:10:23.0343 0x17b8  Simbad - ok
18:10:23.0390 0x17b8  [ 3D7EF286E806F9BD9339AA52E28DCD67, 24D602B7DDF7718A1F149D35B24C2345D0DDE6E8B8A7FDF35062C24A6D13226D ] SjyPkt          C:\WINDOWS\System32\Drivers\SjyPkt.sys
18:10:23.0437 0x17b8  SjyPkt - detected UnsignedFile.Multi.Generic ( 1 )
18:10:26.0000 0x17b8  Detect skipped due to KSN trusted
18:10:26.0000 0x17b8  SjyPkt - ok
18:10:26.0093 0x17b8  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:10:26.0250 0x17b8  SkypeUpdate - ok
18:10:26.0312 0x17b8  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:10:26.0562 0x17b8  SLIP - ok
18:10:26.0562 0x17b8  Sparrow - ok
18:10:26.0656 0x17b8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
18:10:26.0875 0x17b8  splitter - ok
18:10:26.0953 0x17b8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
18:10:27.0078 0x17b8  Spooler - ok
18:10:27.0109 0x17b8  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
18:10:27.0406 0x17b8  sr - ok
18:10:27.0515 0x17b8  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
18:10:27.0718 0x17b8  srservice - ok
18:10:27.0828 0x17b8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:10:28.0218 0x17b8  Srv - ok
18:10:28.0281 0x17b8  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:10:28.0953 0x17b8  SSDPSRV - ok
18:10:29.0062 0x17b8  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
18:10:29.0375 0x17b8  stisvc - ok
18:10:29.0406 0x17b8  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:10:29.0796 0x17b8  streamip - ok
18:10:30.0046 0x17b8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
18:10:30.0203 0x17b8  swenum - ok
18:10:30.0281 0x17b8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
18:10:30.0515 0x17b8  swmidi - ok
18:10:30.0515 0x17b8  SwPrv - ok
18:10:30.0531 0x17b8  symc810 - ok
18:10:30.0546 0x17b8  symc8xx - ok
18:10:30.0546 0x17b8  sym_hi - ok
18:10:30.0562 0x17b8  sym_u3 - ok
18:10:30.0640 0x17b8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
18:10:30.0828 0x17b8  sysaudio - ok
18:10:30.0875 0x17b8  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
18:10:31.0109 0x17b8  SysmonLog - ok
18:10:31.0187 0x17b8  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719, AEB6D9616BC7083BEF1D199CC7E0307DDF9A63541E60380697749F7B6497E847 ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys
18:10:31.0250 0x17b8  taphss - ok
18:10:31.0296 0x17b8  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:10:31.0906 0x17b8  TapiSrv - ok
18:10:32.0046 0x17b8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:10:32.0281 0x17b8  Tcpip - ok
18:10:32.0609 0x17b8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
18:10:32.0765 0x17b8  TDPIPE - ok
18:10:32.0812 0x17b8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
18:10:32.0953 0x17b8  TDTCP - ok
18:10:32.0984 0x17b8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
18:10:33.0125 0x17b8  TermDD - ok
18:10:33.0343 0x17b8  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:10:33.0953 0x17b8  TermService - ok
18:10:34.0000 0x17b8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
18:10:34.0062 0x17b8  Themes - ok
18:10:34.0156 0x17b8  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
18:10:34.0296 0x17b8  TlntSvr - ok
18:10:34.0312 0x17b8  TosIde - ok
18:10:34.0375 0x17b8  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
18:10:34.0531 0x17b8  TrkWks - ok
18:10:34.0562 0x17b8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
18:10:34.0671 0x17b8  Udfs - ok
18:10:34.0671 0x17b8  ultra - ok
18:10:34.0734 0x17b8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
18:10:34.0843 0x17b8  Update - ok
18:10:34.0875 0x17b8  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:10:34.0984 0x17b8  upnphost - ok
18:10:35.0015 0x17b8  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
18:10:35.0125 0x17b8  UPS - ok
18:10:35.0187 0x17b8  [ 9B01CE1EDA6AD1ACFD4F865D6CB0A790, 61B57E2B6189F7DC5E5256F1D3A1CBE019DFD078FC2D4F3F8035FA036B4A45B0 ] USB28xxBGA      C:\WINDOWS\system32\DRIVERS\emBDA.sys
18:10:35.0234 0x17b8  USB28xxBGA - detected UnsignedFile.Multi.Generic ( 1 )
18:10:37.0703 0x17b8  Detect skipped due to KSN trusted
18:10:37.0703 0x17b8  USB28xxBGA - ok
18:10:37.0734 0x17b8  [ C93E4F6BD1CBD163662E7C9BE021B895, C2A3D81202CB33D64E0A878A1AA4BA2EB0F9C893504E522E9F4D8AF0A1BC7454 ] USB28xxOEM      C:\WINDOWS\system32\DRIVERS\emOEM.sys
18:10:37.0750 0x17b8  USB28xxOEM - detected UnsignedFile.Multi.Generic ( 1 )
18:10:40.0218 0x17b8  Detect skipped due to KSN trusted
18:10:40.0218 0x17b8  USB28xxOEM - ok
18:10:40.0265 0x17b8  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
18:10:40.0437 0x17b8  USBAAPL - ok
18:10:40.0484 0x17b8  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:10:40.0609 0x17b8  usbccgp - ok
18:10:40.0640 0x17b8  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:10:40.0750 0x17b8  usbehci - ok
18:10:40.0781 0x17b8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:10:40.0890 0x17b8  usbhub - ok
18:10:40.0906 0x17b8  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:10:41.0015 0x17b8  usbprint - ok
18:10:41.0062 0x17b8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:10:41.0156 0x17b8  USBSTOR - ok
18:10:41.0156 0x17b8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:10:41.0265 0x17b8  usbuhci - ok
18:10:41.0281 0x17b8  [ B6CC50279D6CD28E090A5D33244ADC9A, 1A861FBC6215A281EB66A0B63F39913EB2F5F39A70306943C4D4BE404B59E0F0 ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
18:10:41.0406 0x17b8  usb_rndisx - ok
18:10:41.0421 0x17b8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
18:10:41.0500 0x17b8  VgaSave - ok
18:10:41.0515 0x17b8  ViaIde - ok
18:10:41.0531 0x17b8  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
18:10:41.0687 0x17b8  VolSnap - ok
18:10:41.0718 0x17b8  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
18:10:41.0843 0x17b8  VSS - ok
18:10:41.0921 0x17b8  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
18:10:42.0031 0x17b8  W32Time - ok
18:10:42.0046 0x17b8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:10:42.0140 0x17b8  Wanarp - ok
18:10:42.0171 0x17b8  [ 46A247F6617526AFE38B6F12F5512120, 24931910E3D678829A7A6CF1140CFE428E05057A4D3A14086ED66B884E847D2D ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
18:10:42.0218 0x17b8  wceusbsh - ok
18:10:42.0250 0x17b8  [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:10:42.0281 0x17b8  Wdf01000 - ok
18:10:42.0281 0x17b8  WDICA - ok
18:10:42.0750 0x17b8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
18:10:42.0875 0x17b8  wdmaud - ok
18:10:42.0890 0x17b8  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:10:43.0015 0x17b8  WebClient - ok
18:10:43.0140 0x17b8  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:10:43.0250 0x17b8  winmgmt - ok
18:10:43.0640 0x17b8  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:10:43.0781 0x17b8  wlidsvc - ok
18:10:43.0859 0x17b8  [ 5D410936831F7FB58EFF941EAC3F6D3D, 5A1E769F75562802CC0EAA44215501925EA4C260AD7A975CEE4AB8DCA2BB82C9 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
18:10:43.0875 0x17b8  WmBEnum - ok
18:10:43.0906 0x17b8  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
18:10:43.0937 0x17b8  WmdmPmSN - ok
18:10:43.0984 0x17b8  [ 7A13CFDE92956CA61A0927D766C5AD4F, 96B337903B7E59A7D60FE4A27064A993EF244D3D736016FFC13465C8F44068F8 ] WmFilter        C:\WINDOWS\system32\drivers\WmFilter.sys
18:10:44.0000 0x17b8  WmFilter - ok
18:10:44.0031 0x17b8  [ 1F596392149CAC51F7C095AF7D533934, 7D8649D951E7719DE49B5E7BA4296A0736753A73FE30A45F96F370ADD81E6B2B ] WmHidLo         C:\WINDOWS\system32\drivers\WmHidLo.sys
18:10:44.0046 0x17b8  WmHidLo - ok
18:10:44.0125 0x17b8  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
18:10:44.0234 0x17b8  Wmi - ok
18:10:44.0265 0x17b8  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:10:44.0578 0x17b8  WmiApSrv - ok
18:10:44.0656 0x17b8  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
18:10:44.0828 0x17b8  WMPNetworkSvc - ok
18:10:44.0859 0x17b8  [ 8FC4FD35C7FB8819D902C98B1F47D5D7, AD7E98FF8010A32DDDB137ED1D6A6FA0A85B1EDB9FFBE90B2B7A84B9BBA13AD6 ] WmUsbHid        C:\WINDOWS\system32\drivers\WmUsbHid.sys
18:10:44.0875 0x17b8  WmUsbHid - detected UnsignedFile.Multi.Generic ( 1 )
18:10:47.0343 0x17b8  WmUsbHid ( UnsignedFile.Multi.Generic ) - warning
18:10:49.0796 0x17b8  [ 6F04646BC690F8BBFC344BE32A60796D, DE2B4BE88CE38D6297F58BE2C643A3838C0470E2E3AB6289755E39B5E59061D7 ] WmVirHid        C:\WINDOWS\system32\drivers\WmVirHid.sys
18:10:49.0828 0x17b8  WmVirHid - ok
18:10:49.0859 0x17b8  [ 1D6CA43D562333F4DFB40BCEF2453F3A, BEEC5587ACE8ABF1DB0B9B68E43B29082AA2F4A6415CEC8536086944D506A704 ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
18:10:49.0875 0x17b8  WmXlCore - ok
18:10:49.0906 0x17b8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:10:50.0000 0x17b8  WS2IFSL - ok
18:10:50.0046 0x17b8  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
18:10:50.0218 0x17b8  wscsvc - ok
18:10:50.0250 0x17b8  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:10:50.0359 0x17b8  WSTCODEC - ok
18:10:50.0546 0x17b8  [ FFD80DC0CDA145C3376A5076360162C8, 2DA34929DC416164A001B7C711D7CF1046FAE53F8B31697F3EC4AF75C45163E5 ] WtuSystemSupport C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
18:10:50.0640 0x17b8  WtuSystemSupport - ok
18:10:50.0671 0x17b8  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
18:10:50.0781 0x17b8  wuauserv - ok
18:10:50.0812 0x17b8  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:10:50.0875 0x17b8  WudfPf - ok
18:10:50.0906 0x17b8  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:10:50.0937 0x17b8  WudfRd - ok
18:10:50.0953 0x17b8  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
18:10:51.0015 0x17b8  WudfSvc - ok
18:10:51.0093 0x17b8  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
18:10:51.0203 0x17b8  WZCSVC - ok
18:10:51.0234 0x17b8  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
18:10:51.0453 0x17b8  xmlprov - ok
18:10:51.0625 0x17b8  [ 74EC37B9EAF9FCA015B933A526825C7A, E75D73422B4383210F912B424377D5F2DBBF0E9418A2F450636B689572B1B9F6 ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
18:10:51.0656 0x17b8  {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
18:10:51.0671 0x17b8  ================ Scan global ===============================
18:10:51.0703 0x17b8  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
18:10:51.0750 0x17b8  [ 8C7DCA4B158BF16894120786A7A5F366, E232E82B45412A636F936567036CB966F28F5C3730982145B8A8239B485E4A7E ] C:\WINDOWS\system32\winsrv.dll
18:10:51.0781 0x17b8  [ 8C7DCA4B158BF16894120786A7A5F366, E232E82B45412A636F936567036CB966F28F5C3730982145B8A8239B485E4A7E ] C:\WINDOWS\system32\winsrv.dll
18:10:51.0812 0x17b8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
18:10:51.0812 0x17b8  [ Global ] - ok
18:10:51.0812 0x17b8  ================ Scan MBR ==================================
18:10:51.0843 0x17b8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:10:52.0187 0x17b8  \Device\Harddisk0\DR0 - ok
18:10:52.0203 0x17b8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:10:52.0234 0x17b8  \Device\Harddisk1\DR1 - ok
18:10:52.0234 0x17b8  ================ Scan VBR ==================================
18:10:52.0234 0x17b8  [ 39B7B72D0FC98E6A33F622B19DB87B55 ] \Device\Harddisk0\DR0\Partition1
18:10:52.0281 0x17b8  \Device\Harddisk0\DR0\Partition1 - ok
18:10:52.0296 0x17b8  [ A22A7A985F1CD9178222C948B63E929A ] \Device\Harddisk1\DR1\Partition1
18:10:52.0359 0x17b8  \Device\Harddisk1\DR1\Partition1 - ok
18:10:52.0359 0x17b8  ================ Scan generic autorun ======================
18:10:52.0437 0x17b8  [ 47BBA427E91CBB98E41A17B38644987C, A65BF90C1B6D4C6222745888CCE917A73CB39477BB392E6CA31DDF5833C15D52 ] C:\WINDOWS\JM\JMInsIDE.exe
18:10:52.0468 0x17b8  JMB36X IDE Setup - detected UnsignedFile.Multi.Generic ( 1 )
18:10:55.0062 0x17b8  Detect skipped due to KSN trusted
18:10:55.0062 0x17b8  JMB36X IDE Setup - ok
18:10:57.0609 0x17b8  [ 0DBB93CA5365E00633980CE855203E7A, 53892188AA39DBB410DBBB22CC4E8D7DA9DFE7AE8F312BED680CF51C6F2CE86C ] C:\WINDOWS\system32\JMRaidSetup.exe
18:11:01.0062 0x17b8  Suspicious file ( NoAccess ): C:\WINDOWS\system32\JMRaidSetup.exe. md5: 0DBB93CA5365E00633980CE855203E7A, sha256: 53892188AA39DBB410DBBB22CC4E8D7DA9DFE7AE8F312BED680CF51C6F2CE86C
18:11:01.0109 0x17b8  36X Raid Configurer - detected LockedFile.Multi.Generic ( 1 )
18:11:03.0640 0x17b8  36X Raid Configurer ( LockedFile.Multi.Generic ) - warning
18:11:06.0171 0x17b8  P17Helper - ok
18:11:06.0203 0x17b8  [ F6D01B49CEFE36286A1FD8BAE8F2D6A3, 366E99603FBA0F7FF7F7564B062AC1CD51113E679E71C39F8C72FCD89AF85AC5 ] C:\WINDOWS\KHALMNPR.EXE
18:11:06.0734 0x17b8  Kernel and Hardware Abstraction Layer - ok
18:11:06.0734 0x17b8  BluetoothAuthenticationAgent - ok
18:11:06.0937 0x17b8  [ FD89A30C8A9FF4929ABC5039E6A527A4, CD736791E181E5843BB0CC3E4D2D5538C092E1954AFD9FDF62A8D8D49BDD7645 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
18:11:06.0953 0x17b8  AppleSyncNotifier - ok
18:11:07.0046 0x17b8  [ 93DB1FF92B03D24738A71E6E4992DFD3, 56951284A1BBF201806A1A5610D6316DA33FC92A4E7DA5A989FD7C7FE2F7672C ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
18:11:07.0062 0x17b8  SunJavaUpdateSched - ok
18:11:07.0109 0x17b8  [ 4D128258DC1DA18EA48FDA75CA8FB294, 9295170BF1DA1A4326B9083ACB3B6C3AA8D2A88A8F1F76D5AEE085C6FF6E70FA ] C:\Program Files\Cyberlink\Shared files\brs.exe
18:11:07.0140 0x17b8  BDRegion - ok
18:11:07.0203 0x17b8  [ 22EC0852DBF032A93D8DA697065FA189, 83A613C3C615EBCDAD32DF5CFFAD11642198D209AA5E22233DDDB517697070DA ] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
18:11:07.0453 0x17b8  RemoteControl10 - ok
18:11:07.0468 0x17b8  NvMediaCenter - ok
18:11:07.0500 0x17b8  NvCplDaemon - ok
18:11:07.0937 0x17b8  [ 8C2DB4B2962D47DF7F21935DBEAF5E88, 1691E5837F334856F68E90FAD04575F8FD6B1DADF28621B0F53933E5EA5575E6 ] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
18:11:08.0250 0x17b8  nwiz - ok
18:11:08.0953 0x17b8  [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files\QuickTime\qttask.exe
18:11:09.0406 0x17b8  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
18:11:11.0859 0x17b8  Detect skipped due to KSN trusted
18:11:11.0859 0x17b8  QuickTime Task - ok
18:11:11.0953 0x17b8  [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
18:11:11.0968 0x17b8  Adobe Reader Speed Launcher - ok
18:11:12.0062 0x17b8  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:11:12.0156 0x17b8  Adobe ARM - ok
18:11:12.0281 0x17b8  [ 09E60B4FE341A94A300830C008907099, 5F07868953FAA8FFA9E6477F6BAC52DEEDF3EA4A3F8AF5B4E15878D8240223AB ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
18:11:12.0296 0x17b8  APSDaemon - ok
18:11:13.0140 0x17b8  [ 06964B7DE858BB6317164BF184E9C766, ADE3D2A7256A8F3F11B6E35979413850EB22B9BBADCE3EC73BE04A1622512126 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
18:11:15.0375 0x17b8  AvastUI.exe - ok
18:11:15.0515 0x17b8  [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files\iTunes\iTunesHelper.exe
18:11:15.0546 0x17b8  iTunesHelper - ok
18:11:16.0968 0x17b8  [ 9F22AF691BB098BA98951BC3DFDD779A, E52F319D82A40A3A016C9A3624B940B97FF15C6A26229B69645C279704DDD0C9 ] C:\Program Files\AVG\AVG2015\avgui.exe
18:11:17.0656 0x17b8  AVG_UI - ok
18:11:17.0671 0x17b8  UserFaultCheck - ok
18:11:17.0953 0x17b8  [ 5515EB5E3A8B073F66CFC697EB0D4B55, 308B2996AC15268D4D2B5AECD91E6B5BBEBB9A659AC0188C781B8E3E414923CD ] C:\Program Files\Microsoft ActiveSync\wcescomm.exe
18:11:18.0046 0x17b8  H/PC Connection Agent - ok
18:11:18.0578 0x17b8  [ BE0186C2984A1A04E84FF94EE07ACA0C, FDDDAE41ED5A7CAA4F2FEDCF1288F24FA91E1D229D363A4DE28B50DF66EBE7D9 ] C:\Program Files\MyDrive Connect\MyDriveConnect.exe
18:11:18.0906 0x17b8  MyDriveConnect.exe - ok
18:11:18.0984 0x17b8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
18:11:19.0093 0x17b8  ctfmon.exe - ok
18:11:19.0109 0x17b8  [ 7EAED08CCCA4DDDE61A388C82598CFA9, 1995067478C8C04BDAAC030C380BE59BB6BEFAE715C8BED74E7A05C40586707B ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
18:11:19.0140 0x17b8  WMPNSCFG - ok
18:11:19.0281 0x17b8  AceWebException - ok
18:11:19.0281 0x17b8  Waiting for KSN requests completion. In queue: 7
18:11:20.0281 0x17b8  Waiting for KSN requests completion. In queue: 7
18:11:21.0281 0x17b8  Waiting for KSN requests completion. In queue: 7
18:11:22.0437 0x17b8  AV detected via SS1: AVG AntiVirus Free Edition 2015, 2015.0, enabled, updated
18:11:22.0437 0x17b8  AV detected via SS1: avast! Antivirus, 5.0.150997159, enabled, updated
18:11:22.0437 0x17b8  Win FW state via NFM: enabled
18:11:25.0343 0x17b8  ============================================================
18:11:25.0343 0x17b8  Scan finished
18:11:25.0343 0x17b8  ============================================================
18:11:25.0343 0x17b0  Detected object count: 3
18:11:25.0343 0x17b0  Actual detected object count: 3
18:11:43.0234 0x17b0  SbcpHid ( UnsignedFile.Multi.Generic ) - skipped by user
18:11:43.0234 0x17b0  SbcpHid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:11:43.0234 0x17b0  WmUsbHid ( UnsignedFile.Multi.Generic ) - skipped by user
18:11:43.0234 0x17b0  WmUsbHid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:11:43.0234 0x17b0  36X Raid Configurer ( LockedFile.Multi.Generic ) - skipped by user
18:11:43.0234 0x17b0  36X Raid Configurer ( LockedFile.Multi.Generic ) - User select action: Skip 


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 AM

Posted 12 April 2015 - 12:16 PM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM Group Policy restriction on software: C:\Program Files\AVG 
    HKLM Group Policy restriction on software: C:\Program Files\AVG 
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    HKU\S-1-5-21-1220945662-179605362-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Thriller2

Thriller2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 12 April 2015 - 12:31 PM

thanks!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-04-2015
Ran by John at 2015-04-12 18:18:58 Run:1
Running from C:\Documents and Settings\John\Desktop
Loaded Profiles: John (Available profiles: John)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM Group Policy restriction on software: C:\Program Files\AVG 
HKLM Group Policy restriction on software: C:\Program Files\AVG 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-1220945662-179605362-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: 
 
Policy restriction 
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
*****************
 
Processes closed successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1220945662-179605362-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" 
 
=> Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted 
 
successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted 
 
successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted 
 
successfully.
"HKU\S-1-5-21-1220945662-179605362-839522115-1003\SOFTWARE\Microsoft\Internet 
 
Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. 
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:20:52 ====
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by John (administrator) on JOHN on 12-04-2015 18:29:36
Running from C:\Documents and Settings\John\Desktop
Loaded Profiles: John (Available profiles: John)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United 
 
States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\Maxthon4\Bin\Maxthon.exe" 
 
"%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 
 
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(cyberlink) C:\Program Files\CyberLink\Shared Files\brs.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device 
 
Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\rapimgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cerulean Studios) C:\Program Files\Trillian\trillian.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
(Solid Documents, LLC) C:\WINDOWS\Installer\MSI8C.tmp
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgdumpx.exe
() C:\Program Files\Trillian\plugins\skypekit.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon4\Bin\Maxthon.exe
(Microsoft Corporation) C:\WINDOWS\system32\drwtsn32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. 
 
The file will not be moved.)
 
HKLM\...\Run: [JMB36X IDE Setup] => C:\WINDOWS\JM\JMInsIDE.exe [36864 2006-10-30] ()
HKLM\...\Run: [36X Raid Configurer] => C:\WINDOWS\system32\JMRaidSetup.exe [1953792 2007-02-06] 
 
(Gigabyte Technology Corp.)
HKLM\...\Run: [P17Helper] => Rundll32 P17.dll,P17Helper
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [56080 
 
2007-04-11] (Logitech Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe 
 
bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device 
 
Support\AppleSyncNotifier.exe [47392 2010-03-16] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe 
 
[248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-04-02] 
 
(cyberlink)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 
 
2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-08-26] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple 
 
Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 
 
9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 
 
2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application 
 
Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 
 
2015-04-11] (Avast Software s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] 
 
(Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG 
 
Technologies CZ, s.r.o.)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [H/PC Connection Agent] => C:\Program 
 
Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [MyDriveConnect.exe] => C:\Program 
 
Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows 
 
Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-179605362-839522115-1003\...\Run: [AceWebException] => C:\Documents and 
 
Settings\John\Application Data\AceWebExtension\updater\ace_web_extension.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech 
 
Inc.)
Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program 
 
Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to 
 
default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start 
 
Page = 
 
 
18eb90b-dc5fa2e1e72bbe4e1a511e1f9e8542de4064cf77&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d
 
=2015-04-12 13:40:15&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search 
 
Page = 
 
HKU\S-1-5-21-1220945662-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search 
 
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
 
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{5F4764C9-A953-44D8-BA81-4C334ADB8090} URL = 
 
 
=&toolid=10001&campid=5336017972&type=3
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035} URL = 
 
 
e=9325&linkCode=ur2&ie=UTF-8
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{7E8A4B92-CE05-4B40-92D2-4B8A0F636CD5} URL = 
 
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
 
 
1450a218eb90b-dc5fa2e1e72bbe4e1a511e1f9e8542de4064cf77&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pi&p
 
r=fr&d=2015-04-12 13:40:15&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1220945662-179605362-839522115-1003 -> 
 
{9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common 
 
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program 
 
Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft 
 
Corporation)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program 
 
Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll [2009-11-03] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program 
 
Files\Java\jre6\bin\jp2ssv.dll [2010-09-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program 
 
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-08] (Sun Microsystems, Inc.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} 
 
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} 
 
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} 
 
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} 
 
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 
 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} 
 
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - 
 
C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll 
 
[2014-02-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS 
 
Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google 
 
Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll 
 
[2014-01-06] (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll 
 
[2010-09-08] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows 
 
Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program 
 
Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program 
 
Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] 
 
(Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> 
 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application 
 
Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> 
 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application 
 
Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1220945662-179605362-839522115-1003: 
 
@acestream.net/acestreamplugin,version=3.0.2 -> C:\Documents and Settings\John\Application 
 
Data\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1220945662-179605362-839522115-1003: @Google.com/GoogleEarthPlugin -> 
 
C:\Documents and Settings\John\Local Settings\Application Data\Google\Google 
 
Earth\plugin\npgeplugin.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - 
 
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows 
 
Presentation Foundation\DotNetAssistantExtension [2009-05-04]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-09-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-21]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Google Drive) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21]
CHR Extension: (YouTube) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21]
CHR Extension: (Google Search) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\John\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\John\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Gmail) - C:\Documents and Settings\John\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST 
 
Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file 
 
will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-11] (Avast 
 
Software s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG 
 
Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, 
 
s.r.o.)
S2 gupdate1c98578cbd7373e; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-25] 
 
(Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-09-08] (Sun 
 
Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-05-24] (Lexmark International, Inc.)
R2 SCPDFReadSpool; C:\WINDOWS\Installer\MSI8C.tmp [189760 2014-05-06] (Solid Documents, LLC)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-12] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file 
 
will not be moved unless listed separately.)
 
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2008-07-26] (Meetinghouse Data 
 
Communications) [File not signed]
S3 AF05BDA; C:\WINDOWS\System32\drivers\AF05BDA.sys [133504 2006-03-02] (AfaTech                  
 
)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-11] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-04-11] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-11] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-11] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-04-11] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427736 2015-04-11] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-11] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208024 2015-04-11] ()
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, 
 
s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [209376 2015-03-25] (AVG 
 
Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, 
 
s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies 
 
CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, 
 
s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, 
 
s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, 
 
s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, 
 
s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, 
 
s.r.o.)
S3 Belkin700F; C:\WINDOWS\System32\DRIVERS\BLKWGDv7.sys [303616 2006-10-19] (Belkin Corporation.   
 
                       )
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DCamUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emDevice.sys [100957 2004-04-06] (eMPIA Technology, 
 
Inc.)
S3 emAudio; C:\WINDOWS\System32\drivers\emAudio.sys [19712 2004-04-26] (eMPIA Technology, Inc.)
R3 fcdabus; C:\WINDOWS\System32\DRIVERS\fcdabus.sys [17840 2006-11-09] (FarStone Inc.)
S3 FiltUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emFilter.sys [5245 2004-04-06] (eMPIA Technology, 
 
Inc.)
R3 fsRamDsk; C:\WINDOWS\System32\DRIVERS\fsRamDsk.sys [37120 2006-11-09] () [File not signed]
R0 FVXSCSI; C:\WINDOWS\System32\DRIVERS\fvxscsi.sys [81944 2007-01-26] (FarStone Inc.)
S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2007-10-05] (Windows ® 2000 DDK provider)
R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [44928 2007-02-16] (JMicron Technology Corp.)
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28688 2007-04-11] (Logitech, Inc.)
S3 LwUsbHid; C:\WINDOWS\System32\DRIVERS\LwUsbHid.sys [22848 2001-08-17] (Logitech Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 OVT511Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision 
 
Technologies, Inc.) [File not signed]
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1389056 2005-07-07] (Creative Technology Ltd.)
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [483968 2007-07-28] (Ralink Technology, Corp.)
S3 RTL2831UBDA; C:\WINDOWS\System32\drivers\RTL2831UBDA.sys [94112 2008-01-31] (REALTEK 
 
SEMICONDUCTOR Corp.)
S3 RTL2831UUSB; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys [32800 2008-01-31] (REALTEK 
 
SEMICONDUCTOR Corp.)
S3 SbcpHid; C:\WINDOWS\system32\Drivers\SbcpHid.sys [22400 2001-08-23] () [File not signed]
S3 ScanUSBEMPIA; C:\WINDOWS\System32\DRIVERS\emScan.sys [4493 2004-04-06] (eMPIA Technology, Inc.)
S3 SjyPkt; C:\WINDOWS\System32\Drivers\SjyPkt.sys [13532 2002-10-02] (Windows ® 2000 DDK 
 
provider) [File not signed]
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [361728 2007-01-29] (eMPIA Technology, Inc.) 
 
[File not signed]
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [39680 2007-01-29] (eMPIA Technology, Inc.) 
 
[File not signed]
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
S3 WmUsbHid; C:\WINDOWS\System32\drivers\WmUsbHid.sys [22944 2004-05-19] (Logitech Inc.) [File not 
 
signed]
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl 
 
[87536 2010-04-02] (CyberLink Corp.)
S3 catchme; \??\C:\commy\catchme.sys [X]
S3 GTNDIS5; \??\C:\PROGRA~1\Belkin\F5D900~1\GTNDIS5.SYS [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file 
 
could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 18:18 - 2015-04-12 18:18 - 00000000 ____D () C:\Documents and 
 
Settings\John\Desktop\FRST-OlderVersion
2015-04-12 18:07 - 2015-04-12 18:07 - 04197016 _____ (Kaspersky Lab ZAO) C:\Documents and 
 
Settings\John\Desktop\tdsskiller.exe
2015-04-12 17:51 - 2015-04-12 17:51 - 00001068 _____ () C:\Documents and 
 
Settings\John\Desktop\mbam2.txt
2015-04-12 15:40 - 2015-04-12 15:42 - 00032668 _____ () C:\Documents and 
 
Settings\John\Desktop\Addition.txt
2015-04-12 15:38 - 2015-04-12 18:30 - 00024442 _____ () C:\Documents and 
 
Settings\John\Desktop\FRST.txt
2015-04-12 15:34 - 2015-04-12 15:35 - 00007386 _____ () C:\Documents and 
 
Settings\John\Desktop\AdwCleaner[S0].txt
2015-04-12 15:31 - 2015-04-12 15:31 - 00000340 _____ () C:\avenger.txt
2015-04-12 15:27 - 2015-04-12 15:35 - 00022195 _____ () C:\Documents and 
 
Settings\John\Desktop\mbam.txt
2015-04-12 15:15 - 2015-04-12 18:18 - 01135616 _____ (Farbar) C:\Documents and 
 
Settings\John\Desktop\FRST.exe
2015-04-12 15:15 - 2015-04-12 15:15 - 02217984 _____ () C:\Documents and 
 
Settings\John\Desktop\adwcleaner_4.201.exe
2015-04-12 15:09 - 2015-04-12 15:30 - 00000000 ____D () C:\AdwCleaner
2015-04-12 14:59 - 2015-04-12 14:59 - 00000917 _____ () C:\Documents and 
 
Settings\John\Desktop\Revo Uninstaller.lnk
2015-04-12 14:59 - 2015-04-12 14:59 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-12 14:41 - 2015-04-12 14:41 - 00350080 _____ (AVAST Software) C:\Documents and 
 
Settings\John\Desktop\aswCmnBS.dll
2015-04-12 14:26 - 2015-04-12 15:44 - 00119512 _____ (Malwarebytes Corporation) 
 
C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 14:26 - 2015-04-12 14:26 - 00000777 _____ () C:\Documents and Settings\All 
 
Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-12 14:26 - 2015-04-12 14:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-12 14:26 - 2015-04-12 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Malwarebytes Anti-Malware
2015-04-12 14:26 - 2015-03-17 06:15 - 00120024 _____ (Malwarebytes Corporation) 
 
C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-12 14:26 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) 
 
C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-12 14:25 - 2015-04-12 14:25 - 21540440 _____ (Malwarebytes Corporation ) C:\Documents and 
 
Settings\John\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-12 14:13 - 2009-07-12 00:05 - 00225280 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcm90.dll
2015-04-12 14:13 - 2009-07-12 00:05 - 00059904 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfcm90u.dll
2015-04-12 14:13 - 2009-07-12 00:05 - 00059904 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfcm90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 03780424 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90u.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 03765048 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00653120 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcr90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00569664 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcp90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00159032 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\atl90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00063296 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90deu.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00062800 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90fra.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00061776 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90esn.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00061760 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90esp.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00061264 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90ita.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00059728 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90rus.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00053568 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90enu.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00051008 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\vcomp90.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00043344 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90jpn.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00042832 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90kor.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00036688 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90cht.dll
2015-04-12 14:13 - 2009-07-12 00:02 - 00035648 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc90chs.dll
2015-04-12 14:13 - 2006-12-02 01:46 - 00065536 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\vcomp.dll
2015-04-12 14:13 - 2006-12-02 01:26 - 00057856 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfcm80u.dll
2015-04-12 14:13 - 2006-12-02 01:25 - 01101824 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80.dll
2015-04-12 14:13 - 2006-12-02 01:25 - 01093120 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80u.dll
2015-04-12 14:13 - 2006-12-02 01:25 - 00069632 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfcm80.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00065536 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80DEU.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00061440 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80ITA.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00061440 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80FRA.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00061440 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80ESP.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00057344 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80ENU.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00049152 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80KOR.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00049152 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80JPN.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00045056 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80CHT.dll
2015-04-12 14:13 - 2006-12-02 01:08 - 00040960 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\mfc80CHS.dll
2015-04-12 14:13 - 2006-12-01 23:56 - 00096256 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\ATL80.dll
2015-04-12 14:13 - 2006-12-01 23:54 - 00626688 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcr80.dll
2015-04-12 14:13 - 2006-12-01 23:54 - 00548864 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcp80.dll
2015-04-12 14:13 - 2006-12-01 23:54 - 00479232 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\msvcm80.dll
2015-04-12 13:59 - 2015-04-12 14:01 - 00000000 ____D () C:\Documents and 
 
Settings\John\Desktop\workdir
2015-04-12 13:44 - 2015-04-12 18:29 - 00000000 ____D () C:\FRST
2015-04-12 13:40 - 2015-04-12 15:29 - 00000168 _____ () C:\WINDOWS\system32\debug.log
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\John\Local 
 
Settings\Application Data\AVG Web TuneUp
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\John\Application 
 
Data\AVG Web TuneUp
2015-04-12 13:40 - 2015-04-12 13:40 - 00000000 ____D () C:\Documents and Settings\All 
 
Users\Application Data\AVG Web TuneUp
2015-04-12 13:39 - 2015-04-12 13:40 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-04-12 13:31 - 2015-04-12 13:31 - 00000000 ____D () C:\Documents and Settings\John\Application 
 
Data\AVG2015
2015-04-12 13:30 - 2015-04-12 13:30 - 00000702 _____ () C:\Documents and Settings\All 
 
Users\Desktop\AVG 2015.lnk
2015-04-12 13:30 - 2015-04-12 13:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start 
 
Menu\Programs\AVG
2015-04-12 13:29 - 2015-04-12 13:30 - 00000000 ____D () C:\Documents and Settings\All 
 
Users\Application Data\AVG2015
2015-04-12 13:29 - 2015-04-12 13:29 - 00007235 _____ () C:\WINDOWS\setupapi.log
2015-04-12 13:29 - 2015-04-12 13:29 - 00000000 ___HD () C:\$AVG
2015-04-12 13:23 - 2015-04-12 18:25 - 00000000 ____D () C:\Documents and Settings\All 
 
Users\Application Data\MFAData
2015-04-12 13:23 - 2015-04-12 13:31 - 00000000 ____D () C:\Documents and Settings\John\Local 
 
Settings\Application Data\Avg2015
2015-04-12 13:23 - 2015-04-12 13:23 - 04818760 _____ (AVG Technologies) C:\Documents and 
 
Settings\John\Desktop\avg_free_stb_all_5863p1_177.exe
2015-04-12 13:23 - 2015-04-12 13:23 - 00000000 ____D () C:\Documents and Settings\John\Local 
 
Settings\Application Data\MFAData
2015-04-12 13:10 - 2015-04-12 13:10 - 00001689 _____ () C:\Documents and Settings\All 
 
Users\Desktop\Avast Free Antivirus.lnk
2015-04-12 13:10 - 2015-04-12 13:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Google Chrome
2015-04-12 13:07 - 2015-04-11 16:09 - 00291312 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\aswBoot.exe
2015-04-11 16:10 - 2015-04-11 16:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start 
 
Menu\Programs\AVAST Software
2015-04-11 16:09 - 2015-04-11 16:09 - 00043112 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\avastSS.scr
2015-04-05 20:39 - 2015-04-05 20:39 - 00062158 _____ () C:\Documents and 
 
Settings\John\Desktop\RealFeel101612.rar
2015-04-05 12:20 - 2015-04-11 12:36 - 00000000 ____D () C:\Documents and 
 
Settings\John\Desktop\Heaving airfoil Toni
2015-04-02 08:51 - 2015-04-01 21:08 - 06821496 _____ (TomTom International B.V.) C:\Documents and 
 
Settings\John\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2015-03-25 11:24 - 2015-03-25 11:24 - 00209376 _____ (AVG Technologies CZ, s.r.o.) 
 
C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-03-21 13:37 - 2015-03-21 13:37 - 00000116 _____ () C:\WINDOWS\ConverterCore.INI
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 18:29 - 2007-10-05 14:20 - 00000000 ____D () C:\Documents and Settings\John\Local 
 
Settings\Temp
2015-04-12 18:26 - 2014-07-21 23:10 - 00000326 ____H () C:\WINDOWS\Tasks\avast! Emergency 
 
Update.job
2015-04-12 18:26 - 2007-10-05 14:15 - 01443541 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-12 18:24 - 2009-07-01 00:59 - 00000882 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 18:24 - 2007-10-05 15:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-12 18:24 - 2007-10-05 15:10 - 00000000 _____ () C:\WINDOWS\wiaservc.log
2015-04-12 18:24 - 2007-10-05 14:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-12 18:21 - 2014-07-20 23:27 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat
2015-04-12 18:21 - 2007-10-05 14:19 - 00032618 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-12 17:52 - 2009-07-01 00:59 - 00000886 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 17:43 - 2014-02-07 21:38 - 00000998 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-04-12 15:31 - 2009-04-03 18:30 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2015-04-12 15:27 - 2008-12-18 23:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960714$
2015-04-12 14:10 - 2011-07-31 20:01 - 00000000 ____D () C:\Program Files\Trillian
2015-04-12 13:45 - 2007-10-06 11:38 - 00012831 _____ () C:\Documents and 
 
Settings\John\Desktop\notes.txt
2015-04-12 13:28 - 2009-03-30 00:34 - 00000000 ____D () C:\Program Files\AVG
2015-04-12 13:09 - 2007-11-04 15:10 - 00000000 ____D () C:\Program Files\Google
2015-04-12 12:55 - 2004-08-04 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-12 01:10 - 2014-10-18 15:57 - 00000000 ____D () C:\Documents and Settings\John\Application 
 
Data\.ACEStream
2015-04-11 20:43 - 2014-02-07 21:38 - 00000946 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-04-11 16:15 - 2014-10-18 15:57 - 00000000 ___HD () C:\_acestream_cache_
2015-04-11 16:09 - 2014-07-21 23:07 - 00788272 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00427736 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00208024 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00073440 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00057888 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00055200 _____ (Avast Software s.r.o.) 
 
C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-11 16:09 - 2014-07-21 23:07 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-07 23:17 - 2015-01-31 12:44 - 00020307 _____ () C:\Documents and 
 
Settings\John\Desktop\hackdiet_db.csv
2015-04-05 19:02 - 2011-04-18 23:41 - 00027186 _____ () C:\Documents and Settings\John\My 
 
Documents\££.xlsx
2015-04-02 08:52 - 2007-10-05 15:08 - 00513676 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-29 23:00 - 2007-11-03 19:27 - 00000000 ____D () C:\Documents and Settings\John\Application 
 
Data\Skype
2015-03-25 21:32 - 2012-09-02 19:39 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-24 21:07 - 2007-10-05 15:07 - 00189425 _____ () C:\WINDOWS\setupact.log
2015-03-21 11:53 - 2014-09-28 09:43 - 00000000 ___RD () C:\Program Files\Skype
2015-03-21 11:53 - 2007-11-03 19:27 - 00000000 ____D () C:\Documents and Settings\All 
 
Users\Application Data\Skype
 
==================== Files in the root of some directories =======
 
2009-08-09 19:43 - 2009-08-09 19:43 - 0002528 _____ () C:\Documents and Settings\John\Application 
 
Data\$_hpcst$.hpc
2009-11-10 12:48 - 2009-11-10 12:48 - 23373120 _____ (Solid Documents, LLC) C:\Documents and 
 
Settings\John\Application Data\solidconverterpdf.exe
2007-10-28 20:52 - 2015-01-11 14:09 - 0179200 _____ () C:\Documents and Settings\John\Local 
 
Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-29 21:11 - 2013-01-29 21:11 - 0026900 _____ () C:\Documents and Settings\John\Local 
 
Settings\Application Data\dt.dat
 
Some content of TEMP:
====================
C:\Documents and Settings\John\Local Settings\Temp\adwcleaner_4.201.exe
C:\Documents and Settings\John\Local Settings\Temp\avast_free_antivirus_setup_online_cnet.exe
C:\Documents and Settings\John\Local Settings\Temp\FRST.exe
C:\Documents and Settings\John\Local Settings\Temp\parctmp.exe
C:\Documents and Settings\John\Local Settings\Temp\powarc150106.exe
C:\Documents and Settings\John\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\John\Local Settings\Temp\revosetup.exe
C:\Documents and Settings\John\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\John\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 AM

Posted 12 April 2015 - 12:37 PM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 2

Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Thriller2

Thriller2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 12 April 2015 - 05:48 PM

It seems AVG now loads and works without any problems. May I ask what the problem was? Did you just remove the restriction policies? Thank you very much for such an efficient response.
 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c6ec840fa739f14682973ae8b07839a0
# engine=23340
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-12 09:11:39
# local_time=2015-04-12 10:11:39 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 30858 116007083 0 0
# scanned=199170
# found=8
# cleaned=0
# scan_time=12326
sh=0C3642F01A56FC66722E8ED9438DDA67DA3BFE88 ft=0 fh=0000000000000000 vn="a variant of 
 
Generik.HLRIMOF trojan" ac=I fn="C:\Documents and Settings\John\My Documents\My 
 
Downloads\HTC\SPB.Backup.v2.0.Incl.Keygen.zip"
sh=4684223518EC1D44318848EDBCD3BE64A108E9CD ft=0 fh=0000000000000000 vn="a variant of 
 
Win32/HackTool.Patcher.H potentially unsafe application" ac=I fn="C:\Documents and 
 
Settings\John\My Documents\My Downloads\My Patches\10.04.Magic.ISO.v4.9.b151.rar"
sh=B8F85FF6CF12625C87A375D03C7EB12D85246593 ft=0 fh=0000000000000000 vn="multiple threats" ac=I 
 
fn="C:\Documents and Settings\John\My Documents\My Downloads\My Patches\Ahead Nero Burning ROM 
 
Reloaded 7[1].10.1.0.rar"
sh=6D230EC5325B80B9E0E03832FE6D2AAD5DE04C46 ft=0 fh=0000000000000000 vn="Win32/Keygen.HB 
 
potentially unsafe application" ac=I fn="C:\Documents and Settings\John\My Documents\My 
 
Downloads\My Programs\MS.Office.2007.Enterprise.English.iso.rar"
sh=3C38F36EF9B9F1DBDAE2B37729DA8AF918BE5562 ft=1 fh=d4668a548c0699ba vn="a variant of 
 
Win32/Adware.ADON potentially unwanted application" ac=I fn="C:\Documents and Settings\John\My 
 
Documents\My Downloads\My Programs\MyPhoneExplorer_Setup_1.6.7.exe"
sh=FD4DD9605A03F619D09B650452E8C81618578B3A ft=1 fh=4c256b24a244bc05 vn="Win32/Toolbar.AskSBar 
 
potentially unwanted application" ac=I fn="C:\Documents and Settings\John\My Documents\My 
 
Downloads\My Programs\Nero-7.10.1.0_eng_trial.exe"
sh=840C476DE035961A74EF112CE20B518E5E9BF7E0 ft=1 fh=ba830cecf96089b1 vn="Win32/OpenCandy 
 
potentially unsafe application" ac=I fn="C:\Documents and Settings\John\My Documents\My 
 
Downloads\My Programs\videora-ipodclassic-503-setup.exe"
sh=FC13A74EA3E09C0CCAFD4CA8ECDD504EFC502903 ft=0 fh=0000000000000000 vn="a variant of 
 
Win32/Keygen.AG potentially unsafe application" ac=I fn="C:\Documents and Settings\John\My 
 
Documents\My Downloads\My Programs\VirtualDrive-Pro11.1-TD.rar"
 
 
Farbar Service Scanner Version: 17-01-2015
Ran by John (administrator) on 12-04-2015 at 23:44:15
Running from "C:\Documents and Settings\John\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.
 
sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".
 
 
System Restore Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
 
Extra List:
=======
AegisP(10) Avgtdix(16) Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(8) Tcpip(4) 
0x0F00000005000000010000000200000003000000040000000F0000000B0000000D00000010000000060000000700000008000000090000000A0000000C000000
IpSec Tag value is correct.
 
**** End of log ****


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 AM

Posted 13 April 2015 - 02:45 AM

goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:27 AM

Posted 17 April 2015 - 11:56 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users