Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Hard Drive Activity, computer very slow


  • This topic is locked This topic is locked
38 replies to this topic

#1 Kiwee

Kiwee

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:07:06 PM

Posted 11 November 2016 - 10:44 PM

For quite some time now my computer has been running very slow and the HDD seem to constantly be busy for days on end.  Someone else on Bleeping Computer has had a quick look at it and has suggested I make a new post in here.

 

Many thanks

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-11-2016
Ran by Markwell Kennels (administrator) on MARKWELL-KENNEL (12-11-2016 14:12:11)
Running from E:\Cleanup2016
Loaded Profiles: Markwell Kennels (Available Profiles: Markwell Kennels & MB & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(brother Industries Ltd) C:\WINDOWS\system32\brsvc01a.exe
(brother Industries Ltd) C:\WINDOWS\system32\brss01a.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\WINDOWS\system32\Brmfrmps.exe
(iTeleport, Inc.) C:\Program Files\iTeleport\iTeleport Connect\iTeleportService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\WINDOWS\system32\MGE\RunSC.exe
() C:\WINDOWS\system32\MGE\PCtl.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\WINDOWS\system32\MGE\BIL.exe
() C:\WINDOWS\system32\MGE\CilUSB.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\type32.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(QUALCOMM Incorporated) E:\Eudora\Eudora.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [type32] => C:\Program Files\Microsoft IntelliType Pro\type32.exe [172032 2004-06-03] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] "C:\\WINDOWS\\system32\\userinit.exe,",
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6889176 2016-09-29] (Piriform Ltd)
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\MountPoints2: {b541bf84-8c5d-11dd-93e3-00123fa26a1a} - K:\WINDOWS\IronKey.exe
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe -update pepperplugin
HKLM\...\AppCertDlls: [dns-etup] -> C:\WINDOWS\system32\fasttdde.dll
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - E:\Eudora\EuShlExt.dll [86016 2006-08-17] (Qualcomm Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-20] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{3D75EFB0-6AD4-46F4-84D4-D745251B1A07}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-26] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28] (Oracle Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/B/E/5BE645ED-2F2D-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130714498265
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} hxxp://us-download.mcafee.com/products/protected/mvt/mvt.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://wixcam.citylink.co.nz//AxisCamControl.ocx
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4938/mcfscan.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Markwell Kennels\Application Data\Mozilla\Firefox\Profiles\a0rvry2j.default [2016-11-12]
FF Homepage: C:\Documents and Settings\Markwell Kennels\Application Data\Mozilla\Firefox\Profiles\a0rvry2j.default -> hxxps://www.tvnz.co.nz/one-news
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-12] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-20]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-20]
FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2011-04-14] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1695126911-3001241122-4096436374-1006: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2005-09-15] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-01-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-01-08] (Apple Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\inspector.js [2005-09-15]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java™ Platform SE 6 U12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll => No File
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Profile: C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-22]
CHR Extension: (Chrome Remote Desktop) - C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-15]
CHR Extension: (Dropdown List of Most Visited Links) - C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah [2013-07-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

Opera:
=======
OPR StartupUrls: "hxxp://www.tvnz.co.nz/"

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-20] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-20] (AVAST Software)
R2 brmfrmps; C:\WINDOWS\system32\Brmfrmps.exe [65536 2003-05-05] (Brother Industries, Ltd.) [File not signed]
R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 chromoting; C:\Program Files\Google\Chrome Remote Desktop\50.0.2661.23\remoting_host.exe [62976 2016-01-27] (Google Inc.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iTeleportService; C:\Program Files\iTeleport\iTeleport Connect\iTeleportService.exe [28160 2012-10-10] (iTeleport, Inc.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-09] (Oracle Corporation)
R2 MGE Service module; C:\WINDOWS\system32\MGE\RunSC.exe [122880 2005-03-29] () [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH)
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation) [File not signed]
S3 UPS; %SystemRoot%\System32\ups2.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2004-08-05] (Microsoft Corporation)
S3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-08-20] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-08-20] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-08-20] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-08-14] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [295840 2016-08-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-08-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-08-20] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-08-20] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-08-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-06-23] (AVG Technologies)
R3 BrScnUsb; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-23] (Adaptec, Inc.) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88080 2005-02-02] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2004-12-23] (Sonic Solutions) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-03-30] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-03-30] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-03-30] (HP)
R2 MASPINT; C:\WINDOWS\system32\Drivers\MASPINT.sys [8224 2002-06-21] (MicroStaff Co.,Ltd.) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-24] (Malwarebytes)
S3 mr8980; C:\WINDOWS\System32\DRIVERS\mr8980.sys [69632 2008-06-23] (Mars Semiconductor Corp.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-11-02] (Intel Corporation ) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-09] (Dell Computer Corporation) [File not signed]
S3 SDDMI2; C:\WINDOWS\system32\DDMI2.sys [6977 2004-06-09] (Gteko Ltd.) [File not signed]
S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [12028800 2007-01-20] ()
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-12-02] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-12-02] (Sonic Solutions) [File not signed]
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2016-02-21] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180864 2005-06-15] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86684 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14877 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-03-16] (Sonic Solutions) [File not signed]
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2014-08-15] (Apple, Inc.) [File not signed]
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 BOCDRIVE; \??\C:\Program Files\NSClean\BOClean\BOCDRIVE.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-12 14:10 - 2016-11-12 14:12 - 00000000 ____D C:\FRST
2016-10-27 14:29 - 2016-11-09 05:29 - 20478144 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-10-24 23:23 - 2016-10-24 23:23 - 00000000 ____D C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\ESET
2016-10-24 23:11 - 2016-10-24 23:11 - 00005261 _____ C:\Documents and Settings\Markwell Kennels\Desktop\JRT.txt
2016-10-24 13:05 - 2016-10-26 11:32 - 00185476 _____ C:\WINDOWS\ntbtlog.txt
2016-10-21 21:07 - 2016-10-24 21:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-21 00:06 - 2016-10-21 00:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-12 14:15 - 2005-10-07 12:30 - 00000000 ____D C:\Documents and Settings\Markwell Kennels\Local Settings\Temp
2016-11-12 14:10 - 2015-07-16 13:34 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-12 14:10 - 2004-08-10 18:02 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-12 13:56 - 2009-08-01 22:55 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-12 13:29 - 2015-11-07 09:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-12 13:00 - 2014-08-02 15:15 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-11-12 12:58 - 2016-01-23 02:08 - 00000474 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1453468110.job
2016-11-12 12:58 - 2014-12-21 11:15 - 00000418 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1419113702.job
2016-11-12 12:58 - 2014-03-18 09:23 - 00000244 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-11-12 12:58 - 2009-08-01 22:55 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-12 12:58 - 2004-08-10 18:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-12 12:58 - 2004-08-10 17:51 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2016-11-12 12:57 - 2014-08-02 15:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-11-12 00:10 - 2004-08-10 18:08 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt
2016-11-10 02:00 - 2011-11-08 19:36 - 00000480 _____ C:\WINDOWS\Tasks\b4a_Main Backup.job
2016-11-09 05:29 - 2012-11-03 12:58 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-11-09 05:29 - 2011-12-26 09:20 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-11-08 21:49 - 2015-12-01 09:42 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-11-08 15:00 - 2014-03-18 09:23 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-11-03 02:00 - 2006-10-17 08:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-10-29 17:22 - 2005-10-07 12:30 - 00000278 ___SH C:\Documents and Settings\Markwell Kennels\ntuser.ini
2016-10-29 17:22 - 2005-10-07 12:30 - 00000000 ____D C:\Documents and Settings\Markwell Kennels
2016-10-29 16:51 - 2014-05-02 10:00 - 00524288 _____ C:\WINDOWS\system32\config\iTelepor.evt
2016-10-24 22:04 - 2014-08-09 11:16 - 00000000 ____D C:\AdwCleaner
2016-10-24 21:36 - 2013-09-06 01:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-10-24 13:10 - 2015-09-07 00:26 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-21 05:22 - 2015-09-07 00:26 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-21 05:22 - 2015-09-07 00:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-21 00:37 - 2014-05-25 20:28 - 00000000 ____D C:\Documents and Settings\Markwell Kennels\Application Data\TeamViewer
2016-10-21 00:35 - 2012-02-11 21:51 - 00000000 ____D C:\Program Files\PDFCreator
2016-10-21 00:12 - 2009-04-22 09:57 - 00000000 ____D C:\WINDOWS\Minidump
2016-10-21 00:06 - 2014-08-12 11:36 - 00000725 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-10-15 22:46 - 2005-10-08 22:15 - 00001125 _____ C:\WINDOWS\winamp.ini
2016-10-13 22:58 - 2014-08-02 15:11 - 00224752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys

==================== Files in the root of some directories =======

2005-10-08 16:08 - 2008-01-09 19:12 - 0001280 _____ () C:\Program Files\INSTALL.LOG
2006-10-15 11:32 - 2006-10-15 11:32 - 0000067 ____R () C:\Documents and Settings\Markwell Kennels\Application Data\nero_photoshow_express_4_us_row.txt
2016-08-20 13:02 - 2016-08-20 13:02 - 0000000 ____H () C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\BIT5C.tmp
2005-10-08 22:48 - 2015-12-23 08:34 - 0235520 _____ () C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-01 14:56 - 2012-12-01 14:56 - 0027520 _____ () C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\dt.dat
2005-10-07 17:23 - 2005-10-07 17:23 - 0000139 _____ () C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\fusioncache.dat
2007-11-16 13:03 - 2007-11-16 13:15 - 0000787 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2006-01-16 08:46 - 2006-01-16 08:46 - 0001755 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
C:\Documents and Settings\Markwell Kennels\Local Settings\Temp\libeay32.dll
C:\Documents and Settings\Markwell Kennels\Local Settings\Temp\msvcr120.dll
C:\Documents and Settings\Markwell Kennels\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Markwell Kennels (12-11-2016 14:17:05)
Running from E:\Cleanup2016
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2005-10-29 21:38:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1695126911-3001241122-4096436374-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.MARKWELL-KENNEL
ASPNET (S-1-5-21-1695126911-3001241122-4096436374-1008 - Limited - Enabled)
Guest (S-1-5-21-1695126911-3001241122-4096436374-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest.MARKWELL-KENNEL
HelpAssistant (S-1-5-21-1695126911-3001241122-4096436374-1005 - Limited - Disabled)
Markwell Kennels (S-1-5-21-1695126911-3001241122-4096436374-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Markwell Kennels
MB (S-1-5-21-1695126911-3001241122-4096436374-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\MB
SUPPORT_388945a0 (S-1-5-21-1695126911-3001241122-4096436374-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: Avast Antivirus (Disabled) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A510 (Version: 70.0.208.000 - Hewlett-Packard) Hidden
A710_A610_A510_Help (Version: 70.0.208.000 - Hewlett-Packard) Hidden
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AnswerWorks Runtime (HKLM\...\AnswerWorks) (Version:  - )
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft VideoImpression 2 (HKLM\...\{244E21B9-164C-4EC1-AED8-9BD64161E66D}) (Version:  - ArcSoft)
Avast Internet Security (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Backup4all 3 (HKLM\...\Backup4all 3_is1) (Version:  -  Softland)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2040 (HKLM\...\{D168FB8C-8CCB-4BA5-B36B-BA24DC7C2F2C}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite (HKLM\...\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}) (Version: 1.00.000 - )
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Chrome Remote Desktop Host (HKLM\...\{2824CE84-0E10-486A-AB6B-BBCFCC2B8ED4}) (Version: 50.0.2661.23 - Google Inc.)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Applications (HKLM\...\Corel Applications) (Version:  - )
CP_AtenaShokunin1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_PrintOnCDConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dell Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.00 - Dell)
Dell Support 3.1 (HKLM\...\{548EEA8E-8299-497F-8057-811D2D7097DC}) (Version: 5.1.760 - Dell)
DesignExpress CD Labelmaker 32 bit (HKLM\...\MVApplication1) (Version:  - )
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Wireless Camera (HKLM\...\{B6A128D8-6636-4293-BC1A-041B65A9E139}) (Version: 1.00.0000 - Digital Wireless Camera)
Dropbox (HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Invoice (HKLM\...\Easy Invoice) (Version:  - )
ESET Online Scanner (HKLM\...\EsetOnlineScanner) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Eudora (HKLM\...\{4AA9F6BF-81CB-4369-94D2-51D7297EAF46}) (Version: 7.0 - )
Eudora (HKLM\...\{7CC2C009-D2D3-481E-91C4-511E8222F061}) (Version: 7.0 - )
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 4.84 - NCH Software)
FaceFilter Studio Brother Edition (HKLM\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 1.0 - )
FlashFXP v3 (HKLM\...\{DBDFA37B-CFC7-4C37-98F8-04CF326CD327}_is1) (Version: v3.2.0 build 1080 - IniCom Networks, Inc.)
FUJIFILM FinePixViewer S Ver.2.0 (HKLM\...\{88B32652-CAE0-4909-A463-5840D2689D93}) (Version:  - )
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Golden Records Vinyl to CD Converter (HKLM\...\Golden) (Version: 2.08 - NCH Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HL-L2360D series (HKLM\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 0.0.13.0 - Brother Industries, Ltd.)
HP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities) (Version: 7.0 - HP)
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photosmart and Deskjet 7.0 Software (HKLM\...\{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}) (Version: 7.1 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
hph_ProductContext (Version: 70.0.208.000 - Hewlett-Packard) Hidden
hph_readme (Version: 70.0.208.000 - Hewlett-Packard) Hidden
hph_software (Version: 70.0.208.000 - Hewlett-Packard) Hidden
hph_software_req (Version: 70.0.208.000 - Hewlett-Packard) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
Intel® PRO Network Connections Software v9.2.4.11 (HKLM\...\PROSetDX) (Version:  - )
IPCAMF3 version 56.2.0.38 (HKLM\...\{45D0CE08-14DE-4F94-AE24-6151BBE6FA90}_is1) (Version: 56.2.0.38 - IPCAMF3, Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
IsoBuster 1.9.1 (HKLM\...\IsoBuster_is1) (Version: 1.9.1 - Smart Projects)
iTeleport Connect (HKLM\...\{74BC0903-AEAA-45F9-8C7A-DFD9EF216B69}) (Version: 6.1.0002 - iTeleport)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 70.0.170.000 - Hewlett-Packard) Hidden
MetaFrame Presentation Server Client (HKLM\...\{76E4A642-BC3E-438A-8450-0C15A36B5B18}) (Version: 8.100.29670 - Citrix Systems, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliType Pro 5.2 (HKLM\...\{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}) (Version: 5.20.413.0 - Microsoft)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
MicroStaff WINASPI NT (HKLM\...\MWASPINT) (Version:  - )
MobileMe Control Panel (HKLM\...\{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSN Messenger 7.5 (HKLM\...\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}) (Version: 7.5.0311.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 (HKLM\...\{A20A58C4-6784-4B4B-86CC-94E2E3671033}) (Version: 7.02.8637 - Nero AG)
OpenOffice.org 2.4 (HKLM\...\{F87A8E11-02A4-4875-A3A5-5961081B0E4E}) (Version: 2.4.9286 - OpenOffice.org)
Opera 9.27 (HKLM\...\{04DB4871-BC1D-44BF-AADB-47326365EB8C}) (Version: 9.27 - Opera Software ASA)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v7.6 (HKLM\...\{199624B4-6BC0-48C2-AB7E-9AB90B249CD7}) (Version: 7.6 - Spigot, Inc.) <==== ATTENTION
Personal Solution Pac (HKLM\...\{0335E386-9ECB-11D4-BA6E-0020AFBCF620}) (Version:  - )
PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PhotoMail Maker (HKLM\...\PhotoMail) (Version: 1.0.0.1040 - IncrediMail Ltd.)
PhotoMail Maker (Version: 1.0.0.1040 - IncrediMail) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PuTTY version 0.58 (HKLM\...\PuTTY_is1) (Version: 0.58 - Simon Tatham)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime Alternative 1.76 (HKLM\...\QuicktimeAlt_is1) (Version: 1.76 - )
RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
RAR Key Demo (HKLM\...\RAR Key 5.5 Demo) (Version:  - )
RAW FILE CONVERTER LE (HKLM\...\{D680C913-5955-469D-9D88-C1940F7506D6}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.43 - Samsung)
Samsung USB Driver (HKLM\...\{86D6A20D-3910-4441-A3E5-EB6977251C86}) (Version: 1.0 - Samsung Techwin)
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShowMusic (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.97 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.62308 - TeamViewer)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.3 - Tweaking.com)
Uniden Surveillance System 5.0.0.289 (HKLM\...\{E9ACF7F7-DB80-49B4-A1BC-63DB90913E67}_is1) (Version:  - OEM)
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - OEM (mr8980) Image  (04/20/2007 1.0.0.0) (HKLM\...\135D0C8BC13A45369E2154E1FAC3FB2C47755A80) (Version: 04/20/2007 1.0.0.0 - OEM)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip (HKLM\...\WinZip) (Version:  8.1 SR-1  (5266) - WinZip Computing, Inc.)
XH5222 DSE USB 1.3MP Camera (HKLM\...\{E8B6F8C1-ECF3-4B2C-AB9B-284D2357AAD3}) (Version: 1.0.0.1 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\b4a_Main Backup.job => C:\Program Files\Softland\Backup4all 3\b4aSchedStarter.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1419113702.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1453468110.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-20 23:51 - 2016-08-20 23:51 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-12 09:47 - 2016-11-12 09:47 - 03130832 _____ () C:\Program Files\AVAST Software\Avast\defs\16111100\algo.dll
2016-08-20 23:51 - 2016-08-20 23:51 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2012-02-11 21:51 - 2001-10-28 17:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-10 13:22 - 2012-10-10 13:22 - 01347584 _____ () C:\Program Files\iTeleport\iTeleport Connect\jingle.dll
2012-10-10 13:22 - 2012-10-10 13:22 - 00977920 _____ () C:\Program Files\iTeleport\iTeleport Connect\vncservice-wrapper.dll
2006-01-07 18:40 - 2005-03-29 02:35 - 00122880 _____ () C:\WINDOWS\system32\MGE\RunSC.exe
2006-01-07 18:40 - 2005-03-29 02:35 - 00311296 _____ () C:\WINDOWS\system32\MGE\PCtl.exe
2006-01-07 18:40 - 2005-03-29 02:35 - 00208896 _____ () C:\WINDOWS\system32\MGE\BIL.EXE
2006-01-07 18:40 - 2005-03-29 02:35 - 00225280 _____ () C:\WINDOWS\system32\MGE\CILUSB.EXE
2011-03-11 08:57 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2016-07-01 02:26 - 2016-07-01 02:27 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2004-08-05 01:00 - 2013-01-02 19:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll
2005-10-09 00:03 - 2006-10-04 09:04 - 00007680 ____R () E:\Eudora\EuLang.dll
2005-11-15 15:20 - 2006-09-26 10:45 - 00151552 _____ () E:\Eudora\LIBEXPAT.dll
2005-10-09 00:03 - 2006-10-04 09:04 - 00065536 ____R () E:\Eudora\plstclnt.dll
2005-10-09 00:03 - 2006-08-17 14:57 - 00011264 ____R () E:\Eudora\Plugins\Unwrap32.dll
2016-11-09 04:29 - 2016-11-09 04:29 - 19640512 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54 [326]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\bnz.co.nz -> hxxps://www.bnz.co.nz
IE trusted site: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\trademe.co.nz -> hxxps://www.trademe.co.nz

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-07-30 21:18 - 2014-08-08 20:12 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Dell.bmp
DNS Servers: 192.168.1.1
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter2.0 => "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe
MSCONFIG\startupreg: DMXLauncher => "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
MSCONFIG\startupreg: SetDefPrt => "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre7\bin\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\livecall.exe] => Enabled:Windows Live Messenger 8.1 (Phone)
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Pando Networks\Pando\pando.exe] => Enabled:Pando Application
StandardProfile\AuthorizedApplications: [C:\Program Files\ICQ6\Icq.exe] => Enabled:ICQ
StandardProfile\AuthorizedApplications: [C:\Program Files\mIRC\mirc.exe] => Enabled:mIRC
StandardProfile\AuthorizedApplications: [C:\Program Files\LimeWire\LimeWire.exe] => Enabled:LimeWire
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\IncrediMail\Bin\IncMail.exe] => Enabled:IncrediMail
StandardProfile\AuthorizedApplications: [C:\Program Files\IncrediMail\Bin\ImApp.exe] => Enabled:IncrediMail
StandardProfile\AuthorizedApplications: [C:\Program Files\IncrediMail\Bin\ImpCnt.exe] => Enabled:IncrediMail
StandardProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\livecall.exe] => Enabled:Windows Live Messenger 8.1 (Phone)
StandardProfile\AuthorizedApplications: [C:\Program Files\Uniden Surveillance System\Uniden Surveillance System.exe] => Enabled:Uniden Surveillance System
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [G:\ClicknConnect.exe] => Enabled:D-Link Click'n Connect
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [E:\IPCAMF3\IPCAMF3.exe] => Enabled:IPCAMF3
StandardProfile\AuthorizedApplications: [C:\Program Files\iTeleport\iTeleport Connect\iTeleportService.exe] => Enabled:iTeleportService
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome Remote Desktop\50.0.2661.23\remoting_host.exe] => Enabled:Chrome Remote Desktop Host
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [58390:TCP] => Enabled:Pando P2P TCP Listening Port
StandardProfile\GloballyOpenPorts: [58390:UDP] => Enabled:Pando P2P UDP Listening Port
StandardProfile\GloballyOpenPorts: [51524:TCP] => Enabled:Limewire TCP
StandardProfile\GloballyOpenPorts: [51524:UDP] => Enabled:Limewire UPD
StandardProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Connect

==================== Restore Points =========================

04-11-2016 03:27:41 System Checkpoint
05-11-2016 04:27:41 System Checkpoint
06-11-2016 05:27:41 System Checkpoint
07-11-2016 06:27:42 System Checkpoint
08-11-2016 07:27:42 System Checkpoint
09-11-2016 08:27:45 System Checkpoint
10-11-2016 09:27:43 System Checkpoint
11-11-2016 09:28:47 System Checkpoint
12-11-2016 10:27:42 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2016 02:02:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/12/2016 02:02:30 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/12/2016 02:02:30 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/12/2016 02:02:30 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/12/2016 02:02:29 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/12/2016 02:02:29 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/12/2016 02:02:29 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/12/2016 02:02:29 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/12/2016 02:02:29 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/12/2016 02:02:29 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (11/12/2016 12:56:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The iTeleportService service hung on starting.

Error: (11/12/2016 12:58:18 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/10/2016 06:34:17 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (11/02/2016 02:06:07 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/29/2016 05:26:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The iTeleportService service hung on starting.

Error: (10/29/2016 04:54:29 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The iTeleportService service hung on starting.

Error: (10/29/2016 04:53:01 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (10/28/2016 03:01:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The iTeleportService service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/28/2016 12:07:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The iTeleportService service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/28/2016 09:58:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The iTeleportService service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 39%
Total physical RAM: 3318.07 MB
Available physical RAM: 2013.19 MB
Total Virtual: 6473.79 MB
Available Virtual: 5063.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.46 GB) (Free:15.3 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Robert) (Fixed) (Total:68.36 GB) (Free:3.38 GB) NTFS
Drive e: (Mike) (Fixed) (Total:80.69 GB) (Free:20.28 GB) NTFS
Drive m: (Main Bac1_1) (Fixed) (Total:298.09 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: CB2C2F78)
Partition 1: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=80.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: 21C15331)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

ESET SCAN

 

E:\Eudora\Attach\14032016_xmsii.zip    JS/TrojanDownloader.Agent.OHP trojan    deleted
E:\Eudora\Attach\14032016_xxvie.zip    JS/TrojanDownloader.Agent.OHP trojan    deleted
E:\Eudora\Attach\6594015549.doc    VBA/TrojanDownloader.Agent.APW trojan    cleaned
E:\Eudora\Attach\AUSPOST_41116377.zip    JS/TrojanDownloader.Agent.OIO trojan    deleted
E:\Eudora\Attach\BANK SLIP.zip    a variant of Win32/Spy.KeyLogger.OLW trojan    deleted
E:\Eudora\Attach\BANK STATEMENT.rar    a variant of Win32/Injector.AWRJ trojan    deleted
E:\Eudora\Attach\CROMA SECURITY SOLUTIONS GROUP PLC - Order NUM. 0258097037728.zip    JS/TrojanDownloader.Nemucod.KI trojan    deleted
E:\Eudora\Attach\Document 2.zip    JS/TrojanDownloader.Nemucod.LI trojan    deleted
E:\Eudora\Attach\documents.zip    JS/TrojanDownloader.Agent.OIO trojan    deleted
E:\Eudora\Attach\DSC_990341.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Eudora\Attach\DSC_9903411.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Eudora\Attach\emailinvoice.537003.zip    Win32/TrojanDownloader.Small.PSD trojan    deleted
E:\Eudora\Attach\emailinvoice.5370031.zip    Win32/TrojanDownloader.Small.PSD trojan    deleted
E:\Eudora\Attach\Invoice 105984  March 2014.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Attach\Invoice 105984  March 20141.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Attach\Invoice_OJINV05654_from_tip_top_delivery.rtf    VBA/TrojanDropper.Agent.GJ trojan    deleted
E:\Eudora\Attach\payment receipt.jpeg.zip    a variant of Win32/Spy.KeyLogger.OLW trojan    deleted
E:\Eudora\Attach\Payment receipt.zip    a variant of Win32/Spy.KeyLogger.OLW trojan    deleted
E:\Eudora\Attach\payment slip.rar    multiple threats,RAR/Agent.Y trojan,Win32/Autoit.Z trojan    deleted
E:\Eudora\Attach\Payment Slip.zip    Win32/Spy.KeyLogger.OYM trojan    deleted
E:\Eudora\Attach\payment slip1.rar    multiple threats,RAR/Agent.Y trojan,Win32/Autoit.Z trojan    deleted
E:\Eudora\Attach\payment slip2.rar    multiple threats,RAR/Agent.Y trojan,Win32/Autoit.Z trojan    deleted
E:\Eudora\Attach\Purchase_Order.zip    Win32/Spy.Zbot.YW trojan    deleted
E:\Eudora\Attach\SKMBT_75114091015230.zip    Win32/PSW.Fareit.A trojan    deleted
E:\Eudora\Attach\Statement Of Account For The Month Of September.zip    a variant of Java/TrojanDropper.Agent.BA trojan    deleted
E:\Eudora\Attach\TT PAYMENT SLIP.zip    a variant of Win32/Spy.KeyLogger.OMW trojan    deleted
E:\Eudora\Attach\TT Remittance copy.zip    a variant of Win32/Spy.KeyLogger.OMW trojan    deleted
E:\Eudora\Attach\TT Remittance copy1.zip    a variant of Win32/Spy.KeyLogger.OMW trojan    deleted
E:\Eudora\Attach\TT.Payment.rar    a variant of Win32/Injector.Autoit.ALK trojan    deleted
E:\Eudora\Attach\_6483918_082660.zip    JS/TrojanDownloader.Nemucod.AZQ trojan    deleted
E:\Eudora\Embedded\DSC_990341.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Eudora\Embedded\IMG0000002993.zip    Win32/Spy.Zbot.AAU trojan    deleted
E:\Eudora\Embedded\Invoice 199775  March 2014.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\Invoice 199775  March 20141.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\Invoice 421309  March 2014.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\Invoice 421309  March 20141.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\PIC0029181100.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Setups\FLV player Setup.exe    Win32/Toolbar.Zugo potentially unwanted application,a variant of Win32/Toolbar.Conduit.B potentially unwanted application,a variant of Win32/Toolbar.Conduit.AR potentially unwanted application,Win32/Toolbar.Conduit.Y potentially unwanted application    deleted
E:\Setups\PDFCreator-1_2_3_setup.exe    Win32/Toolbar.Widgi potentially unwanted application    deleted
 


Edited by Kiwee, 11 November 2016 - 11:38 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 AM

Posted 16 November 2016 - 10:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632048 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:07:06 PM

Posted 18 November 2016 - 03:02 AM

New FRST logs below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2016
Ran by Markwell Kennels (administrator) on MARKWELL-KENNEL (18-11-2016 17:32:40)
Running from E:\Cleanup2016
Loaded Profiles: Markwell Kennels (Available Profiles: Markwell Kennels & MB & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(brother Industries Ltd) C:\WINDOWS\system32\brsvc01a.exe
(brother Industries Ltd) C:\WINDOWS\system32\brss01a.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\WINDOWS\system32\Brmfrmps.exe
(iTeleport, Inc.) C:\Program Files\iTeleport\iTeleport Connect\iTeleportService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\WINDOWS\system32\MGE\RunSC.exe
() C:\WINDOWS\system32\MGE\PCtl.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\WINDOWS\system32\MGE\BIL.exe
() C:\WINDOWS\system32\MGE\CilUSB.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\type32.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Softland) C:\Program Files\Softland\Backup4all 3\Backup4all.exe
(Softland) C:\Program Files\Softland\Backup4all 3\Backup4all.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(QUALCOMM Incorporated) E:\Eudora\Eudora.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [type32] => C:\Program Files\Microsoft IntelliType Pro\type32.exe [172032 2004-06-03] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime Alternative\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] "C:\\WINDOWS\\system32\\userinit.exe,",
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6889176 2016-09-29] (Piriform Ltd)
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\MountPoints2: {b541bf84-8c5d-11dd-93e3-00123fa26a1a} - K:\WINDOWS\IronKey.exe
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe -update pepperplugin
HKLM\...\AppCertDlls: [dns-etup] -> C:\WINDOWS\system32\fasttdde.dll
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - E:\Eudora\EuShlExt.dll [86016 2006-08-17] (Qualcomm Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-20] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{3D75EFB0-6AD4-46F4-84D4-D745251B1A07}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-26] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28] (Oracle Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/B/E/5BE645ED-2F2D-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130714498265
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} hxxp://us-download.mcafee.com/products/protected/mvt/mvt.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://wixcam.citylink.co.nz//AxisCamControl.ocx
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4938/mcfscan.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Markwell Kennels\Application Data\Mozilla\Firefox\Profiles\a0rvry2j.default [2016-11-18]
FF Homepage: C:\Documents and Settings\Markwell Kennels\Application Data\Mozilla\Firefox\Profiles\a0rvry2j.default -> hxxps://www.tvnz.co.nz/one-news
FF Extension: (Asynchronous Plugin Rendering) - C:\Documents and Settings\Markwell Kennels\Application Data\Mozilla\Firefox\Profiles\a0rvry2j.default\features\{9b9aaf08-f44a-44ab-b24f-d220d43b431c}\asyncrendering@mozilla.org.xpi [2016-10-28]
FF Extension: (Application Update Service Helper) - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi [2016-11-16] [not signed]
FF Extension: (Multi-process staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi [2016-11-16] [not signed]
FF Extension: (Pocket) - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi [2016-11-16] [not signed]
FF Extension: (Web Compat) - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi [2016-11-16] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-12] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-20]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-20]
FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2011-04-14] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1695126911-3001241122-4096436374-1006: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2005-09-15] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-01-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-01-08] (Apple Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\inspector.js [2005-09-15]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java™ Platform SE 6 U12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll => No File
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Profile: C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-22]
CHR Extension: (Chrome Remote Desktop) - C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-15]
CHR Extension: (Dropdown List of Most Visited Links) - C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah [2013-07-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

Opera:
=======
OPR StartupUrls: "hxxp://www.tvnz.co.nz/"

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-20] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-20] (AVAST Software)
R2 brmfrmps; C:\WINDOWS\system32\Brmfrmps.exe [65536 2003-05-05] (Brother Industries, Ltd.) [File not signed]
R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 chromoting; C:\Program Files\Google\Chrome Remote Desktop\50.0.2661.23\remoting_host.exe [62976 2016-01-27] (Google Inc.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iTeleportService; C:\Program Files\iTeleport\iTeleport Connect\iTeleportService.exe [28160 2012-10-10] (iTeleport, Inc.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-09] (Oracle Corporation)
R2 MGE Service module; C:\WINDOWS\system32\MGE\RunSC.exe [122880 2005-03-29] () [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH)
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation) [File not signed]
S3 UPS; %SystemRoot%\System32\ups2.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2004-08-05] (Microsoft Corporation)
S3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-08-20] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-08-20] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-08-20] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-08-14] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [295840 2016-08-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-08-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-08-20] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-08-20] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-08-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-06-23] (AVG Technologies)
R3 BrScnUsb; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-23] (Adaptec, Inc.) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88080 2005-02-02] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2004-12-23] (Sonic Solutions) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-03-30] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-03-30] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-03-30] (HP)
R2 MASPINT; C:\WINDOWS\system32\Drivers\MASPINT.sys [8224 2002-06-21] (MicroStaff Co.,Ltd.) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-24] (Malwarebytes)
S3 mr8980; C:\WINDOWS\System32\DRIVERS\mr8980.sys [69632 2008-06-23] (Mars Semiconductor Corp.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-11-02] (Intel Corporation ) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-09] (Dell Computer Corporation) [File not signed]
S3 SDDMI2; C:\WINDOWS\system32\DDMI2.sys [6977 2004-06-09] (Gteko Ltd.) [File not signed]
S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [12028800 2007-01-20] ()
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-12-02] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-12-02] (Sonic Solutions) [File not signed]
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2016-02-21] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180864 2005-06-15] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86684 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14877 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-03-16] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-03-16] (Sonic Solutions) [File not signed]
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2014-08-15] (Apple, Inc.) [File not signed]
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 BOCDRIVE; \??\C:\Program Files\NSClean\BOClean\BOCDRIVE.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-16 23:08 - 2016-11-18 17:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-13 04:59 - 2016-11-13 04:59 - 00001890 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2016-11-13 04:59 - 2016-11-13 04:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2016-11-12 14:10 - 2016-11-18 17:32 - 00000000 ____D C:\FRST
2016-10-27 14:29 - 2016-11-09 05:29 - 20478144 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-10-24 23:23 - 2016-10-24 23:23 - 00000000 ____D C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\ESET
2016-10-24 23:11 - 2016-10-24 23:11 - 00005261 _____ C:\Documents and Settings\Markwell Kennels\Desktop\JRT.txt
2016-10-24 13:05 - 2016-10-26 11:32 - 00185476 _____ C:\WINDOWS\ntbtlog.txt
2016-10-21 00:06 - 2016-10-21 00:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 17:34 - 2005-10-07 12:30 - 00000000 ____D C:\Documents and Settings\Markwell Kennels\Local Settings\Temp
2016-11-18 17:29 - 2015-11-07 09:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-18 17:29 - 2013-09-06 01:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-18 16:56 - 2009-08-01 22:55 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-18 12:05 - 2014-12-21 11:15 - 00000418 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1419113702.job
2016-11-18 11:56 - 2009-08-01 22:55 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-18 10:58 - 2014-08-02 15:15 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-11-18 00:03 - 2016-01-23 02:08 - 00000474 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1453468110.job
2016-11-17 21:56 - 2004-08-10 18:08 - 00032500 _____ C:\WINDOWS\SchedLgU.Txt
2016-11-17 02:00 - 2011-11-08 19:36 - 00000480 _____ C:\WINDOWS\Tasks\b4a_Main Backup.job
2016-11-17 02:00 - 2006-10-17 08:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-11-15 21:49 - 2015-12-01 09:42 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-11-12 23:10 - 2015-07-16 13:34 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-12 23:10 - 2004-08-10 18:02 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-12 12:58 - 2014-03-18 09:23 - 00000244 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-11-12 12:58 - 2004-08-10 18:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-12 12:58 - 2004-08-10 17:51 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2016-11-12 12:57 - 2014-08-02 15:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-11-09 05:29 - 2012-11-03 12:58 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-11-09 05:29 - 2011-12-26 09:20 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-11-08 15:00 - 2014-03-18 09:23 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-10-29 17:22 - 2005-10-07 12:30 - 00000278 ___SH C:\Documents and Settings\Markwell Kennels\ntuser.ini
2016-10-29 17:22 - 2005-10-07 12:30 - 00000000 ____D C:\Documents and Settings\Markwell Kennels
2016-10-29 16:51 - 2014-05-02 10:00 - 00524288 _____ C:\WINDOWS\system32\config\iTelepor.evt
2016-10-24 22:04 - 2014-08-09 11:16 - 00000000 ____D C:\AdwCleaner
2016-10-24 13:10 - 2015-09-07 00:26 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-21 05:22 - 2015-09-07 00:26 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-21 05:22 - 2015-09-07 00:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-21 00:37 - 2014-05-25 20:28 - 00000000 ____D C:\Documents and Settings\Markwell Kennels\Application Data\TeamViewer
2016-10-21 00:35 - 2012-02-11 21:51 - 00000000 ____D C:\Program Files\PDFCreator
2016-10-21 00:12 - 2009-04-22 09:57 - 00000000 ____D C:\WINDOWS\Minidump
2016-10-21 00:06 - 2014-08-12 11:36 - 00000725 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======

2005-10-08 16:08 - 2008-01-09 19:12 - 0001280 _____ () C:\Program Files\INSTALL.LOG
2006-10-15 11:32 - 2006-10-15 11:32 - 0000067 ____R () C:\Documents and Settings\Markwell Kennels\Application Data\nero_photoshow_express_4_us_row.txt
2005-10-08 22:48 - 2015-12-23 08:34 - 0235520 _____ () C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-01 14:56 - 2012-12-01 14:56 - 0027520 _____ () C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\dt.dat
2005-10-07 17:23 - 2005-10-07 17:23 - 0000139 _____ () C:\Documents and Settings\Markwell Kennels\Local Settings\Application Data\fusioncache.dat
2007-11-16 13:03 - 2007-11-16 13:15 - 0000787 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2006-01-16 08:46 - 2006-01-16 08:46 - 0001755 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
C:\Documents and Settings\Markwell Kennels\Local Settings\Temp\libeay32.dll
C:\Documents and Settings\Markwell Kennels\Local Settings\Temp\msvcr120.dll
C:\Documents and Settings\Markwell Kennels\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2016
Ran by Markwell Kennels (18-11-2016 17:34:51)
Running from E:\Cleanup2016
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2005-10-29 21:38:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1695126911-3001241122-4096436374-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.MARKWELL-KENNEL
ASPNET (S-1-5-21-1695126911-3001241122-4096436374-1008 - Limited - Enabled)
Guest (S-1-5-21-1695126911-3001241122-4096436374-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest.MARKWELL-KENNEL
HelpAssistant (S-1-5-21-1695126911-3001241122-4096436374-1005 - Limited - Disabled)
Markwell Kennels (S-1-5-21-1695126911-3001241122-4096436374-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Markwell Kennels
MB (S-1-5-21-1695126911-3001241122-4096436374-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\MB
SUPPORT_388945a0 (S-1-5-21-1695126911-3001241122-4096436374-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: Avast Antivirus (Disabled) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A510 (Version: 70.0.208.000 - Hewlett-Packard) Hidden
A710_A610_A510_Help (Version: 70.0.208.000 - Hewlett-Packard) Hidden
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AnswerWorks Runtime (HKLM\...\AnswerWorks) (Version:  - )
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft VideoImpression 2 (HKLM\...\{244E21B9-164C-4EC1-AED8-9BD64161E66D}) (Version:  - ArcSoft)
Avast Internet Security (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Backup4all 3 (HKLM\...\Backup4all 3_is1) (Version:  -  Softland)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2040 (HKLM\...\{D168FB8C-8CCB-4BA5-B36B-BA24DC7C2F2C}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite (HKLM\...\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}) (Version: 1.00.000 - )
Brother MFL-Pro Suite (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Chrome Remote Desktop Host (HKLM\...\{2824CE84-0E10-486A-AB6B-BBCFCC2B8ED4}) (Version: 50.0.2661.23 - Google Inc.)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Applications (HKLM\...\Corel Applications) (Version:  - )
CP_AtenaShokunin1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_PrintOnCDConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dell Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.00 - Dell)
Dell Support 3.1 (HKLM\...\{548EEA8E-8299-497F-8057-811D2D7097DC}) (Version: 5.1.760 - Dell)
DesignExpress CD Labelmaker 32 bit (HKLM\...\MVApplication1) (Version:  - )
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Wireless Camera (HKLM\...\{B6A128D8-6636-4293-BC1A-041B65A9E139}) (Version: 1.00.0000 - Digital Wireless Camera)
Dropbox (HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Invoice (HKLM\...\Easy Invoice) (Version:  - )
ESET Online Scanner (HKLM\...\EsetOnlineScanner) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Eudora (HKLM\...\{4AA9F6BF-81CB-4369-94D2-51D7297EAF46}) (Version: 7.0 - )
Eudora (HKLM\...\{7CC2C009-D2D3-481E-91C4-511E8222F061}) (Version: 7.0 - )
Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 4.84 - NCH Software)
FaceFilter Studio Brother Edition (HKLM\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 1.0 - )
FlashFXP v3 (HKLM\...\{DBDFA37B-CFC7-4C37-98F8-04CF326CD327}_is1) (Version: v3.2.0 build 1080 - IniCom Networks, Inc.)
FUJIFILM FinePixViewer S Ver.2.0 (HKLM\...\{88B32652-CAE0-4909-A463-5840D2689D93}) (Version:  - )
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Golden Records Vinyl to CD Converter (HKLM\...\Golden) (Version: 2.08 - NCH Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HL-L2360D series (HKLM\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 0.0.13.0 - Brother Industries, Ltd.)
HP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities) (Version: 7.0 - HP)
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photosmart and Deskjet 7.0 Software (HKLM\...\{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}) (Version: 7.1 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
hph_ProductContext (Version: 70.0.208.000 - Hewlett-Packard) Hidden
hph_readme (Version: 70.0.208.000 - Hewlett-Packard) Hidden
hph_software (Version: 70.0.208.000 - Hewlett-Packard) Hidden
hph_software_req (Version: 70.0.208.000 - Hewlett-Packard) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4410 - )
Intel® PRO Network Connections Software v9.2.4.11 (HKLM\...\PROSetDX) (Version:  - )
IPCAMF3 version 56.2.0.38 (HKLM\...\{45D0CE08-14DE-4F94-AE24-6151BBE6FA90}_is1) (Version: 56.2.0.38 - IPCAMF3, Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
IsoBuster 1.9.1 (HKLM\...\IsoBuster_is1) (Version: 1.9.1 - Smart Projects)
iTeleport Connect (HKLM\...\{74BC0903-AEAA-45F9-8C7A-DFD9EF216B69}) (Version: 6.1.0002 - iTeleport)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 70.0.170.000 - Hewlett-Packard) Hidden
MetaFrame Presentation Server Client (HKLM\...\{76E4A642-BC3E-438A-8450-0C15A36B5B18}) (Version: 8.100.29670 - Citrix Systems, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliType Pro 5.2 (HKLM\...\{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}) (Version: 5.20.413.0 - Microsoft)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
MicroStaff WINASPI NT (HKLM\...\MWASPINT) (Version:  - )
MobileMe Control Panel (HKLM\...\{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 50.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSN Messenger 7.5 (HKLM\...\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}) (Version: 7.5.0311.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 (HKLM\...\{A20A58C4-6784-4B4B-86CC-94E2E3671033}) (Version: 7.02.8637 - Nero AG)
OpenOffice.org 2.4 (HKLM\...\{F87A8E11-02A4-4875-A3A5-5961081B0E4E}) (Version: 2.4.9286 - OpenOffice.org)
Opera 9.27 (HKLM\...\{04DB4871-BC1D-44BF-AADB-47326365EB8C}) (Version: 9.27 - Opera Software ASA)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v7.6 (HKLM\...\{199624B4-6BC0-48C2-AB7E-9AB90B249CD7}) (Version: 7.6 - Spigot, Inc.) <==== ATTENTION
Personal Solution Pac (HKLM\...\{0335E386-9ECB-11D4-BA6E-0020AFBCF620}) (Version:  - )
PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PhotoMail Maker (HKLM\...\PhotoMail) (Version: 1.0.0.1040 - IncrediMail Ltd.)
PhotoMail Maker (Version: 1.0.0.1040 - IncrediMail) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PuTTY version 0.58 (HKLM\...\PuTTY_is1) (Version: 0.58 - Simon Tatham)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime Alternative 1.76 (HKLM\...\QuicktimeAlt_is1) (Version: 1.76 - )
RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
RAR Key Demo (HKLM\...\RAR Key 5.5 Demo) (Version:  - )
RAW FILE CONVERTER LE (HKLM\...\{D680C913-5955-469D-9D88-C1940F7506D6}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.43 - Samsung)
Samsung USB Driver (HKLM\...\{86D6A20D-3910-4441-A3E5-EB6977251C86}) (Version: 1.0 - Samsung Techwin)
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShowMusic (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.97 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.62308 - TeamViewer)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.3 - Tweaking.com)
Uniden Surveillance System 5.0.0.289 (HKLM\...\{E9ACF7F7-DB80-49B4-A1BC-63DB90913E67}_is1) (Version:  - OEM)
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - OEM (mr8980) Image  (04/20/2007 1.0.0.0) (HKLM\...\135D0C8BC13A45369E2154E1FAC3FB2C47755A80) (Version: 04/20/2007 1.0.0.0 - OEM)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip (HKLM\...\WinZip) (Version:  8.1 SR-1  (5266) - WinZip Computing, Inc.)
XH5222 DSE USB 1.3MP Camera (HKLM\...\{E8B6F8C1-ECF3-4B2C-AB9B-284D2357AAD3}) (Version: 1.0.0.1 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\b4a_Main Backup.job => C:\Program Files\Softland\Backup4all 3\b4aSchedStarter.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1419113702.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1453468110.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-20 23:51 - 2016-08-20 23:51 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-12 09:47 - 2016-11-12 09:47 - 03130832 _____ () C:\Program Files\AVAST Software\Avast\defs\16111100\algo.dll
2016-08-20 23:51 - 2016-08-20 23:51 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-18 00:47 - 2016-11-18 00:47 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16111700\algo.dll
2012-02-11 21:51 - 2001-10-28 17:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-10 13:22 - 2012-10-10 13:22 - 01347584 _____ () C:\Program Files\iTeleport\iTeleport Connect\jingle.dll
2012-10-10 13:22 - 2012-10-10 13:22 - 00977920 _____ () C:\Program Files\iTeleport\iTeleport Connect\vncservice-wrapper.dll
2006-01-07 18:40 - 2005-03-29 02:35 - 00122880 _____ () C:\WINDOWS\system32\MGE\RunSC.exe
2006-01-07 18:40 - 2005-03-29 02:35 - 00311296 _____ () C:\WINDOWS\system32\MGE\PCtl.exe
2006-01-07 18:40 - 2005-03-29 02:35 - 00208896 _____ () C:\WINDOWS\system32\MGE\BIL.EXE
2006-01-07 18:40 - 2005-03-29 02:35 - 00225280 _____ () C:\WINDOWS\system32\MGE\CILUSB.EXE
2016-07-01 02:26 - 2016-07-01 02:27 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-02-22 08:12 - 2005-03-17 13:20 - 00053248 _____ () C:\Program Files\Softland\Backup4all 3\AES.DLL
2007-02-22 08:12 - 2005-05-27 13:02 - 00155648 _____ () C:\Program Files\Softland\Backup4all 3\ssleay32.dll
2007-02-22 08:12 - 2005-05-27 13:02 - 00684032 _____ () C:\Program Files\Softland\Backup4all 3\LIBEAY32.dll
2007-02-22 08:12 - 2006-11-23 17:17 - 00098304 _____ () C:\Program Files\Softland\Backup4all 3\vshadowXP.dll
2004-08-05 01:00 - 2013-01-02 19:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll
2005-10-09 00:03 - 2006-10-04 09:04 - 00007680 ____R () E:\Eudora\EuLang.dll
2005-11-15 15:20 - 2006-09-26 10:45 - 00151552 _____ () E:\Eudora\LIBEXPAT.dll
2005-10-09 00:03 - 2006-10-04 09:04 - 00065536 ____R () E:\Eudora\plstclnt.dll
2005-10-09 00:03 - 2006-08-17 14:57 - 00011264 ____R () E:\Eudora\Plugins\Unwrap32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54 [326]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\bnz.co.nz -> hxxps://www.bnz.co.nz
IE trusted site: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\trademe.co.nz -> hxxps://www.trademe.co.nz

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-07-30 21:18 - 2014-08-08 20:12 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Dell.bmp
DNS Servers: 192.168.1.1
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter2.0 => "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe
MSCONFIG\startupreg: DMXLauncher => "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
MSCONFIG\startupreg: SetDefPrt => "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: snp2std => C:\WINDOWS\vsnp2std.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre7\bin\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\livecall.exe] => Enabled:Windows Live Messenger 8.1 (Phone)
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Pando Networks\Pando\pando.exe] => Enabled:Pando Application
StandardProfile\AuthorizedApplications: [C:\Program Files\ICQ6\Icq.exe] => Enabled:ICQ
StandardProfile\AuthorizedApplications: [C:\Program Files\mIRC\mirc.exe] => Enabled:mIRC
StandardProfile\AuthorizedApplications: [C:\Program Files\LimeWire\LimeWire.exe] => Enabled:LimeWire
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\IncrediMail\Bin\IncMail.exe] => Enabled:IncrediMail
StandardProfile\AuthorizedApplications: [C:\Program Files\IncrediMail\Bin\ImApp.exe] => Enabled:IncrediMail
StandardProfile\AuthorizedApplications: [C:\Program Files\IncrediMail\Bin\ImpCnt.exe] => Enabled:IncrediMail
StandardProfile\AuthorizedApplications: [C:\Program Files\MSN Messenger\livecall.exe] => Enabled:Windows Live Messenger 8.1 (Phone)
StandardProfile\AuthorizedApplications: [C:\Program Files\Uniden Surveillance System\Uniden Surveillance System.exe] => Enabled:Uniden Surveillance System
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [G:\ClicknConnect.exe] => Enabled:D-Link Click'n Connect
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [E:\IPCAMF3\IPCAMF3.exe] => Enabled:IPCAMF3
StandardProfile\AuthorizedApplications: [C:\Program Files\iTeleport\iTeleport Connect\iTeleportService.exe] => Enabled:iTeleportService
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Markwell Kennels\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome Remote Desktop\50.0.2661.23\remoting_host.exe] => Enabled:Chrome Remote Desktop Host
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Connect
DomainProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [58390:TCP] => Enabled:Pando P2P TCP Listening Port
StandardProfile\GloballyOpenPorts: [58390:UDP] => Enabled:Pando P2P UDP Listening Port
StandardProfile\GloballyOpenPorts: [51524:TCP] => Enabled:Limewire TCP
StandardProfile\GloballyOpenPorts: [51524:UDP] => Enabled:Limewire UPD
StandardProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Windows Media Connect
StandardProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Windows Media Connect

==================== Restore Points =========================

15-11-2016 04:04:17 System Checkpoint
16-11-2016 04:58:30 System Checkpoint
17-11-2016 05:54:04 System Checkpoint
18-11-2016 06:54:03 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2016 06:53:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application registered 2 identical instances of service MARKWELL-KENNEL._rfb._tcp.local. port 5900.

Error: (11/18/2016 06:38:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application registered 2 identical instances of service MARKWELL-KENNEL._rfb._tcp.local. port 5900.

Error: (11/18/2016 06:00:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application registered 2 identical instances of service MARKWELL-KENNEL._rfb._tcp.local. port 5900.

Error: (11/18/2016 05:33:17 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/18/2016 05:31:23 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/18/2016 05:31:23 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/18/2016 05:31:23 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/18/2016 05:31:23 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/18/2016 05:31:22 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/18/2016 05:31:22 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (11/17/2016 09:39:20 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (11/12/2016 12:56:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The iTeleportService service hung on starting.

Error: (11/12/2016 12:58:18 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (11/10/2016 06:34:17 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (11/02/2016 02:06:07 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/29/2016 05:26:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The iTeleportService service hung on starting.

Error: (10/29/2016 04:54:29 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The iTeleportService service hung on starting.

Error: (10/29/2016 04:53:01 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1

Error: (10/28/2016 03:01:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The iTeleportService service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/28/2016 12:07:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The iTeleportService service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 41%
Total physical RAM: 3318.07 MB
Available physical RAM: 1939.2 MB
Total Virtual: 6473.79 MB
Available Virtual: 4782.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.46 GB) (Free:16.32 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Robert) (Fixed) (Total:68.36 GB) (Free:3.38 GB) NTFS
Drive e: (Mike) (Fixed) (Total:80.69 GB) (Free:20.37 GB) NTFS
Drive m: (Main Bac1_1) (Fixed) (Total:298.09 GB) (Free:178.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: CB2C2F78)
Partition 1: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=80.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: 21C15331)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

ESET SCAN

 

E:\Eudora\Attach\14032016_xmsii.zip    JS/TrojanDownloader.Agent.OHP trojan    deleted
E:\Eudora\Attach\14032016_xxvie.zip    JS/TrojanDownloader.Agent.OHP trojan    deleted
E:\Eudora\Attach\6594015549.doc    VBA/TrojanDownloader.Agent.APW trojan    cleaned
E:\Eudora\Attach\AUSPOST_41116377.zip    JS/TrojanDownloader.Agent.OIO trojan    deleted
E:\Eudora\Attach\BANK SLIP.zip    a variant of Win32/Spy.KeyLogger.OLW trojan    deleted
E:\Eudora\Attach\BANK STATEMENT.rar    a variant of Win32/Injector.AWRJ trojan    deleted
E:\Eudora\Attach\CROMA SECURITY SOLUTIONS GROUP PLC - Order NUM. 0258097037728.zip    JS/TrojanDownloader.Nemucod.KI trojan    deleted
E:\Eudora\Attach\Document 2.zip    JS/TrojanDownloader.Nemucod.LI trojan    deleted
E:\Eudora\Attach\documents.zip    JS/TrojanDownloader.Agent.OIO trojan    deleted
E:\Eudora\Attach\DSC_990341.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Eudora\Attach\DSC_9903411.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Eudora\Attach\emailinvoice.537003.zip    Win32/TrojanDownloader.Small.PSD trojan    deleted
E:\Eudora\Attach\emailinvoice.5370031.zip    Win32/TrojanDownloader.Small.PSD trojan    deleted
E:\Eudora\Attach\Invoice 105984  March 2014.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Attach\Invoice 105984  March 20141.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Attach\Invoice_OJINV05654_from_tip_top_delivery.rtf    VBA/TrojanDropper.Agent.GJ trojan    deleted
E:\Eudora\Attach\payment receipt.jpeg.zip    a variant of Win32/Spy.KeyLogger.OLW trojan    deleted
E:\Eudora\Attach\Payment receipt.zip    a variant of Win32/Spy.KeyLogger.OLW trojan    deleted
E:\Eudora\Attach\payment slip.rar    multiple threats,RAR/Agent.Y trojan,Win32/Autoit.Z trojan    deleted
E:\Eudora\Attach\Payment Slip.zip    Win32/Spy.KeyLogger.OYM trojan    deleted
E:\Eudora\Attach\payment slip1.rar    multiple threats,RAR/Agent.Y trojan,Win32/Autoit.Z trojan    deleted
E:\Eudora\Attach\payment slip2.rar    multiple threats,RAR/Agent.Y trojan,Win32/Autoit.Z trojan    deleted
E:\Eudora\Attach\Purchase_Order.zip    Win32/Spy.Zbot.YW trojan    deleted
E:\Eudora\Attach\SKMBT_75114091015230.zip    Win32/PSW.Fareit.A trojan    deleted
E:\Eudora\Attach\Statement Of Account For The Month Of September.zip    a variant of Java/TrojanDropper.Agent.BA trojan    deleted
E:\Eudora\Attach\TT PAYMENT SLIP.zip    a variant of Win32/Spy.KeyLogger.OMW trojan    deleted
E:\Eudora\Attach\TT Remittance copy.zip    a variant of Win32/Spy.KeyLogger.OMW trojan    deleted
E:\Eudora\Attach\TT Remittance copy1.zip    a variant of Win32/Spy.KeyLogger.OMW trojan    deleted
E:\Eudora\Attach\TT.Payment.rar    a variant of Win32/Injector.Autoit.ALK trojan    deleted
E:\Eudora\Attach\_6483918_082660.zip    JS/TrojanDownloader.Nemucod.AZQ trojan    deleted
E:\Eudora\Embedded\DSC_990341.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Eudora\Embedded\IMG0000002993.zip    Win32/Spy.Zbot.AAU trojan    deleted
E:\Eudora\Embedded\Invoice 199775  March 2014.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\Invoice 199775  March 20141.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\Invoice 421309  March 2014.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\Invoice 421309  March 20141.zip    Win32/TrojanDownloader.Small.ADP trojan    deleted
E:\Eudora\Embedded\PIC0029181100.zip    Win32/TrojanDownloader.Wauchos.Z trojan    deleted
E:\Setups\FLV player Setup.exe    Win32/Toolbar.Zugo potentially unwanted application,a variant of Win32/Toolbar.Conduit.B potentially unwanted application,a variant of Win32/Toolbar.Conduit.AR potentially unwanted application,Win32/Toolbar.Conduit.Y potentially unwanted application    deleted
E:\Setups\PDFCreator-1_2_3_setup.exe    Win32/Toolbar.Widgi potentially unwanted application    deleted



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 PM

Posted 18 November 2016 - 03:33 PM

Greetings Mike and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.

Edited by Oh My!, 18 November 2016 - 03:36 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 PM

Posted 18 November 2016 - 04:32 PM

Thank you again for your patience.

Can you tell me if the time clock on the computer is accurate?

Please consider and do this.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Limewire installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Limewire, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition, it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM\...\Winlogon: [Userinit] "C:\\WINDOWS\\system32\\userinit.exe,",
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll => No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-20]
FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF Plugin HKU\S-1-5-21-1695126911-3001241122-4096436374-1006: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Platform SE 6 U12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll => No File
CHR Plugin: (Java Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
S3 UPS; %SystemRoot%\System32\ups2.exe [X]
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 BOCDRIVE; \??\C:\Program Files\NSClean\BOClean\BOCDRIVE.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
U1 WS2IFSL; no ImagePath
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54 [326]
File: C:\WINDOWS\system32\fasttdde.dll
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix and save it to your desktop[/b]:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Time clock?
  • Fixlog
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:07:06 PM

Posted 18 November 2016 - 09:37 PM

Hi Gary

 

Thanks for taking on my problems !  Attached is the System Summary Report and I'm working

on getting you the reports for the things in your latest reply.

Cheers

Mike


Edited by Kiwee, 18 November 2016 - 10:41 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 PM

Posted 18 November 2016 - 10:49 PM

Hi Mike,

I am ending for the evening but will check back first thing in the morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:07:06 PM

Posted 19 November 2016 - 05:24 AM

Hi Gary

Yes the time clock is accurate to NZ time.  Fixlog and ComboFix logs below.  The Recovery Console installation failed.  Also I have tried to uninstall Limewire before (not used in years) but it does not show in the list of programs in Add/Remove Programs

Cheers
Mike


Fix result of Farbar Recovery Scan Tool (x86) Version: 18-11-2016
Ran by Markwell Kennels (19-11-2016 15:55:00) Run:1
Running from E:\Cleanup2016\FRST-OlderVersion\FRST-OlderVersion
Loaded Profiles: Markwell Kennels (Available Profiles: Markwell Kennels & MB & Administrator & Guest)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Winlogon: [Userinit] "C:\\WINDOWS\\system32\\userinit.exe,",
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll => No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-20]
FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6172\FF => not found
FF Plugin HKU\S-1-5-21-1695126911-3001241122-4096436374-1006: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
CHR Plugin: (Native Client) - C:\Program
Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Platform SE 6 U12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll => No File
CHR Plugin: (Java Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => No File
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] -
hxxps://clients2.google.com/service/update2/crx
S3 UPS; %SystemRoot%\System32\ups2.exe [X]
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 BOCDRIVE; \??\C:\Program Files\NSClean\BOClean\BOCDRIVE.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
U1 WS2IFSL; no ImagePath
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin
Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54 [326]
File:
C:\WINDOWS\system32\fasttdde.dll


*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully.
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully.
"HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}" => key removed successfully.
"C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL No File" => not found.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully.
C:\Program Files\AVAST Software\Avast\SafePrice\FF => moved successfully
HKU\S-1-5-19\Software\Mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739} => value removed successfully.
HKU\S-1-5-20\Software\Mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739} => value removed successfully.
HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Software\Mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739} => value removed successfully.
"HKU\S-1-5-21-1695126911-3001241122-4096436374-1006\Software\MozillaPlugins\@macromedia.com/FlashPlayer9" => key removed successfully.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => not found.
CHR Plugin: (Native Client) - C:\Program => not found.
Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File => Error: No automatic fix found for this entry.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll => not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => not found.
C:\Program Files\DNA\plugins\npbtdna.dll => not found.
C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => not found.
C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll => not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - => key not found.
hxxps://clients2.google.com/service/update2/crx => Error: No automatic fix found for this entry.
UPS => service removed successfully.
Andbus => service removed successfully.
AndDiag => service removed successfully.
AndGps => service removed successfully.
ANDModem => service removed successfully.
BOCDRIVE => service removed successfully.
MREMP50 => service removed successfully.
MREMPR5 => service removed successfully.
MRENDIS5 => service removed successfully.
MRESP50 => service removed successfully.
WS2IFSL => service removed successfully.
"HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => key removed successfully.
"HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => key removed successfully.
Manager\ezPMUtils.dll => No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}" => key removed successfully.
"HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}" => key removed successfully.
"HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => key removed successfully.
"HKU\S-1-5-21-1695126911-3001241122-4096436374-1006_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}" => key removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":E29ACA54" ADS removed successfully..

========================= File: ========================

"File:" => not found.
====== End of File: ======

"C:\WINDOWS\system32\fasttdde.dll" => not found.


The system needed a reboot.

==== End of Fixlog 16:00:14 ====

ComboFix 16-11-13.01 - Markwell Kennels 19/11/2016  16:55:15.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.64.1033.18.3318.2224 [GMT 13:00]
Running from: e:\cleanup2016\ComboFix\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: Avast Antivirus *Disabled* {7591db91-41f0-48a3-b128-1a293fd8233d}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\Markwell Kennels\Desktop\Scanner.lnk
c:\program files\Dell\Media Experience\DMXLauncher.exe
c:\program files\INSTALL.LOG
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\kb893803v2_wxp.cat
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00003
c:\windows\$msi31uninstall_kb893803v2$\reg00004
c:\windows\$msi31uninstall_kb893803v2$\reg00005
c:\windows\$msi31uninstall_kb893803v2$\reg00006
c:\windows\$msi31uninstall_kb893803v2$\reg00007
c:\windows\$msi31uninstall_kb893803v2$\reg00008
c:\windows\$msi31uninstall_kb893803v2$\reg00009
c:\windows\$msi31uninstall_kb893803v2$\reg00010
c:\windows\$msi31uninstall_kb893803v2$\reg00011
c:\windows\$msi31uninstall_kb893803v2$\reg00012
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\iun6002.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\Cache
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\48ed59d338d3b6f5.fb
c:\windows\system32\Cache\4eb0e135e6d08539.fb
c:\windows\system32\Cache\4ee297707a5277c8.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6b5f3d39fbbc7259.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\994360fffb77f237.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\be2a26ae4fc93fb7.fb
c:\windows\system32\Cache\be7cb8988cbbbd88.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e2ca77976c5fd899.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\FE05DA0D.dll
c:\windows\system32\FE05F051.dll
c:\windows\system32\FE05F3D5.dll
c:\windows\system32\SET173.tmp
c:\windows\system32\SET193.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET76DE.tmp
c:\windows\system32\SET76EA.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2016-10-19 to 2016-11-19  )))))))))))))))))))))))))))))))
.
.
2016-11-12 01:10 . 2016-11-19 03:00    --------    d-----w-    C:\FRST
2016-10-27 01:29 . 2016-11-08 16:29    20478144    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2016-10-24 10:23 . 2016-10-24 10:23    --------    d-----w-    c:\documents and settings\Markwell Kennels\Local Settings\Application Data\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-08 16:29 . 2012-11-02 23:58    796352    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2016-11-08 16:29 . 2011-12-25 20:20    142528    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-24 00:10 . 2015-09-06 11:26    170200    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-13 09:58 . 2014-08-02 02:11    224752    ----a-w-    c:\windows\system32\drivers\aswvmm.sys
2016-09-22 22:58 . 2014-08-02 02:11    433768    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2016-09-13 10:58 . 2014-08-02 02:11    735488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2005-09-15 05:26 . 2016-11-16 10:08    44153    ----a-w-    c:\program files\mozilla firefox\components\inspector.dll
2005-09-15 05:26 . 2016-11-16 10:08    41573    ----a-w-    c:\program files\mozilla firefox\components\jar50.dll
2005-09-15 05:26 . 2016-11-16 10:08    48223    ----a-w-    c:\program files\mozilla firefox\components\jsd3250.dll
2007-01-06 21:39 . 2016-11-16 10:08    34928    ----a-w-    c:\program files\mozilla firefox\components\myspell.dll
2007-01-06 21:39 . 2016-11-16 10:08    46696    ----a-w-    c:\program files\mozilla firefox\components\spellchk.dll
2005-09-15 05:26 . 2016-11-16 10:08    160871    ----a-w-    c:\program files\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22    131480    ----a-w-    c:\documents and settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22    131480    ----a-w-    c:\documents and settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22    131480    ----a-w-    c:\documents and settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22    131480    ----a-w-    c:\documents and settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22    131480    ----a-w-    c:\documents and settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22    131480    ----a-w-    c:\documents and settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22    131480    ----a-w-    c:\documents and settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22    131480    ----a-w-    c:\documents and settings\Markwell Kennels\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-20 10:51    832488    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-15 153136]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-12-03 761064]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-09-28 6889176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2013-12-19 4513792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2014-10-02 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-09-11 157456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-05-20 595992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "e:\eudora\EuShlExt.dll" [2006-08-17 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 04:17    47904    ----a-w-    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 05:12    60712    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-03-12 01:51    663552    ----a-w-    c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2007-01-26 02:58    65536    ----a-w-    c:\program files\Brother\ControlCenter2\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-01-26 02:58    65536    ----a-w-    c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-03-15 17:33    127037    ----a-w-    c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 01:08    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 08:10    46632    ----a-w-    c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-09-11 15:25    157456    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 08:12    30248    ----a-w-    c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 00:46    255528    ----a-w-    c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 01:23    421888    ----a-w-    c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-05-24 20:16    49152    ----a-w-    c:\program files\Brother\Brmfl04a\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 16:20    339968    ----a-w-    c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2006-12-03 23:58    675840    ----a-w-    c:\windows\vsnp2std.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-24 20:03    210472    ----a-w-    c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Uniden Surveillance System\\Uniden Surveillance System.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\IPCAMF3\\IPCAMF3.exe"=
"c:\\Program Files\\iTeleport\\iTeleport Connect\\iTeleportService.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Markwell Kennels\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Chrome Remote Desktop\\50.0.2661.23\\remoting_host.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58390:TCP"= 58390:TCP:Pando P2P TCP Listening Port
"58390:UDP"= 58390:UDP:Pando P2P UDP Listening Port
"51524:TCP"= 51524:TCP:Limewire TCP
"51524:UDP"= 51524:UDP:Limewire UPD
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [14/08/2014 12:44 a.m. 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [14/08/2014 12:44 a.m. 295840]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2/08/2014 3:11 p.m. 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswvmm.sys [2/08/2014 3:11 p.m. 224752]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [14/08/2014 12:44 a.m. 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2/08/2014 3:11 p.m. 735488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2/08/2014 3:11 p.m. 433768]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [25/10/2013 2:17 p.m. 42784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2/08/2014 3:11 p.m. 92256]
R2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [20/08/2016 11:50 p.m. 223600]
R2 iTeleportService;iTeleportService;c:\program files\iTeleport\iTeleport Connect\iTeleportService.exe [10/10/2012 1:22 p.m. 28160]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [16/08/2015 1:26 p.m. 184592]
S2 MGE Service module;MGE Service module;c:\windows\system32\MGE\RunSC.exe [7/01/2006 6:40 p.m. 122880]
S3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2/08/2014 3:11 p.m. 34008]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [23/08/2014 11:39 a.m. 282112]
S3 chromoting;Chrome Remote Desktop Service;c:\program files\Google\Chrome Remote Desktop\50.0.2661.23\remoting_host.exe [27/01/2016 7:05 p.m. 62976]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [7/09/2015 12:26 a.m. 170200]
S3 mr8980;Digital Wireless Camera;c:\windows\system32\drivers\mr8980.sys [20/03/2011 1:21 p.m. 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-08 21:50    1106072    ----a-w-    c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-11-19 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-08 16:29]
.
2016-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-02 16:29]
.
2016-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2015-08-26 11:26]
.
2016-11-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-20 10:51]
.
2016-11-16 c:\windows\Tasks\b4a_Main Backup.job
- c:\program files\Softland\Backup4all 3\b4aSchedStarter.exe [2007-02-21 02:44]
.
2016-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 13:14]
.
2016-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 13:14]
.
2016-11-19 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-12 01:59]
.
2016-11-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-12 01:59]
.
2016-11-19 c:\windows\Tasks\Opera scheduled Autoupdate 1419113702.job
- c:\program files\Opera\launcher.exe [2014-12-20 12:29]
.
2016-11-19 c:\windows\Tasks\SafeZone scheduled Autoupdate 1453468110.job
- c:\program files\AVAST Software\SZBrowser\launcher.exe [2016-01-22 08:42]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: bnz.co.nz\www
Trusted Zone: trademe.co.nz\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Markwell Kennels\Application Data\Mozilla\Firefox\Profiles\a0rvry2j.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.tvnz.co.nz/one-news
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe
SafeBoot-MBAMSwissArmy
MSConfigStartUp-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-HijackThis - c:\documents and settings\Markwell Kennels\Desktop\HijackThis.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-19 22:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
"GlobalState"=hex:dc,d4,73,6e,26,88,57,94,e0,9a,93,c4,c3,62,8f,f5,38,43,f8,f9
"RevocationList"=hex:52,2d,bf,5e,56,23,8d,75,23,08,c4,bb,03,da,5d,62,86,62,fa,
   ff
"{F783FC68-0C28-4C78-A7BC-8442F87C961C}"=hex:6c,d5,1a,f3,f2,13,de,c7,ca,18,b5,
   9d,41,a2,8f,a1,28,66,7d,48
"{CF1E2697-4230-43D1-9425-2F25E75F7E91}"=hex:58,8c,e1,75,af,11,10,6b,56,52,3e,
   06,eb,61,80,a4,35,b7,e6,a7
"{B9FF840B-8731-4D56-A9B4-652E511C15A8}"=hex:90,6a,5b,40,dc,3d,b6,a2,ab,14,52,
   22,e5,e0,fe,73,7a,f0,09,d0
"{78DC5B4F-FA3E-42EA-860B-2BDF434CE4D7}"=hex:20,7f,64,08,40,17,18,28,d7,fc,5c,
   bc,29,dc,fb,38,6c,3e,a3,05
"{21701DD0-9D7E-43f7-A1B2-E92ED6E90A51}"=hex:6b,6c,a0,5f,c3,d3,b9,0d,cf,cc,31,
   eb,5b,62,f1,d3,34,49,01,45,c0,c5,1d,db,10,0c,c7,01
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\0001\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\0001\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\0001\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\0001\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\0001\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\0001\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\0001\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\0001\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\0001\Microsoft\Windows NT\CurrentVersion\Windows]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"RequireSignedAppInit_DLLs"=dword:00000001
.
Completion time: 2016-11-19  22:31:54
ComboFix-quarantined-files.txt  2016-11-19 09:31
.
Pre-Run: 17,509,920,768 bytes free
Post-Run: 18,843,136,000 bytes free
.
- - End Of File - - 1BB9C652A46F647118DDEC98AB372BA1
8F558EB6672622401DA993E1E865C861
 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 PM

Posted 19 November 2016 - 03:43 PM

Thank you for the information.

Please do this.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\WINDOWS\system32\fasttdde.dll

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop
  • Right-click on TDSSKiller.exe and select Run As Administrator
  • Click Accept on the End User License Agreement
  • Click Accept on the KSN Statement
  • Click Change parameters
  • Place a check mark in the following boxes

Detect TDLFS file system
Verify file digital signatures

  • Click OK
  • Click Start Scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects
  • If an infected file is detected, the default action will be Cure...do not change it
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now
  • Hit the Windows Key + E at the same time
  • Double click your Local Disk C: drive
  • Locate the file similar to TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that file in your reply
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. For additional help see here and here
  • Double click the aswMBR.exe file to run it. If requested, allow Avast to update the antivirus engine definitions
  • Leave the default settings then click Scan
  • When done, you will see Scan finished successfully. Click on Save log and save the file to your desktop
  • Copy and paste the contents of the log in your reply
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal link
  • TDSSKiller report
  • aswMBR report
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:07:06 PM

Posted 20 November 2016 - 04:26 PM

Hi Gary
 
I could not locate the file C:\WINDOWS\system32\fasttdde.dll when running the Virustotal Online Virus Scanner
 
Also when I was minimising the windows after running aswMBR I did get a blue screen and had to reboot.
 
PC seems to start up faster than it did but there is still constant HDD activity for at least a couple of hours after (I had to leave the house before things settled down)
 
Mike
 
 
22:49:13.0437 0x0584  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
22:49:19.0640 0x0584  ============================================================
22:49:19.0671 0x0584  Current date / time: 2016/11/20 22:49:19.0640
22:49:19.0671 0x0584  SystemInfo:
22:49:19.0671 0x0584  
22:49:19.0671 0x0584  OS Version: 5.1.2600 ServicePack: 3.0
22:49:19.0671 0x0584  Product type: Workstation
22:49:19.0671 0x0584  ComputerName: MARKWELL-KENNEL
22:49:19.0671 0x0584  UserName: Markwell Kennels
22:49:19.0671 0x0584  Windows directory: C:\WINDOWS
22:49:19.0671 0x0584  System windows directory: C:\WINDOWS
22:49:19.0671 0x0584  Processor architecture: Intel x86
22:49:19.0671 0x0584  Number of processors: 2
22:49:19.0671 0x0584  Page size: 0x1000
22:49:19.0671 0x0584  Boot type: Normal boot
22:49:19.0671 0x0584  ============================================================
22:49:24.0421 0x0584  KLMD registered as C:\WINDOWS\system32\drivers\77285550.sys
22:49:24.0421 0x0584  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 2600.6419, osProperties = 0x0
22:49:25.0093 0x0584  System UUID: {8CE15BB4-C1AC-2C97-E190-AFB6B24AD797}
22:49:26.0687 0x0584  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 ( 74.51 Gb ), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:49:26.0687 0x0584  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:49:26.0703 0x0584  Drive \Device\Harddisk2\DR6 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:49:26.0796 0x0584  ============================================================
22:49:26.0796 0x0584  \Device\Harddisk0\DR0:
22:49:26.0796 0x0584  MBR partitions:
22:49:26.0796 0x0584  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EAFF8
22:49:26.0796 0x0584  \Device\Harddisk1\DR1:
22:49:26.0796 0x0584  MBR partitions:
22:49:26.0796 0x0584  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D
22:49:26.0796 0x0584  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x88B8FDC, BlocksNum 0xA15FAE5
22:49:26.0796 0x0584  \Device\Harddisk2\DR6:
22:49:26.0796 0x0584  MBR partitions:
22:49:26.0796 0x0584  \Device\Harddisk2\DR6\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
22:49:26.0796 0x0584  ============================================================
22:49:26.0859 0x0584  C: <-> \Device\Harddisk0\DR0\Partition1
22:49:26.0890 0x0584  D: <-> \Device\Harddisk1\DR1\Partition1
22:49:26.0937 0x0584  E: <-> \Device\Harddisk1\DR1\Partition2
22:49:27.0656 0x0584  M: <-> \Device\Harddisk2\DR6\Partition1
22:49:27.0656 0x0584  ============================================================
22:49:27.0656 0x0584  Initialize success
22:49:27.0656 0x0584  ============================================================
22:49:49.0000 0x0794  ============================================================
22:49:49.0000 0x0794  Scan started
22:49:49.0000 0x0794  Mode: Manual; SigCheck; TDLFS;
22:49:49.0000 0x0794  ============================================================
22:49:49.0000 0x0794  KSN ping started
22:49:49.0484 0x0794  KSN ping finished: true
22:49:52.0796 0x0794  ================ Scan system memory ========================
22:49:52.0796 0x0794  System memory - ok
22:49:52.0796 0x0794  ================ Scan services =============================
22:49:52.0921 0x0794  Abiosdsk - ok
22:49:52.0968 0x0794  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:49:54.0406 0x0794  abp480n5 - ok
22:49:54.0500 0x0794  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:49:54.0875 0x0794  ACPI - ok
22:49:54.0906 0x0794  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
22:49:55.0171 0x0794  ACPIEC - ok
22:49:55.0250 0x0794  [ 7760EB1D134ECD2DCD83C067816F4B18, 03DB710DEF644387C536C90C893654EA05AD4C80362CEBD039F2368A13D491FE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:49:55.0296 0x0794  AdobeFlashPlayerUpdateSvc - ok
22:49:55.0343 0x0794  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:49:55.0656 0x0794  adpu160m - ok
22:49:55.0687 0x0794  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
22:49:55.0937 0x0794  aec - ok
22:49:55.0968 0x0794  [ A7B8A3A79D35215D798A300DF49ED23F, D441633C0F8E22F8976B95D6A3DCD552AA07C616AC5FE4379472954F7BE6075E ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
22:49:56.0046 0x0794  Afc - detected UnsignedFile.Multi.Generic ( 1 )
22:49:56.0609 0x0794  Detect skipped due to KSN trusted
22:49:56.0609 0x0794  Afc - ok
22:49:56.0656 0x0794  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
22:49:56.0828 0x0794  AFD - ok
22:49:56.0859 0x0794  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
22:49:57.0078 0x0794  agp440 - ok
22:49:57.0093 0x0794  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:49:57.0328 0x0794  agpCPQ - ok
22:49:57.0375 0x0794  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:49:57.0515 0x0794  Aha154x - ok
22:49:57.0546 0x0794  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:49:57.0781 0x0794  aic78u2 - ok
22:49:57.0812 0x0794  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:49:58.0046 0x0794  aic78xx - ok
22:49:58.0093 0x0794  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
22:49:58.0250 0x0794  Alerter - ok
22:49:58.0281 0x0794  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
22:49:58.0343 0x0794  ALG - ok
22:49:58.0359 0x0794  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
22:49:58.0562 0x0794  AliIde - ok
22:49:58.0593 0x0794  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:49:58.0781 0x0794  alim1541 - ok
22:49:58.0796 0x0794  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:49:59.0000 0x0794  amdagp - ok
22:49:59.0046 0x0794  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
22:49:59.0218 0x0794  amsint - ok
22:49:59.0328 0x0794  [ A9AE03362A846898368653E94B6DB1AA, EF6EE35E85C75561C1E6D38D0005C8E31FF492F0B2CDEB914ACA4E026759511D ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:49:59.0359 0x0794  Apple Mobile Device - ok
22:49:59.0359 0x0794  AppMgmt - ok
22:49:59.0406 0x0794  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
22:49:59.0625 0x0794  asc - ok
22:49:59.0656 0x0794  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:49:59.0781 0x0794  asc3350p - ok
22:49:59.0828 0x0794  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:50:00.0046 0x0794  asc3550 - ok
22:50:00.0171 0x0794  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:50:00.0187 0x0794  aspnet_state - ok
22:50:00.0234 0x0794  [ ACE407AF9DCE214772E04894C18BC18B, 5D54569C791520125ED472FFEBC6F5471DFA1D2C0274E488DAEC20824972246C ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
22:50:13.0765 0x0794  aswHwid - ok
22:50:13.0812 0x0794  [ 7393DE24CAE720E128FE61CC1A7632E3, 20EA724AB746973A53FF387F36F7CA445126C006A06858CA329654BED1E7CE6E ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
22:50:13.0906 0x0794  aswKbd - ok
22:50:13.0921 0x0794  [ 9A3BCD9CB36311EC1DB686010CE2E793, 66A9A6B3D23CA2D0D86887223AB4D8EC4F28426CFC950BAFECA9597834FBB915 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
22:50:14.0031 0x0794  aswMonFlt - ok
22:50:14.0078 0x0794  [ 7B948E3657BEA62E437BC46CA6EF6012, D518FEB29DBCC1406FFFAF7F618A4475B0A469D4C2714313859D7AD402283A5C ] aswNdis         C:\WINDOWS\system32\DRIVERS\aswNdis.sys
22:50:14.0109 0x0794  aswNdis - ok
22:50:14.0156 0x0794  [ A42284AB28C472CCAA778A15E1D6A00E, 2FC47E83DBA6B8F1FF85573CCB357805902F4D9C7AE18284131ED7F51D90B0CD ] aswNdis2        C:\WINDOWS\system32\drivers\aswNdis2.sys
22:50:14.0250 0x0794  aswNdis2 - ok
22:50:14.0281 0x0794  [ 500ECAF4154FF261963684B8DE01A254, 635879C18843F1084F3987CEA8B117D1A86ADAFB7E4F416748BB7787BB2527F3 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
22:50:14.0312 0x0794  aswRdr - ok
22:50:14.0359 0x0794  [ 39445B2AA5CD7711DA5572E816D5DC86, A63DF762A316CB69B3FD7731197EABDCDFB6BB21F840504A50B4363751EC909E ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
22:50:14.0437 0x0794  aswRvrt - ok
22:50:14.0531 0x0794  [ 03AD952FC1287D5623763E310CE081BA, BACCBDE6E1B98E9502B0ABDA5BBEC2FFDA50820085E08CFC50F81B5C728D843A ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
22:50:14.0671 0x0794  aswSnx - ok
22:50:14.0734 0x0794  [ E061C8C09103BBE429D9DB222ED7F4C3, 78C5DDB5BE25DED9BB58A4E12C2E3DDD3E798CFF5AC0F87D1BE615FAEC896B0E ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
22:50:14.0875 0x0794  aswSP - ok
22:50:14.0937 0x0794  [ 4369B067EA79A2650213EF8C95E4CA14, 66AE36DA39712648856FC7ABB06CFAF7ED2A5AA0809E5B6E375079AD9533D11F ] aswStmXP        C:\WINDOWS\system32\drivers\aswStmXP.sys
22:50:15.0031 0x0794  aswStmXP - ok
22:50:15.0062 0x0794  [ 43263F10446852B90CAF5FFEA57D6A87, 43F6CC5852E363A46509D3B1C336316B54522C5B63B28607A6C2FD707311A3DB ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
22:50:15.0140 0x0794  aswTdi - ok
22:50:15.0203 0x0794  [ 8CA850403483A9373406707E8144EB5C, 58C33AFFB6CA2F52BE2534D3099E6F76134484657413E9B4F8A58CB3F08F8FC8 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
22:50:15.0343 0x0794  aswVmm - ok
22:50:15.0390 0x0794  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:50:15.0609 0x0794  AsyncMac - ok
22:50:15.0640 0x0794  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
22:50:15.0843 0x0794  atapi - ok
22:50:15.0859 0x0794  Atdisk - ok
22:50:15.0875 0x0794  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:50:16.0109 0x0794  Atmarpc - ok
22:50:16.0156 0x0794  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
22:50:16.0328 0x0794  AudioSrv - ok
22:50:16.0390 0x0794  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
22:50:16.0562 0x0794  audstub - ok
22:50:16.0656 0x0794  [ F4E0580B5789474385E7ACB189C4AF2C, DB5BE2C852AC102AB8EB186362E582E250B843BA52B3B71AF08A5FDA8A6F91AF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:50:16.0687 0x0794  avast! Antivirus - ok
22:50:16.0718 0x0794  [ CAA9BB913356E9FD56761C9352B7054B, E810C6EE0673BEBCF9C74223D120589E8441CB1B74D25A7E10554B6EA96D6909 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
22:50:16.0765 0x0794  avast! Firewall - ok
22:50:16.0812 0x0794  [ 9D9B2624C7E8365FC699561111A46A99, 2EC0DBDB99A94E59E6272167ACB5992236B31AACC0F817A6E6D64A26211B5B73 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
22:50:16.0890 0x0794  avgtp - ok
22:50:16.0921 0x0794  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:50:17.0140 0x0794  Beep - ok
22:50:17.0203 0x0794  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
22:50:17.0390 0x0794  BITS - ok
22:50:17.0484 0x0794  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:50:17.0531 0x0794  Bonjour Service - ok
22:50:17.0562 0x0794  [ BB192385661DAF7F3D48B586F6E1D166, 82D2B871267690AFA453FAFF9E8F64F9806F121EC21D93C8F9795B42F4D16871 ] brmfrmps        C:\WINDOWS\system32\Brmfrmps.exe
22:50:17.0593 0x0794  brmfrmps - detected UnsignedFile.Multi.Generic ( 1 )
22:50:18.0140 0x0794  Detect skipped due to KSN trusted
22:50:18.0140 0x0794  brmfrmps - ok
22:50:18.0187 0x0794  [ D3FACB34FFF5DB91ADB70987838F8BA7, 5892F2070F040D0E80D527BE7422F5583548BECF36BBDA07E1CF246A8B5E60E4 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
22:50:18.0250 0x0794  Brother XP spl Service - ok
22:50:18.0281 0x0794  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
22:50:18.0343 0x0794  Browser - ok
22:50:18.0390 0x0794  [ 92A964547B96D697E5E9ED43B4297F5A, 01A84802B68253FF093EAFED5B85DE716BB85EBD080D92D4814B6FB39286CD24 ] BrScnUsb        C:\WINDOWS\system32\Drivers\BrScnUsb.sys
22:50:18.0531 0x0794  BrScnUsb - ok
22:50:18.0593 0x0794  [ 0471D5669F18C50E552B2BC0CB15E7B3, 472F471FF9E5A1FDD5610BAC2F5E727AB284B7B5A71C4E515D549667F0B5EB86 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
22:50:18.0640 0x0794  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
22:50:19.0140 0x0794  Detect skipped due to KSN trusted
22:50:19.0140 0x0794  BrYNSvc - ok
22:50:19.0265 0x0794  catchme - ok
22:50:19.0296 0x0794  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:50:19.0531 0x0794  cbidf - ok
22:50:19.0531 0x0794  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
22:50:19.0687 0x0794  cbidf2k - ok
22:50:19.0734 0x0794  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:50:19.0937 0x0794  CCDECODE - ok
22:50:19.0953 0x0794  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:50:20.0093 0x0794  cd20xrnt - ok
22:50:20.0156 0x0794  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
22:50:20.0406 0x0794  Cdaudio - ok
22:50:20.0437 0x0794  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
22:50:20.0671 0x0794  Cdfs - ok
22:50:20.0703 0x0794  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:50:20.0906 0x0794  Cdrom - ok
22:50:20.0953 0x0794  [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
22:50:21.0015 0x0794  cercsr6 - detected UnsignedFile.Multi.Generic ( 1 )
22:50:21.0515 0x0794  Detect skipped due to KSN trusted
22:50:21.0515 0x0794  cercsr6 - ok
22:50:21.0531 0x0794  Changer - ok
22:50:21.0640 0x0794  [ E3D207A5A9162AE3791338BDD03D4169, CD95BF8C75E03865CE30540B57B20DDD9E0289DE736795B01F87E23C57CF15C6 ] chromoting      C:\Program Files\Google\Chrome Remote Desktop\50.0.2661.23\remoting_host.exe
22:50:21.0656 0x0794  chromoting - detected UnsignedFile.Multi.Generic ( 1 )
22:50:22.0125 0x0794  Detect skipped due to KSN trusted
22:50:22.0125 0x0794  chromoting - ok
22:50:22.0156 0x0794  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
22:50:22.0312 0x0794  CiSvc - ok
22:50:22.0343 0x0794  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
22:50:22.0500 0x0794  ClipSrv - ok
22:50:22.0578 0x0794  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:50:22.0593 0x0794  clr_optimization_v2.0.50727_32 - ok
22:50:22.0640 0x0794  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:50:22.0656 0x0794  clr_optimization_v4.0.30319_32 - ok
22:50:22.0703 0x0794  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:50:22.0921 0x0794  CmdIde - ok
22:50:22.0953 0x0794  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:50:23.0187 0x0794  Compbatt - ok
22:50:23.0187 0x0794  COMSysApp - ok
22:50:23.0234 0x0794  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:50:23.0484 0x0794  Cpqarray - ok
22:50:23.0515 0x0794  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
22:50:23.0671 0x0794  CryptSvc - ok
22:50:23.0718 0x0794  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:50:23.0968 0x0794  dac2w2k - ok
22:50:23.0984 0x0794  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:50:24.0203 0x0794  dac960nt - ok
22:50:24.0265 0x0794  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:50:24.0359 0x0794  DcomLaunch - ok
22:50:24.0406 0x0794  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
22:50:24.0562 0x0794  Dhcp - ok
22:50:24.0609 0x0794  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
22:50:24.0812 0x0794  Disk - ok
22:50:24.0812 0x0794  dmadmin - ok
22:50:24.0875 0x0794  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
22:50:25.0187 0x0794  dmboot - ok
22:50:25.0250 0x0794  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
22:50:25.0468 0x0794  dmio - ok
22:50:25.0500 0x0794  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
22:50:25.0687 0x0794  dmload - ok
22:50:25.0718 0x0794  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
22:50:25.0890 0x0794  dmserver - ok
22:50:25.0921 0x0794  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
22:50:26.0125 0x0794  DMusic - ok
22:50:26.0156 0x0794  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:50:26.0234 0x0794  Dnscache - ok
22:50:26.0281 0x0794  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:50:26.0437 0x0794  Dot3svc - ok
22:50:26.0468 0x0794  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:50:26.0671 0x0794  dpti2o - ok
22:50:26.0703 0x0794  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:50:26.0921 0x0794  drmkaud - ok
22:50:26.0953 0x0794  [ 24646242310499D75C6DB4B32768A3B3, 0CFE849A6C89E7F2AA4D97768B56A53818E8E5A57B2A5B19130B097AF0F6BE19 ] drvmcdb         C:\WINDOWS\system32\drivers\drvmcdb.sys
22:50:27.0015 0x0794  drvmcdb - detected UnsignedFile.Multi.Generic ( 1 )
22:50:27.0562 0x0794  drvmcdb ( UnsignedFile.Multi.Generic ) - warning
22:50:27.0562 0x0794  Force sending object to P2P due to detect: drvmcdb
22:50:28.0390 0x0794  Object send P2P result: true
22:50:28.0859 0x0794  [ 2FF629C1C443E25D0149B9DFB77E43A8, 4D9121E5E7E7DBD97E3FE43720F3751015B61FB089F3420258033AC472D4F4DE ] drvnddm         C:\WINDOWS\system32\drivers\drvnddm.sys
22:50:28.0921 0x0794  drvnddm - detected UnsignedFile.Multi.Generic ( 1 )
22:50:29.0437 0x0794  Detect skipped due to KSN trusted
22:50:29.0437 0x0794  drvnddm - ok
22:50:29.0484 0x0794  [ D57A8FC800B501AC05B10D00F66D127A, 8C24A30710582EEA8CC984B8B5B865F32042496916718395973BA61A1C0E67F3 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:50:29.0531 0x0794  E100B - ok
22:50:29.0593 0x0794  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
22:50:29.0750 0x0794  EapHost - ok
22:50:29.0796 0x0794  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
22:50:29.0953 0x0794  ERSvc - ok
22:50:29.0984 0x0794  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
22:50:30.0046 0x0794  Eventlog - ok
22:50:30.0093 0x0794  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
22:50:30.0171 0x0794  EventSystem - ok
22:50:30.0218 0x0794  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
22:50:30.0406 0x0794  Fastfat - ok
22:50:30.0437 0x0794  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:50:30.0515 0x0794  FastUserSwitchingCompatibility - ok
22:50:30.0562 0x0794  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
22:50:30.0734 0x0794  Fax - ok
22:50:30.0750 0x0794  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
22:50:30.0937 0x0794  Fdc - ok
22:50:30.0968 0x0794  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
22:50:31.0203 0x0794  Fips - ok
22:50:31.0250 0x0794  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:50:31.0437 0x0794  Flpydisk - ok
22:50:31.0484 0x0794  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:50:31.0687 0x0794  FltMgr - ok
22:50:31.0765 0x0794  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:50:31.0781 0x0794  FontCache3.0.0.0 - ok
22:50:31.0812 0x0794  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:50:32.0000 0x0794  Fs_Rec - ok
22:50:32.0031 0x0794  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:50:32.0265 0x0794  Ftdisk - ok
22:50:32.0296 0x0794  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:50:32.0312 0x0794  GEARAspiWDM - ok
22:50:32.0343 0x0794  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:50:32.0578 0x0794  Gpc - ok
22:50:32.0640 0x0794  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:50:32.0656 0x0794  gupdate - ok
22:50:32.0671 0x0794  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:50:32.0687 0x0794  gupdatem - ok
22:50:32.0750 0x0794  [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C, 8F62DF65DB30770448E297D000B570683DEA454A5D84B5BCB1478D91030212DB ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:50:32.0765 0x0794  gusvc - ok
22:50:32.0812 0x0794  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:50:33.0000 0x0794  HDAudBus - ok
22:50:33.0078 0x0794  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:50:33.0234 0x0794  helpsvc - ok
22:50:33.0250 0x0794  [ 748031FF4FE45CCC47546294905FEAB8, 451E5988529997C60CC4A43B71D35BDA8596D799E86A44218B32CBEC8F8BBF27 ] HidBatt         C:\WINDOWS\system32\DRIVERS\HidBatt.sys
22:50:33.0421 0x0794  HidBatt - ok
22:50:33.0453 0x0794  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
22:50:33.0593 0x0794  HidServ - ok
22:50:33.0609 0x0794  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:50:33.0828 0x0794  HidUsb - ok
22:50:33.0875 0x0794  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
22:50:34.0015 0x0794  hkmsvc - ok
22:50:34.0062 0x0794  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
22:50:34.0265 0x0794  hpn - ok
22:50:34.0296 0x0794  [ 30CA91E657CEDE2F95359D6EF186F650, 6BBAFBE50E7819695A79586A086A9952B737E174BA2C63C1F180D97EC4AABA4B ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:50:34.0437 0x0794  HPZid412 - ok
22:50:34.0500 0x0794  [ EFD31AFA752AA7C7BBB57BCBE2B01C78, AC671CEE9F8DD9FE6C51069212AEB1736BB914361D4185D1E87068D244BF2B7A ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:50:34.0625 0x0794  HPZipr12 - ok
22:50:34.0640 0x0794  [ 7AC43C38CA8FD7ED0B0A4466F753E06E, B4D44B366170D247E0145B9435CC678BEE2A2A42CFF7B485E077B3B582557B5A ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:50:34.0781 0x0794  HPZius12 - ok
22:50:34.0828 0x0794  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
22:50:34.0937 0x0794  HTTP - ok
22:50:34.0984 0x0794  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
22:50:35.0156 0x0794  HTTPFilter - ok
22:50:35.0203 0x0794  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
22:50:35.0359 0x0794  i2omgmt - ok
22:50:35.0390 0x0794  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:50:35.0609 0x0794  i2omp - ok
22:50:35.0640 0x0794  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:50:35.0843 0x0794  i8042prt - ok
22:50:35.0968 0x0794  [ 5A8E05F1D5C36ABD58CFFA111EB325EA, F881543B911C94BA6E0E4FF754286F18DBB30DAEEA13982A7D5179E51AC2C30F ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:50:36.0250 0x0794  ialm - ok
22:50:36.0359 0x0794  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:50:36.0390 0x0794  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
22:50:36.0890 0x0794  Detect skipped due to KSN trusted
22:50:36.0890 0x0794  IDriverT - ok
22:50:37.0000 0x0794  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:50:37.0093 0x0794  idsvc - ok
22:50:37.0156 0x0794  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
22:50:37.0359 0x0794  Imapi - ok
22:50:37.0421 0x0794  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
22:50:37.0578 0x0794  ImapiService - ok
22:50:37.0625 0x0794  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:50:37.0812 0x0794  ini910u - ok
22:50:37.0828 0x0794  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
22:50:38.0031 0x0794  IntelIde - ok
22:50:38.0062 0x0794  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:50:38.0234 0x0794  intelppm - ok
22:50:38.0265 0x0794  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
22:50:38.0468 0x0794  Ip6Fw - ok
22:50:38.0484 0x0794  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:50:38.0687 0x0794  IpFilterDriver - ok
22:50:38.0703 0x0794  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:50:38.0890 0x0794  IpInIp - ok
22:50:38.0937 0x0794  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:50:39.0140 0x0794  IpNat - ok
22:50:39.0187 0x0794  [ C23748B33D431E4CD5CA2E62500545FF, C62BDF433F50536BCDBC574D2F3B12D470C3B0FD950A553BB3921BB3195E41AA ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:50:39.0250 0x0794  iPod Service - ok
22:50:39.0281 0x0794  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:50:39.0468 0x0794  IPSec - ok
22:50:39.0484 0x0794  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
22:50:39.0640 0x0794  IRENUM - ok
22:50:39.0656 0x0794  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:50:39.0828 0x0794  isapnp - ok
22:50:39.0890 0x0794  [ 6719C4887928D344532B634DA18BA900, 721A0AF21A2147DB1289A976564CCC91BC509A768C2FFA1385EA9A5AEC3580CA ] iTeleportService C:\Program Files\iTeleport\iTeleport Connect\iTeleportService.exe
22:50:39.0890 0x0794  iTeleportService - detected UnsignedFile.Multi.Generic ( 1 )
22:50:40.0359 0x0794  Detect skipped due to KSN trusted
22:50:40.0359 0x0794  iTeleportService - ok
22:50:40.0468 0x0794  [ BF918C9473D64BBD53C22C47045883F5, 1980726FBFEEE75E4B360B1A4F438CF1ADD929AC21BD5197F740CB8AD8194BD2 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:50:40.0500 0x0794  JavaQuickStarterService - ok
22:50:40.0546 0x0794  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:50:40.0765 0x0794  Kbdclass - ok
22:50:40.0796 0x0794  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:50:40.0953 0x0794  kbdhid - ok
22:50:40.0984 0x0794  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
22:50:41.0250 0x0794  kmixer - ok
22:50:41.0281 0x0794  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
22:50:41.0437 0x0794  KSecDD - ok
22:50:41.0468 0x0794  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
22:50:41.0546 0x0794  lanmanserver - ok
22:50:41.0593 0x0794  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:50:41.0671 0x0794  lanmanworkstation - ok
22:50:41.0671 0x0794  lbrtfdc - ok
22:50:41.0718 0x0794  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
22:50:41.0875 0x0794  LmHosts - ok
22:50:41.0906 0x0794  [ 98312C9EAB656053BE1ACA3A8A5912B3, 710615893C54966E117D42D9D67457302565962EE140B0BDC1CF56CA78DD4D14 ] MASPINT         C:\WINDOWS\system32\drivers\MASPINT.sys
22:50:41.0984 0x0794  MASPINT - detected UnsignedFile.Multi.Generic ( 1 )
22:50:42.0500 0x0794  Detect skipped due to KSN trusted
22:50:42.0500 0x0794  MASPINT - ok
22:50:42.0546 0x0794  [ 5023F594D5448E16F920157174C61358, A8A188CA4E9995BBFCD419680A43EE8AD1E0C7EE529BEC8E0922581386982C4F ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
22:50:42.0687 0x0794  MBAMSwissArmy - ok
22:50:42.0718 0x0794  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
22:50:42.0875 0x0794  Messenger - ok
22:50:42.0937 0x0794  [ 3FE870E87913F113227F9FD35D8F4456, 571A91EAD96E417612E64E8C27BB80B6041E24D3F2696158FD0ABBB2B2CE4345 ] MGE Service module C:\WINDOWS\system32\MGE\RunSC.exe
22:50:42.0953 0x0794  MGE Service module - detected UnsignedFile.Multi.Generic ( 1 )
22:50:43.0437 0x0794  Detect skipped due to KSN trusted
22:50:43.0437 0x0794  MGE Service module - ok
22:50:43.0468 0x0794  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
22:50:43.0671 0x0794  mnmdd - ok
22:50:43.0703 0x0794  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
22:50:43.0859 0x0794  mnmsrvc - ok
22:50:43.0890 0x0794  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
22:50:44.0078 0x0794  Modem - ok
22:50:44.0109 0x0794  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:50:44.0359 0x0794  Mouclass - ok
22:50:44.0406 0x0794  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:50:44.0609 0x0794  mouhid - ok
22:50:44.0640 0x0794  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
22:50:44.0828 0x0794  MountMgr - ok
22:50:44.0890 0x0794  [ 86320BA9D6A972C79D467931518B165A, 4D7ABD7E5637B9AF98D7F3D4C4DAE595C27C8FEEBAAFF9E6443271C41598FCE1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:50:44.0921 0x0794  MozillaMaintenance - ok
22:50:44.0968 0x0794  [ AC183B5FCA3A6AC6572E05747D7F2141, 79FE6319C7BC1FE0E3BA8E3796AF37A2E0AE4A09AE0BB4AAEFDB480EEA37578E ] mr8980          C:\WINDOWS\system32\DRIVERS\mr8980.sys
22:50:45.0015 0x0794  mr8980 - ok
22:50:45.0062 0x0794  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:50:45.0234 0x0794  mraid35x - ok
22:50:45.0265 0x0794  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:50:45.0468 0x0794  MRxDAV - ok
22:50:45.0515 0x0794  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:50:45.0718 0x0794  MRxSmb - ok
22:50:45.0750 0x0794  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
22:50:45.0890 0x0794  MSDTC - ok
22:50:45.0906 0x0794  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:50:46.0078 0x0794  Msfs - ok
22:50:46.0078 0x0794  MSIServer - ok
22:50:46.0109 0x0794  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:50:46.0296 0x0794  MSKSSRV - ok
22:50:46.0343 0x0794  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:50:46.0515 0x0794  MSPCLOCK - ok
22:50:46.0531 0x0794  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:50:46.0765 0x0794  MSPQM - ok
22:50:46.0796 0x0794  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:50:46.0984 0x0794  mssmbios - ok
22:50:47.0031 0x0794  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:50:47.0218 0x0794  MSTEE - ok
22:50:47.0265 0x0794  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
22:50:47.0390 0x0794  Mup - ok
22:50:47.0421 0x0794  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:50:47.0609 0x0794  NABTSFEC - ok
22:50:47.0656 0x0794  [ 9121D8FFFF773C66BBF4955E4F7AAC23, A852E41F27540CAD6C04BBDC749335ACF03A21D66645EA3E152317D91A306101 ] NAL             C:\WINDOWS\system32\Drivers\iqvw32.sys
22:50:47.0750 0x0794  NAL - detected UnsignedFile.Multi.Generic ( 1 )
22:50:48.0250 0x0794  Detect skipped due to KSN trusted
22:50:48.0250 0x0794  NAL - ok
22:50:48.0281 0x0794  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
22:50:48.0453 0x0794  napagent - ok
22:50:48.0609 0x0794  [ 6D8FCDD5BB3B676EF58FA234073492C6, 07A69DD00E45C59CBB6FABFBD62FE897655970BE2D09997CF29D20241ED9AF13 ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:50:48.0671 0x0794  NBService - ok
22:50:48.0703 0x0794  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
22:50:48.0906 0x0794  NDIS - ok
22:50:48.0921 0x0794  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:50:49.0109 0x0794  NdisIP - ok
22:50:49.0187 0x0794  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:50:49.0281 0x0794  NdisTapi - ok
22:50:49.0359 0x0794  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:50:49.0562 0x0794  Ndisuio - ok
22:50:49.0593 0x0794  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:50:49.0796 0x0794  NdisWan - ok
22:50:49.0843 0x0794  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:50:49.0968 0x0794  NDProxy - ok
22:50:50.0000 0x0794  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:50:50.0234 0x0794  NetBIOS - ok
22:50:50.0281 0x0794  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:50:50.0515 0x0794  NetBT - ok
22:50:50.0562 0x0794  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
22:50:50.0703 0x0794  NetDDE - ok
22:50:50.0703 0x0794  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
22:50:50.0859 0x0794  NetDDEdsdm - ok
22:50:50.0890 0x0794  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:50:51.0031 0x0794  Netlogon - ok
22:50:51.0093 0x0794  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
22:50:51.0296 0x0794  Netman - ok
22:50:51.0328 0x0794  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:50:51.0359 0x0794  NetTcpPortSharing - ok
22:50:51.0390 0x0794  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
22:50:51.0453 0x0794  Nla - ok
22:50:51.0531 0x0794  [ E32686B4E27D11F83E3F2844E104C66C, 9EE5A95EA4779387ECD6DCAB7A72D22E1E6D98501DCAED8884CCC97B0FF618A0 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
22:50:51.0578 0x0794  NMIndexingService - ok
22:50:51.0625 0x0794  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:50:51.0796 0x0794  Npfs - ok
22:50:51.0859 0x0794  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:50:52.0093 0x0794  Ntfs - ok
22:50:52.0093 0x0794  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
22:50:52.0234 0x0794  NtLmSsp - ok
22:50:52.0312 0x0794  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
22:50:52.0484 0x0794  NtmsSvc - ok
22:50:52.0500 0x0794  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:50:52.0687 0x0794  Null - ok
22:50:52.0812 0x0794  [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:50:53.0203 0x0794  nv - ok
22:50:53.0250 0x0794  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:50:53.0468 0x0794  NwlnkFlt - ok
22:50:53.0515 0x0794  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:50:53.0718 0x0794  NwlnkFwd - ok
22:50:53.0750 0x0794  [ 53D5F1278D9EDB21689BBBCECC09108D, 561E1662B13E6F4DFE151267E351552CE340AC0D4BF74E31C4CACAD44BB2EBFA ] omci            C:\WINDOWS\system32\DRIVERS\omci.sys
22:50:53.0812 0x0794  omci - detected UnsignedFile.Multi.Generic ( 1 )
22:50:54.0343 0x0794  Detect skipped due to KSN trusted
22:50:54.0343 0x0794  omci - ok
22:50:54.0390 0x0794  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
22:50:54.0578 0x0794  Parport - ok
22:50:54.0593 0x0794  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
22:50:54.0781 0x0794  PartMgr - ok
22:50:54.0812 0x0794  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
22:50:55.0000 0x0794  ParVdm - ok
22:50:55.0031 0x0794  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
22:50:55.0218 0x0794  PCI - ok
22:50:55.0234 0x0794  PCIDump - ok
22:50:55.0250 0x0794  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
22:50:55.0421 0x0794  PCIIde - ok
22:50:55.0468 0x0794  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
22:50:55.0671 0x0794  Pcmcia - ok
22:50:55.0671 0x0794  PDCOMP - ok
22:50:55.0687 0x0794  PDFRAME - ok
22:50:55.0687 0x0794  PDRELI - ok
22:50:55.0703 0x0794  PDRFRAME - ok
22:50:55.0734 0x0794  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
22:50:55.0953 0x0794  perc2 - ok
22:50:55.0984 0x0794  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:50:56.0218 0x0794  perc2hib - ok
22:50:56.0265 0x0794  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
22:50:56.0343 0x0794  PlugPlay - ok
22:50:56.0375 0x0794  [ 2D091A99624FB9E7EEF0A86D872EC0C3, 465C0772E23F7959EC71DCCFA3304E2E46FD31548AE37D7BA3DAAA59E6B561FD ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
22:50:56.0390 0x0794  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:50:56.0890 0x0794  Detect skipped due to KSN trusted
22:50:56.0890 0x0794  Pml Driver HPZ12 - ok
22:50:56.0906 0x0794  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
22:50:57.0046 0x0794  PolicyAgent - ok
22:50:57.0093 0x0794  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:50:57.0265 0x0794  PptpMiniport - ok
22:50:57.0265 0x0794  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:50:57.0406 0x0794  ProtectedStorage - ok
22:50:57.0437 0x0794  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
22:50:57.0609 0x0794  PSched - ok
22:50:57.0640 0x0794  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:50:57.0859 0x0794  Ptilink - ok
22:50:57.0890 0x0794  [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:50:57.0968 0x0794  PxHelp20 - ok
22:50:58.0000 0x0794  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:50:58.0234 0x0794  ql1080 - ok
22:50:58.0250 0x0794  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:50:58.0453 0x0794  Ql10wnt - ok
22:50:58.0484 0x0794  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:50:58.0687 0x0794  ql12160 - ok
22:50:58.0718 0x0794  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:50:59.0546 0x0794  ql1240 - ok
22:50:59.0562 0x0794  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:50:59.0750 0x0794  ql1280 - ok
22:50:59.0796 0x0794  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:50:59.0984 0x0794  RasAcd - ok
22:51:00.0015 0x0794  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:51:00.0187 0x0794  RasAuto - ok
22:51:00.0203 0x0794  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:51:00.0390 0x0794  Rasl2tp - ok
22:51:00.0453 0x0794  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:51:00.0609 0x0794  RasMan - ok
22:51:00.0625 0x0794  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:51:00.0828 0x0794  RasPppoe - ok
22:51:00.0843 0x0794  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
22:51:01.0062 0x0794  Raspti - ok
22:51:01.0093 0x0794  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:51:01.0296 0x0794  Rdbss - ok
22:51:01.0328 0x0794  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:51:01.0546 0x0794  RDPCDD - ok
22:51:01.0593 0x0794  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:51:01.0812 0x0794  rdpdr - ok
22:51:01.0859 0x0794  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
22:51:01.0968 0x0794  RDPWD - ok
22:51:02.0000 0x0794  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
22:51:02.0156 0x0794  RDSessMgr - ok
22:51:02.0203 0x0794  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
22:51:02.0406 0x0794  redbook - ok
22:51:02.0468 0x0794  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:51:02.0625 0x0794  RemoteAccess - ok
22:51:02.0656 0x0794  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:51:02.0796 0x0794  RpcLocator - ok
22:51:02.0828 0x0794  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
22:51:02.0921 0x0794  RpcSs - ok
22:51:02.0953 0x0794  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
22:51:03.0109 0x0794  RSVP - ok
22:51:03.0125 0x0794  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:51:03.0265 0x0794  SamSs - ok
22:51:03.0281 0x0794  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
22:51:03.0437 0x0794  SCardSvr - ok
22:51:03.0484 0x0794  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:51:03.0656 0x0794  Schedule - ok
22:51:03.0687 0x0794  [ 8EDD7B9E4A4B4C16E2DAB9188CAA861B, EBECA68AF8B609F015FA1B2BBFAE65288D1452908DB6D031D1BD6CEA780A0C47 ] SDDMI2          C:\WINDOWS\system32\DDMI2.sys
22:51:03.0796 0x0794  SDDMI2 - detected UnsignedFile.Multi.Generic ( 1 )
22:51:04.0250 0x0794  Detect skipped due to KSN trusted
22:51:04.0250 0x0794  SDDMI2 - ok
22:51:04.0281 0x0794  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:51:04.0421 0x0794  Secdrv - ok
22:51:04.0468 0x0794  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
22:51:04.0609 0x0794  seclogon - ok
22:51:04.0656 0x0794  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
22:51:04.0796 0x0794  SENS - ok
22:51:04.0828 0x0794  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
22:51:05.0031 0x0794  serenum - ok
22:51:05.0062 0x0794  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
22:51:05.0265 0x0794  Serial - ok
22:51:05.0312 0x0794  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
22:51:05.0546 0x0794  Sfloppy - ok
22:51:05.0593 0x0794  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:51:05.0765 0x0794  SharedAccess - ok
22:51:05.0812 0x0794  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:51:05.0875 0x0794  ShellHWDetection - ok
22:51:05.0875 0x0794  Simbad - ok
22:51:05.0906 0x0794  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:51:06.0140 0x0794  sisagp - ok
22:51:06.0171 0x0794  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:51:06.0359 0x0794  SLIP - ok
22:51:06.0906 0x0794  [ FD49D519464156EF5C5D43ED3D907381, A53ED98A8C5031F4A93348CC078134D66927109BDED2EBF4F3D6C3314985D496 ] SNP2STD         C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
22:51:08.0000 0x0794  SNP2STD - ok
22:51:08.0093 0x0794  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:51:08.0265 0x0794  Sparrow - ok
22:51:08.0296 0x0794  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
22:51:08.0500 0x0794  splitter - ok
22:51:08.0531 0x0794  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
22:51:08.0609 0x0794  Spooler - ok
22:51:08.0671 0x0794  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
22:51:08.0781 0x0794  sr - ok
22:51:08.0828 0x0794  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
22:51:08.0921 0x0794  srservice - ok
22:51:09.0000 0x0794  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:51:09.0171 0x0794  Srv - ok
22:51:09.0218 0x0794  [ 1CBD1B58A32DE97899F5290B05F856DB, BD0215AA9FC39E7B1BDF721E0413931039BE77CF88D8113B4B734C6409082832 ] sscdbhk5        C:\WINDOWS\system32\drivers\sscdbhk5.sys
22:51:09.0312 0x0794  sscdbhk5 - detected UnsignedFile.Multi.Generic ( 1 )
22:51:09.0781 0x0794  Detect skipped due to KSN trusted
22:51:09.0781 0x0794  sscdbhk5 - ok
22:51:09.0828 0x0794  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:51:09.0921 0x0794  SSDPSRV - ok
22:51:09.0953 0x0794  [ 7FB07AC152D7A87E66204860002BD9A4, FE7E57642AAFAB2AA22239DEDE9140AD72DADA17C458F2C7D91E17395EF289BF ] ssrtln          C:\WINDOWS\system32\drivers\ssrtln.sys
22:51:10.0031 0x0794  ssrtln - detected UnsignedFile.Multi.Generic ( 1 )
22:51:10.0531 0x0794  Detect skipped due to KSN trusted
22:51:10.0531 0x0794  ssrtln - ok
22:51:10.0562 0x0794  [ 1F730FDDC8E4602ECFD8D143F970CF82, 71CCC206C7C15DAD420F8AFDC08EEB5525ACD509350636197E3373D778A5559D ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
22:51:10.0625 0x0794  StarOpen - ok
22:51:10.0703 0x0794  [ 352B663A81402BE7CD7BD4EA27C9998C, 19F61CBEEE53E46CA619A74A574597C87FF74612DF80EB5E9360D9D6927FFCD6 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
22:51:10.0765 0x0794  STHDA - ok
22:51:10.0812 0x0794  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
22:51:11.0015 0x0794  stisvc - ok
22:51:11.0046 0x0794  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:51:11.0250 0x0794  streamip - ok
22:51:11.0312 0x0794  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
22:51:11.0500 0x0794  swenum - ok
22:51:11.0531 0x0794  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
22:51:11.0734 0x0794  swmidi - ok
22:51:11.0750 0x0794  SwPrv - ok
22:51:11.0765 0x0794  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
22:51:11.0968 0x0794  symc810 - ok
22:51:12.0015 0x0794  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:51:12.0218 0x0794  symc8xx - ok
22:51:12.0250 0x0794  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:51:12.0453 0x0794  sym_hi - ok
22:51:12.0484 0x0794  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:51:12.0656 0x0794  sym_u3 - ok
22:51:12.0687 0x0794  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
22:51:12.0890 0x0794  sysaudio - ok
22:51:12.0937 0x0794  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
22:51:13.0078 0x0794  SysmonLog - ok
22:51:13.0140 0x0794  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:51:13.0281 0x0794  TapiSrv - ok
22:51:13.0359 0x0794  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:51:13.0515 0x0794  Tcpip - ok
22:51:13.0546 0x0794  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
22:51:13.0734 0x0794  TDPIPE - ok
22:51:13.0765 0x0794  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
22:51:13.0984 0x0794  TDTCP - ok
22:51:14.0375 0x0794  [ C38948C3EF6D42AFC3B54E27DAA28113, 0560C89F38C40BD02D44BB1EB58043CE502CCE49B9871DC77643020D06DA4E1D ] TeamViewer      C:\Program Files\TeamViewer\TeamViewer_Service.exe
22:51:14.0859 0x0794  TeamViewer - ok
22:51:14.0921 0x0794  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:51:15.0140 0x0794  TermDD - ok
22:51:15.0218 0x0794  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
22:51:15.0390 0x0794  TermService - ok
22:51:15.0484 0x0794  [ C89DAABDFF5BD984181F45ADF6DDB24A, D2A408AB226AFB71489D805661C0C48FE42245BE2B3A40C8AF9B05D1F2457BDC ] tfsnboio        C:\WINDOWS\system32\dla\tfsnboio.sys
22:51:15.0578 0x0794  tfsnboio - detected UnsignedFile.Multi.Generic ( 1 )
22:51:16.0109 0x0794  tfsnboio ( UnsignedFile.Multi.Generic ) - warning
22:51:16.0546 0x0794  [ F093906C27FC9C59BD03D84807266107, 934B68C91FE427D8E3F232C59E5751C7C2D8C0646AECB3103FC1B5E801F556B5 ] tfsncofs        C:\WINDOWS\system32\dla\tfsncofs.sys
22:51:16.0593 0x0794  tfsncofs - detected UnsignedFile.Multi.Generic ( 1 )
22:51:17.0078 0x0794  tfsncofs ( UnsignedFile.Multi.Generic ) - warning
22:51:17.0515 0x0794  [ 9294575CDAD17D1DADFCD98A2CA26E7A, 6C2C50135B34810F64FF703CA7988E4A3E094635B42F177B1B66A222BFE93F4F ] tfsndrct        C:\WINDOWS\system32\dla\tfsndrct.sys
22:51:17.0562 0x0794  tfsndrct - detected UnsignedFile.Multi.Generic ( 1 )
22:51:18.0078 0x0794  tfsndrct ( UnsignedFile.Multi.Generic ) - warning
22:51:18.0515 0x0794  [ CDCC394CBAAC183F9BDEBF6D2F97C5C6, 4C90ABFDBA389167E9E5D23C884B85EC300C2466961204B46E7A3694A4098635 ] tfsndres        C:\WINDOWS\system32\dla\tfsndres.sys
22:51:18.0593 0x0794  tfsndres - detected UnsignedFile.Multi.Generic ( 1 )
22:51:19.0140 0x0794  tfsndres ( UnsignedFile.Multi.Generic ) - warning
22:51:19.0140 0x0794  Force sending object to P2P due to detect: tfsndres
22:51:19.0937 0x0794  Object send P2P result: true
22:51:20.0375 0x0794  [ 0A6C7C989DD76BB8989FD958AC5601D0, A539633FE753B899565C0AA2044AF81991F18C30B7D302551159BC532B83EF34 ] tfsnifs         C:\WINDOWS\system32\dla\tfsnifs.sys
22:51:20.0453 0x0794  tfsnifs - detected UnsignedFile.Multi.Generic ( 1 )
22:51:20.0968 0x0794  tfsnifs ( UnsignedFile.Multi.Generic ) - warning
22:51:21.0390 0x0794  [ 92A17C0D73500F9B9C3028DA9E4CDBA6, 55363A62D9333DCA127A8086988091688324B3BB44B1C7DB753083745E1B6284 ] tfsnopio        C:\WINDOWS\system32\dla\tfsnopio.sys
22:51:21.0484 0x0794  tfsnopio - detected UnsignedFile.Multi.Generic ( 1 )
22:51:21.0953 0x0794  tfsnopio ( UnsignedFile.Multi.Generic ) - warning
22:51:21.0953 0x0794  Force sending object to P2P due to detect: tfsnopio
22:51:22.0703 0x0794  Object send P2P result: true
22:51:23.0171 0x0794  [ 15AB1A2BB2B35EB1DCDA39405114AFC6, D92F9026B1A5E6D259A5E82A347C3BDEB5A928590EA1C6DCD315431F628111C3 ] tfsnpool        C:\WINDOWS\system32\dla\tfsnpool.sys
22:51:23.0218 0x0794  tfsnpool - detected UnsignedFile.Multi.Generic ( 1 )
22:51:23.0703 0x0794  tfsnpool ( UnsignedFile.Multi.Generic ) - warning
22:51:24.0125 0x0794  [ 370D2779668BF3B8D14F34356C41AB9C, 8D6A45FC7A772557A05153BB1F9E943A6F3C7D1B08163DAE04D15F1AC8831DE5 ] tfsnudf         C:\WINDOWS\system32\dla\tfsnudf.sys
22:51:24.0203 0x0794  tfsnudf - detected UnsignedFile.Multi.Generic ( 1 )
22:51:24.0671 0x0794  tfsnudf ( UnsignedFile.Multi.Generic ) - warning
22:51:25.0140 0x0794  [ 4564799868C4BCDF28C8EFC6D4C48C4B, 9AA2FE286AF4C7DC3805E5AFB08771F2D050E82545F18A5D20FA3462E67C1732 ] tfsnudfa        C:\WINDOWS\system32\dla\tfsnudfa.sys
22:51:25.0203 0x0794  tfsnudfa - detected UnsignedFile.Multi.Generic ( 1 )
22:51:25.0718 0x0794  Detect skipped due to KSN trusted
22:51:25.0718 0x0794  tfsnudfa - ok
22:51:25.0750 0x0794  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:51:25.0781 0x0794  Themes - ok
22:51:25.0828 0x0794  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
22:51:26.0015 0x0794  TosIde - ok
22:51:26.0062 0x0794  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:51:26.0234 0x0794  TrkWks - ok
22:51:26.0281 0x0794  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:51:26.0437 0x0794  Udfs - ok
22:51:26.0484 0x0794  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
22:51:26.0625 0x0794  ultra - ok
22:51:26.0687 0x0794  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:51:26.0890 0x0794  Update - ok
22:51:26.0937 0x0794  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:51:27.0031 0x0794  upnphost - ok
22:51:27.0062 0x0794  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
22:51:27.0234 0x0794  UPS - ok
22:51:27.0265 0x0794  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
22:51:27.0328 0x0794  USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
22:51:27.0828 0x0794  Detect skipped due to KSN trusted
22:51:27.0828 0x0794  USBAAPL - ok
22:51:27.0875 0x0794  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
22:51:27.0984 0x0794  usbaudio - ok
22:51:28.0015 0x0794  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:51:28.0140 0x0794  usbccgp - ok
22:51:28.0187 0x0794  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:51:28.0265 0x0794  usbehci - ok
22:51:28.0343 0x0794  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:51:28.0546 0x0794  usbhub - ok
22:51:28.0578 0x0794  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:51:28.0796 0x0794  usbprint - ok
22:51:28.0828 0x0794  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:51:28.0906 0x0794  usbscan - ok
22:51:28.0937 0x0794  [ 84C44D720655A8AA475E57A9E764D675, 2D450199338A217FBD951317812A74223E8B477974C7634667E8896316C3FEA0 ] usbser          C:\WINDOWS\system32\DRIVERS\usbser.sys
22:51:29.0031 0x0794  usbser - ok
22:51:29.0062 0x0794  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:51:29.0250 0x0794  USBSTOR - ok
22:51:29.0281 0x0794  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:51:29.0453 0x0794  usbuhci - ok
22:51:29.0500 0x0794  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
22:51:29.0609 0x0794  usbvideo - ok
22:51:29.0656 0x0794  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
22:51:29.0875 0x0794  VgaSave - ok
22:51:29.0906 0x0794  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:51:30.0093 0x0794  viaagp - ok
22:51:30.0109 0x0794  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
22:51:30.0328 0x0794  ViaIde - ok
22:51:30.0359 0x0794  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
22:51:30.0562 0x0794  VolSnap - ok
22:51:30.0625 0x0794  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
22:51:30.0718 0x0794  VSS - ok
22:51:30.0750 0x0794  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time         C:\WINDOWS\system32\w32time.dll
22:51:30.0921 0x0794  w32time - ok
22:51:30.0984 0x0794  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:51:31.0156 0x0794  Wanarp - ok
22:51:31.0234 0x0794  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
22:51:31.0343 0x0794  Wdf01000 - ok
22:51:31.0343 0x0794  WDICA - ok
22:51:31.0375 0x0794  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:51:31.0578 0x0794  wdmaud - ok
22:51:31.0625 0x0794  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:51:31.0765 0x0794  WebClient - ok
22:51:31.0843 0x0794  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:51:31.0984 0x0794  winmgmt - ok
22:51:32.0140 0x0794  [ CD99C9FEAE87C1963273F6B150251E33, 8EADA8A4156F23A861EE2180145485C073A0DDEBD924452CAFFC65188577A1D1 ] WMConnectCDS    C:\Program Files\Windows Media Connect 2\wmccds.exe
22:51:32.0234 0x0794  WMConnectCDS - detected UnsignedFile.Multi.Generic ( 1 )
22:51:32.0703 0x0794  Detect skipped due to KSN trusted
22:51:32.0703 0x0794  WMConnectCDS - ok
22:51:32.0734 0x0794  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:51:32.0781 0x0794  WmdmPmSN - ok
22:51:32.0812 0x0794  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:51:32.0968 0x0794  WmiApSrv - ok
22:51:32.0984 0x0794  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:51:33.0015 0x0794  WpdUsb - ok
22:51:33.0109 0x0794  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:51:33.0203 0x0794  WPFFontCache_v0400 - ok
22:51:33.0265 0x0794  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:51:33.0468 0x0794  WS2IFSL - ok
22:51:33.0515 0x0794  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
22:51:33.0671 0x0794  wscsvc - ok
22:51:33.0703 0x0794  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:51:33.0906 0x0794  WSTCODEC - ok
22:51:33.0953 0x0794  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
22:51:34.0093 0x0794  wuauserv - ok
22:51:34.0140 0x0794  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:51:34.0187 0x0794  WudfPf - ok
22:51:34.0203 0x0794  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:51:34.0250 0x0794  WudfRd - ok
22:51:34.0296 0x0794  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
22:51:34.0328 0x0794  WudfSvc - ok
22:51:34.0406 0x0794  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:51:34.0609 0x0794  WZCSVC - ok
22:51:34.0656 0x0794  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
22:51:34.0796 0x0794  xmlprov - ok
22:51:34.0812 0x0794  ================ Scan global ===============================
22:51:34.0859 0x0794  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
22:51:34.0937 0x0794  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
22:51:34.0968 0x0794  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
22:51:35.0000 0x0794  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
22:51:35.0015 0x0794  [ Global ] - ok
22:51:35.0015 0x0794  ================ Scan MBR ==================================
22:51:35.0046 0x0794  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:51:35.0390 0x0794  \Device\Harddisk0\DR0 - ok
22:51:35.0406 0x0794  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
22:51:35.0468 0x0794  \Device\Harddisk1\DR1 - ok
22:51:35.0468 0x0794  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR6
22:51:36.0218 0x0794  \Device\Harddisk2\DR6 - ok
22:51:36.0218 0x0794  ================ Scan VBR ==================================
22:51:36.0218 0x0794  [ 01FFBC8D1D472205EF1668F032953031 ] \Device\Harddisk0\DR0\Partition1
22:51:36.0234 0x0794  \Device\Harddisk0\DR0\Partition1 - ok
22:51:36.0234 0x0794  [ 87D519897FBE0C71570FEE706191B9D8 ] \Device\Harddisk1\DR1\Partition1
22:51:36.0234 0x0794  \Device\Harddisk1\DR1\Partition1 - ok
22:51:36.0234 0x0794  [ CD6951B371B6373031BBD98FCD5DAD66 ] \Device\Harddisk1\DR1\Partition2
22:51:36.0234 0x0794  \Device\Harddisk1\DR1\Partition2 - ok
22:51:36.0250 0x0794  [ 43AF077B1B77DE8362D720A6E044EA54 ] \Device\Harddisk2\DR6\Partition1
22:51:36.0250 0x0794  \Device\Harddisk2\DR6\Partition1 - ok
22:51:36.0250 0x0794  ================ Scan generic autorun ======================
22:51:36.0312 0x0794  [ 05E10C2C3736E52FE33D16D2F9C73C04, C3000944BF7906A7D8E95FD9E9B0B4A087BDA85CD1E28E5979A761D1E4C86FD8 ] C:\Program Files\Microsoft IntelliType Pro\type32.exe
22:51:36.0343 0x0794  type32 - detected UnsignedFile.Multi.Generic ( 1 )
22:51:36.0828 0x0794  Detect skipped due to KSN trusted
22:51:36.0828 0x0794  type32 - ok
22:51:36.0859 0x0794  [ 8112D0DACAE746290FC87B3A980FA719, 43CA8CED6AB58EDD97AD476C791D49C7ECD40EB8DA627E8412C0A27699A58F01 ] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
22:51:36.0890 0x0794  NeroFilterCheck - ok
22:51:36.0921 0x0794  [ 5656D65A9A9F1E3D68D64A350CFF1732, A97180850CAC8B1D08BDD40C6980DF839A5CA15A0EF2D958A58248F864460939 ] C:\WINDOWS\system32\igfxtray.exe
22:51:36.0968 0x0794  igfxtray - ok
22:51:37.0000 0x0794  [ A0E2FFB7B0FCE82AA3BCC3105306C45C, 1D36E9BD2397EFB5963DB7A34AD160373A388BD3D57D51D69C7838480B8D43EB ] C:\WINDOWS\system32\igfxpers.exe
22:51:37.0031 0x0794  igfxpers - ok
22:51:37.0062 0x0794  [ 82ADC58B63E069AC4641A33EA9841E54, FF60B37398EF02E6DAD765E6283B9CE9E2A70BB74FA469E34CBCA5C0DEFD248B ] C:\WINDOWS\system32\hkcmd.exe
22:51:37.0140 0x0794  igfxhkcmd - ok
22:51:37.0609 0x0794  [ CE99AA11D0274BE5BDEF3991508852E9, C129B50010508603C6F2CDB4442ACA4E7FC6CD44DBDB6153D5E1D37E1BC32036 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
22:51:38.0171 0x0794  AvastUI.exe - ok
22:51:38.0468 0x0794  [ FBE2F33BBFF0F9592F552FD3BA41F8AC, 7126FBEEB4CD5A1B6F084503598E616905957FD364E4576BDFF4DB75FE660B17 ] C:\Program Files\Browny02\Brother\BrStMonW.exe
22:51:38.0781 0x0794  BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
22:51:39.0265 0x0794  Detect skipped due to KSN trusted
22:51:39.0265 0x0794  BrStsMon00 - ok
22:51:39.0359 0x0794  [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:51:39.0437 0x0794  Adobe ARM - ok
22:51:39.0562 0x0794  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime Alternative\qttask.exe
22:51:39.0625 0x0794  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
22:51:40.0125 0x0794  Detect skipped due to KSN trusted
22:51:40.0125 0x0794  QuickTime Task - ok
22:51:40.0218 0x0794  [ 627201AE01E87E730C70C6E256937E8D, 7F839397133344B0626E0ECC39AD12679182BEA10CCA2DF26AB80E43B17F3232 ] C:\Program Files\iTunes\iTunesHelper.exe
22:51:40.0250 0x0794  iTunesHelper - ok
22:51:40.0328 0x0794  [ 059B8158C08C82C78DC6A8153A2467A4, 8E88DBC785CF679D238DC5CCBF0C79B03B30F742CF0FC6427AD0AD2AD5943169 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
22:51:40.0390 0x0794  SunJavaUpdateSched - ok
22:51:40.0437 0x0794  [ 59D9856CD1420E2AF778821B7E1B81D0, 30D4A098F89F14A63593C6B9E1981905FE93A8577815DE9027744D7CFAE551F7 ] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
22:51:40.0468 0x0794  BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
22:51:40.0578 0x0794  [ 7FF6B40B11B2BDB95293D9DEA1564CD2, 394A1EDB81F4BDBB3DAE94CE6DE601A4ABBA91F85828A9BE71686CEFFE0E1F30 ] C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe
22:51:40.0656 0x0794  Adobe Reader Synchronizer - ok
22:51:41.0328 0x0794  [ 7F3279B74ECC784979C8E2B9BF0221BE, 02EF20C0831B0FCAD13603CFA476F63688B347BB369AB0033D0755190D2B475D ] C:\Program Files\CCleaner\CCleaner.exe
22:51:42.0031 0x0794  CCleaner Monitoring - ok
22:51:42.0078 0x0794  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
22:51:42.0250 0x0794  ctfmon.exe - ok
22:51:42.0250 0x0794  avg_spchecker - ok
22:51:42.0312 0x0794  [ A40D952C0355C85867517AA529A06741, EA06A8BE7232444EF72003CAA6F1134A77DC97E609D791BC908FEA3971AA39F3 ] C:\Program Files\Dell Support\DSAgnt.exe
22:51:42.0359 0x0794  DellSupport - detected UnsignedFile.Multi.Generic ( 1 )
22:51:42.0890 0x0794  Detect skipped due to KSN trusted
22:51:42.0890 0x0794  DellSupport - ok
22:51:42.0890 0x0794  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
22:51:43.0031 0x0794  ctfmon.exe - ok
22:51:43.0031 0x0794  avg_spchecker - ok
22:51:43.0046 0x0794  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
22:51:43.0187 0x0794  ctfmon.exe - ok
22:51:43.0218 0x0794  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime Alternative\qttask.exe
22:51:43.0234 0x0794  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
22:51:43.0234 0x0794  Detect skipped due to KSN trusted
22:51:43.0234 0x0794  QuickTime Task - ok
22:51:43.0250 0x0794  avg_spchecker - ok
22:51:43.0250 0x0794  Waiting for KSN requests completion. In queue: 55
22:51:44.0296 0x0794  AV detected via SS1: Avast Antivirus, 12.3.3154.0, enabled, updated
22:51:44.0296 0x0794  FW detected via SS1: Avast Antivirus, 12.3.3154.0, enabled
22:51:44.0703 0x0794  ============================================================
22:51:44.0703 0x0794  Scan finished
22:51:44.0703 0x0794  ============================================================
22:51:44.0718 0x0a20  Detected object count: 9
22:51:44.0718 0x0a20  Actual detected object count: 9
 
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-11-20 22:55:30
-----------------------------
22:55:30.562    OS Version: Windows 5.1.2600 Service Pack 3
22:55:30.562    Number of processors: 2 586 0x403
22:55:30.562    ComputerName: MARKWELL-KENNEL  UserName:
22:55:31.796    Initialize success
22:55:31.859    VM: initialized successfully
22:55:31.859    VM: Intel CPU virtualization not supported
22:55:40.406    AVAST engine defs: 16111900
22:56:05.453    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18
22:56:05.453    Disk 0 Vendor: Maxtor_6Y080M0 YAR51HW0 Size: 76293MB BusType: 3
22:56:05.531    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-20
22:56:05.546    Disk 1 Vendor: WDC_WD1600JD-00HBB0 08.02D08 Size: 152627MB BusType: 3
22:56:05.921    Disk 0 MBR read successfully
22:56:05.921    Disk 0 MBR scan
22:56:06.328    Disk 0 Windows XP default MBR code
22:56:06.359    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       31 MB offset 63
22:56:06.359    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76245 MB offset 64260
22:56:06.390    Disk 0 default boot code
22:56:06.421    Disk 0 scanning sectors +156216060
22:56:06.593    Disk 0 scanning C:\WINDOWS\system32\drivers
22:56:23.187    Service scanning
22:56:42.828    Modules scanning
22:56:42.828    Disk 0 trace - called modules:
22:56:42.843    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:56:42.859    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b418ab8]
22:56:42.859    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x8b475b00]
22:56:44.015    AVAST engine scan C:\WINDOWS
22:56:54.609    AVAST engine scan C:\WINDOWS\system32
23:00:03.875    AVAST engine scan C:\WINDOWS\system32\drivers
23:00:21.109    AVAST engine scan C:\Documents and Settings\Markwell Kennels
09:55:05.609    AVAST engine scan C:\Documents and Settings\All Users
09:55:05.609    Disk 0 statistics 4356576/0/0 @ 0.07 MB/s
09:55:05.609    Scan finished successfully
09:59:13.656    Disk 0 MBR has been saved successfully to "E:\Cleanup2016\MBR.dat"
09:59:13.671    The log file has been saved successfully to "E:\Cleanup2016\aswMBR.txt"

Edited by Oh My!, 20 November 2016 - 07:24 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 PM

Posted 20 November 2016 - 07:32 PM

Please run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
File: C:\WINDOWS\system32\fasttdde.dll
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:07:06 PM

Posted 21 November 2016 - 06:42 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-11-2016

Ran by Markwell Kennels (21-11-2016 23:26:06) Run:2

Running from E:\Cleanup2016\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion

Loaded Profiles: Markwell Kennels (Available Profiles: Markwell Kennels & MB & Administrator & Guest)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

File: C:\WINDOWS\system32\fasttdde.dll

emptytemp:

 

*****************

 

========================= File: C:\WINDOWS\system32\fasttdde.dll ========================

"C:\WINDOWS\system32\fasttdde.dll" => not found.

====== End of File: ======

 

=========== EmptyTemp: ==========

BITS transfer queue => 9773 B

DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 335596 B

Java, Flash, Steam htmlcache => 51189858 B

Windows/system/dllcache/drivers => 1669872 B

Edge => 0 B

Chrome => 10776576 B

Firefox => 386193018 B

Opera => 231832523 B

 

Temp, IE cache, history, cookies, recent:

Default User => 33211 B

All Users => 0 B

systemprofile => 98814 B

LocalService => 33490 B

NetworkService => 180852 B

Markwell Kennels => 11018479 B

MB => 65979 B

Administrator.MARKWELL-KENNEL => 67241 B

Guest.MARKWELL-KENNEL => 82363 B

RecycleBin => 0 B

EmptyTemp: => 661.5 MB temporary data Removed.

 

================================

 

The system needed a reboot.

==== End of Fixlog 23:29:40 ====



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 PM

Posted 21 November 2016 - 02:28 PM

Greetings,

Please do this.

===================================================

Disk Activity Using Process Explorer

--------------------
  • Please download Process Explorer.zip and save it to your Desktop
  • Right click the .zip folder and select Extract All...
  • If the default file location is not your Desktop click the Browse... button and select your Desktop
  • Click Extract
  • Extract the folder onto your Desktop
  • Double click the Process Explorer folder
  • Right click the procexp for 32 bit systems or procexp64 for 64 bit systems and select Run as administrator - Windows XP simply double click
  • Click View, then click Select Columns...
  • Click on the Process I/O tab
  • Place a check mark in Read Bytes and Write Bytes
  • Click OK
  • Click on the I/O Read Bytes tab so that the highest number is at the top
  • Identify the top 5 entries
  • Click on the I/O Write Bytes tab so that the highest number is at the top
  • Identify the top 5 entries
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Kiwee

Kiwee
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:07:06 PM

Posted 22 November 2016 - 03:45 AM

I/O Read Bytes  Top 5 Entries

 

Firefox.exe

jqs.exe

AvastSvc.exe

Eudora.exe

lsass.exe

 

I/O Write Bytes  Top 5 Entries

 

Eudora.exe

Firefox.exe

lsass.exe

AvastSVC.exe

System

 

 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:06 PM

Posted 22 November 2016 - 10:00 AM

While in Task Manager click the Process tab, right click on Eudora and jqs.exe then select End Process for each. Let me know if that changes the hard drive usage.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users