TechSpot

Had some iexplore.exe problems and want to see if they are fixed

Solved
By MrJeremyC
Apr 30, 2014
  1. Had some iexplore.exe problems and want to see if they are fixed. It had 20 iexplore.exe files open and I wasn't running internet explorer.

    Here are the logs.

    MBAM:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 4/29/2014
    Scan Time: 11:54:05 AM
    Logfile: mbamscan.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.04.29.03
    Rootkit Database: v2014.03.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Administrator

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 1113097
    Time Elapsed: 1 hr, 59 min, 42 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    DDS TXT

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 1.6.0_31
    Run by Administrator at 9:50:19 on 2014-04-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.13463 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ASUS.SYS\config\DVMExportService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PSIService.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\AASP\1.00.81\aaCenter.exe
    C:\Windows\DAODx.exe
    C:\Program Files\ASUS\EPU\EPU.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\SearchProtocolHost.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: WinAVI FLVSense: {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll
    uRun: [YkPack] regsvr32.exe C:\Users\Administrator\AppData\Local\YkPack\Toshibadb.dll
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe -update activex
    mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\6531e30f-661c-48bb-b7ff-37d0e729b2a0.exe /check
    StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{77353E19-998A-48BA-9EAB-38BB0783FB9D} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-25 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-25 208416]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-25 1039096]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-25 423240]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-25 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-25 79184]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-25 85328]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-25 50344]
    R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2008-11-26 323584]
    R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-5-10 130560]
    R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-5-10 1858048]
    R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-5-10 483328]
    R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2010-3-23 1462304]
    R3 TASCAM_M_164UF;TASCAM M-164UF Audio Device driver;C:\Windows\System32\drivers\tm164ufu.sys [2010-12-9 397888]
    R3 TASCAM_M_164UF_WDM;TASCAM M-164UF WDM;C:\Windows\System32\drivers\tm164ufa.sys [2010-12-9 50240]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-12-29 1149440]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-24 111616]
    S3 SynasUSB;SynasUSB;C:\Windows\System32\drivers\synUSB64.sys [2009-12-28 31248]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-6 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-31 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
    S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-4-22 124256]
    .
    =============== File Associations ===============
    .
    ShellExec: Foxit Reader.exe: print="C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe"/p "%1"
    ShellExec: Foxit Reader.exe: printto="C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
    .
    =============== Created Last 30 ================
    .
    2014-04-29 07:27:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DD1F3CB-AE22-44D1-9D4D-65028FF3726E}\offreg.dll
    2014-04-29 07:26:56 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DD1F3CB-AE22-44D1-9D4D-65028FF3726E}\mpengine.dll
    2014-04-26 16:58:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2014-04-26 16:58:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2014-04-26 16:58:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2014-04-26 16:58:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2014-04-26 16:58:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2014-04-26 16:58:42 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2014-04-26 16:58:42 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2014-04-26 16:58:42 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2014-04-26 16:58:42 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2014-04-26 16:58:42 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2014-04-26 16:46:46 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-04-25 14:58:32 -------- d-----w- C:\Users\Administrator\AppData\Roaming\AVAST Software
    2014-04-25 14:55:17 85328 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2014-04-25 14:55:16 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-04-25 14:55:15 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-04-25 14:55:13 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-04-25 14:55:12 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-04-25 14:55:12 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-04-25 14:55:11 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-04-25 14:54:16 43152 ----a-w- C:\Windows\avastSS.scr
    2014-04-25 14:53:59 -------- d-----w- C:\Program Files\AVAST Software
    2014-04-25 14:50:56 -------- d-----w- C:\ProgramData\AVAST Software
    2014-04-25 14:50:32 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-04-25 14:50:32 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-04-25 14:50:32 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-04-25 14:50:32 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-04-25 14:50:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-25 14:50:05 -------- d-----w- C:\Users\Administrator\AppData\Local\Programs
    2014-04-25 13:44:30 -------- d-sh--w- C:\Users\Administrator\AppData\Local\EmieUserList
    2014-04-25 13:44:30 -------- d-sh--w- C:\Users\Administrator\AppData\Local\EmieSiteList
    2014-04-21 16:05:42 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    2014-04-21 16:05:17 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-04-21 16:05:17 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-04-21 15:58:25 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2014-04-21 15:58:25 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
    2014-04-21 15:58:25 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
    2014-04-21 15:58:24 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
    2014-04-21 15:58:24 2048 ----a-w- C:\Windows\System32\iologmsg.dll
    2014-04-21 15:53:37 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-04-21 15:53:37 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    .
    ==================== Find3M ====================
    .
    2014-04-29 13:48:18 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-04-29 13:48:18 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
    2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    .
    ============= FINISH: 9:50:57.10 ===============


    DDS ATTACH

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/30/2011 7:28:02 PM
    System Uptime: 4/28/2014 12:17:52 PM (21 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A78T-E
    Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 298 GiB total, 159.181 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP305: 4/21/2014 11:42:07 AM - Windows Update
    RP306: 4/21/2014 12:04:25 PM - Windows Update
    RP307: 4/23/2014 1:54:37 PM - Windows Update
    RP308: 4/23/2014 2:09:35 PM - Windows Update
    RP309: 4/24/2014 3:00:11 AM - Windows Update
    RP310: 4/25/2014 10:53:24 AM - avast! antivirus system restore point
    RP311: 4/29/2014 3:26:30 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    6500_E709_eDocs
    6500_E709_Help
    6500_E709a
    Adobe AIR
    Adobe Flash Player 11 Plugin 64-bit
    Adobe Flash Player 13 ActiveX
    Adobe Shockwave Player 11.5
    AMD OverDrive
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUSUpdate
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    Atheros Ethernet Utility
    ATI AVIVO64 Codecs
    ATI Catalyst Install Manager
    Audacity 1.2.6
    Audacity 1.3.12 (Unicode)
    avast! Free Antivirus
    Band-in-a-Box 2010 (Build 288)
    Bonjour
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cool & Quiet
    CutePDF Writer 3.0
    D3DX10
    Destination Component
    DeviceDiscovery
    DocProc
    Enthought Canopy (64-bit)
    EPU
    Express Gate
    Fax
    FFmpeg v0.6.2 for Audacity
    FlipShare
    Foxit Reader
    Free RAR Extract Frog
    GIMP 2.6.11
    HP Imaging Device Functions 12.0
    HP Officejet 6500 E709 Series
    HydraVision
    Inkscape 0.48.4
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    KompoZer 0.8b3
    LADSPA_plugins-win-0.4.15
    LAME v3.98.3 for Audacity
    LMMS 0.4.15
    M-164UF driver
    Malwarebytes Anti-Malware version 2.0.1.1004
    Microsoft .NET Framework 4.5.1
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Mozilla Firefox 28.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Native Instruments Sibelius Player
    Network64
    OCR Software by I.R.I.S. 12.0
    OpenOffice.org 3.1
    PC Probe II
    PDFCreator
    PeaZip 3.2.1
    PG Music DirectX Plugins 2.0.0.0
    Plants vs. Zombies
    Platform
    ProductContext
    QuickTime
    rgc:audio z3ta+ 1.5 (x64)
    Scan
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Segoe UI
    Sibelius 5
    Sibelius 6
    Skins
    Status
    Steinberg Cubase LE 4
    Syncrosoft License Control
    Toolbox
    TrayApp
    Ubuntu
    UnloadSupport
    VIA Platform Device Manager
    Video to FLV and SWF Converter 4.1
    VST Bridge 1.1
    WD SmartWare
    WebReg
    WinAVI FLV Converter
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    winLAME 2010 beta 2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/25/2014 11:14:31 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
    4/25/2014 10:02:18 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume1.
    4/23/2014 2:09:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246002: Definition Update for Windows Defender - KB915597 (Definition 1.173.291.0).
    4/23/2014 2:01:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    4/23/2014 2:01:42 PM, Error: Service Control Manager [7034] - The Windows Modules Installer service terminated unexpectedly. It has done this 3 time(s).
    4/23/2014 2:01:34 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/23/2014 2:01:29 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    4/23/2014 2:00:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    4/23/2014 2:00:46 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/23/2014 1:57:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. MrJeremyC

    MrJeremyC TS Rookie Topic Starter Posts: 18

    21:07:21.0450 0x0fbc p2pimsvc - ok

    21:07:21.0494 0x0fbc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

    21:07:21.0511 0x0fbc p2psvc - ok

    21:07:21.0545 0x0fbc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys

    21:07:21.0548 0x0fbc Parport - ok

    21:07:21.0570 0x0fbc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

    21:07:21.0573 0x0fbc partmgr - ok

    21:07:21.0590 0x0fbc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll

    21:07:21.0606 0x0fbc PcaSvc - ok

    21:07:21.0630 0x0fbc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

    21:07:21.0635 0x0fbc pci - ok

    21:07:21.0673 0x0fbc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

    21:07:21.0674 0x0fbc pciide - ok

    21:07:21.0706 0x0fbc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

    21:07:21.0731 0x0fbc pcmcia - ok

    21:07:21.0915 0x0fbc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

    21:07:21.0921 0x0fbc pcw - ok

    21:07:21.0989 0x0fbc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys

    21:07:22.0015 0x0fbc PEAUTH - ok

    21:07:22.0110 0x0fbc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

    21:07:22.0112 0x0fbc PerfHost - ok

    21:07:22.0402 0x0fbc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

    21:07:22.0458 0x0fbc pla - ok

    21:07:22.0502 0x0fbc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

    21:07:22.0519 0x0fbc PlugPlay - ok

    21:07:22.0534 0x0fbc [ 71F62C51DFDFBC04C83C5C64B2B8058E, CAB12E6D27BE421BD5A3CB04066EA50303A3210332ECC4B5C03B5F19735FC857 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

    21:07:22.0538 0x0fbc Pml Driver HPZ12 - ok

    21:07:22.0570 0x0fbc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

    21:07:22.0573 0x0fbc PNRPAutoReg - ok

    21:07:22.0606 0x0fbc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

    21:07:22.0617 0x0fbc PNRPsvc - ok

    21:07:22.0650 0x0fbc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

    21:07:22.0691 0x0fbc PolicyAgent - ok

    21:07:22.0735 0x0fbc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

    21:07:22.0759 0x0fbc Power - ok

    21:07:22.0793 0x0fbc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    21:07:22.0798 0x0fbc PptpMiniport - ok

    21:07:22.0816 0x0fbc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys

    21:07:22.0819 0x0fbc Processor - ok

    21:07:22.0855 0x0fbc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll

    21:07:22.0872 0x0fbc ProfSvc - ok

    21:07:22.0885 0x0fbc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe

    21:07:22.0888 0x0fbc ProtectedStorage - ok

    21:07:22.0927 0x0fbc [ F115AF58ABE5605D7D709CBFBD83F418, 4855FCD6E455D6E374CE92E5B37D61E7E6D8A861BA76521E7CC2542621853471 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe

    21:07:22.0944 0x0fbc ProtexisLicensing - ok

    21:07:22.0981 0x0fbc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

    21:07:22.0986 0x0fbc Psched - ok

    21:07:23.0082 0x0fbc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

    21:07:23.0130 0x0fbc ql2300 - ok

    21:07:23.0154 0x0fbc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

    21:07:23.0159 0x0fbc ql40xx - ok

    21:07:23.0198 0x0fbc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

    21:07:23.0227 0x0fbc QWAVE - ok

    21:07:23.0248 0x0fbc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    21:07:23.0251 0x0fbc QWAVEdrv - ok

    21:07:23.0263 0x0fbc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    21:07:23.0265 0x0fbc RasAcd - ok

    21:07:23.0299 0x0fbc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

    21:07:23.0302 0x0fbc RasAgileVpn - ok

    21:07:23.0318 0x0fbc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

    21:07:23.0325 0x0fbc RasAuto - ok

    21:07:23.0522 0x0fbc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    21:07:23.0525 0x0fbc Rasl2tp - ok

    21:07:23.0563 0x0fbc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

    21:07:23.0580 0x0fbc RasMan - ok

    21:07:23.0596 0x0fbc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    21:07:23.0599 0x0fbc RasPppoe - ok

    21:07:23.0607 0x0fbc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    21:07:23.0610 0x0fbc RasSstp - ok

    21:07:23.0663 0x0fbc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    21:07:23.0688 0x0fbc rdbss - ok

    21:07:23.0703 0x0fbc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

    21:07:23.0705 0x0fbc rdpbus - ok

    21:07:23.0722 0x0fbc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    21:07:23.0723 0x0fbc RDPCDD - ok

    21:07:23.0736 0x0fbc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    21:07:23.0737 0x0fbc RDPENCDD - ok

    21:07:23.0749 0x0fbc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

    21:07:23.0750 0x0fbc RDPREFMP - ok

    21:07:23.0783 0x0fbc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

    21:07:23.0800 0x0fbc RDPWD - ok

    21:07:23.0845 0x0fbc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

    21:07:23.0861 0x0fbc rdyboost - ok

    21:07:23.0905 0x0fbc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

    21:07:23.0919 0x0fbc RemoteAccess - ok

    21:07:23.0965 0x0fbc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

    21:07:23.0973 0x0fbc RemoteRegistry - ok

    21:07:23.0986 0x0fbc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

    21:07:23.0992 0x0fbc RpcEptMapper - ok

    21:07:24.0027 0x0fbc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

    21:07:24.0030 0x0fbc RpcLocator - ok

    21:07:24.0080 0x0fbc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll

    21:07:24.0095 0x0fbc RpcSs - ok

    21:07:24.0128 0x0fbc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    21:07:24.0131 0x0fbc rspndr - ok

    21:07:24.0249 0x0fbc [ 4CD2D0A19BB2B597F24EA1735C3A4D80, 5FCDEF38EFB92A1A6CE95A8D39E71ADA0D0379AFBFCE98F563836D12F65C4ABE ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys

    21:07:24.0292 0x0fbc RTL85n64 - ok

    21:07:24.0310 0x0fbc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe

    21:07:24.0312 0x0fbc SamSs - ok

    21:07:24.0339 0x0fbc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

    21:07:24.0343 0x0fbc sbp2port - ok

    21:07:24.0376 0x0fbc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

    21:07:24.0411 0x0fbc SCardSvr - ok

    21:07:24.0449 0x0fbc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

    21:07:24.0454 0x0fbc scfilter - ok

    21:07:24.0545 0x0fbc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll

    21:07:24.0585 0x0fbc Schedule - ok

    21:07:24.0628 0x0fbc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

    21:07:24.0630 0x0fbc SCPolicySvc - ok

    21:07:24.0677 0x0fbc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

    21:07:24.0702 0x0fbc SDRSVC - ok

    21:07:24.0742 0x0fbc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

    21:07:24.0744 0x0fbc secdrv - ok

    21:07:24.0763 0x0fbc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll

    21:07:24.0768 0x0fbc seclogon - ok

    21:07:24.0789 0x0fbc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll

    21:07:24.0795 0x0fbc SENS - ok

    21:07:24.0805 0x0fbc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

    21:07:24.0810 0x0fbc SensrSvc - ok

    21:07:24.0829 0x0fbc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

    21:07:24.0832 0x0fbc Serenum - ok

    21:07:24.0854 0x0fbc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys

    21:07:24.0858 0x0fbc Serial - ok

    21:07:24.0879 0x0fbc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

    21:07:24.0881 0x0fbc sermouse - ok

    21:07:24.0922 0x0fbc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

    21:07:24.0930 0x0fbc SessionEnv - ok

    21:07:24.0951 0x0fbc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

    21:07:24.0952 0x0fbc sffdisk - ok

    21:07:24.0962 0x0fbc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

    21:07:24.0963 0x0fbc sffp_mmc - ok

    21:07:24.0977 0x0fbc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

    21:07:24.0978 0x0fbc sffp_sd - ok

    21:07:25.0011 0x0fbc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

    21:07:25.0013 0x0fbc sfloppy - ok

    21:07:25.0089 0x0fbc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

    21:07:25.0110 0x0fbc SharedAccess - ok

    21:07:25.0158 0x0fbc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

    21:07:25.0183 0x0fbc ShellHWDetection - ok

    21:07:25.0201 0x0fbc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

    21:07:25.0204 0x0fbc SiSRaid2 - ok

    21:07:25.0217 0x0fbc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

    21:07:25.0221 0x0fbc SiSRaid4 - ok

    21:07:25.0232 0x0fbc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

    21:07:25.0236 0x0fbc Smb - ok

    21:07:25.0274 0x0fbc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

    21:07:25.0279 0x0fbc SNMPTRAP - ok

    21:07:25.0299 0x0fbc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

    21:07:25.0302 0x0fbc spldr - ok

    21:07:25.0359 0x0fbc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe

    21:07:25.0384 0x0fbc Spooler - ok

    21:07:25.0567 0x0fbc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

    21:07:25.0672 0x0fbc sppsvc - ok

    21:07:25.0701 0x0fbc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

    21:07:25.0705 0x0fbc sppuinotify - ok

    21:07:25.0750 0x0fbc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

    21:07:25.0767 0x0fbc srv - ok

    21:07:25.0800 0x0fbc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

    21:07:25.0817 0x0fbc srv2 - ok

    21:07:25.0834 0x0fbc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    21:07:25.0838 0x0fbc srvnet - ok

    21:07:25.0897 0x0fbc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

    21:07:25.0915 0x0fbc SSDPSRV - ok

    21:07:25.0929 0x0fbc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

    21:07:25.0936 0x0fbc SstpSvc - ok

    21:07:25.0969 0x0fbc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

    21:07:25.0971 0x0fbc stexstor - ok

    21:07:26.0027 0x0fbc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

    21:07:26.0060 0x0fbc stisvc - ok

    21:07:26.0088 0x0fbc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys

    21:07:26.0090 0x0fbc swenum - ok

    21:07:26.0120 0x0fbc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

    21:07:26.0146 0x0fbc swprv - ok

    21:07:26.0186 0x0fbc [ 512231BA47975F3F1A67B11F271BB49D, 0D778218A2B7F1D29CF6F2EB23858F7223AFAF451F50B0718F89E63AC405F4B1 ] SynasUSB C:\Windows\system32\drivers\SynUSB64.sys

    21:07:26.0191 0x0fbc SynasUSB - ok

    21:07:26.0321 0x0fbc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll

    21:07:26.0413 0x0fbc SysMain - ok

    21:07:26.0454 0x0fbc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

    21:07:26.0459 0x0fbc TabletInputService - ok

    21:07:26.0499 0x0fbc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

    21:07:26.0516 0x0fbc TapiSrv - ok

    21:07:26.0550 0x0fbc [ 9C760DAF830AB938C2C9507A768C8C48, 2B08AE986A416FB84F348F2A3E389673928FB3C731C1B13F431862C11B72E098 ] TASCAM_M_164UF C:\Windows\system32\Drivers\tm164ufu.sys

    21:07:26.0567 0x0fbc TASCAM_M_164UF - ok

    21:07:26.0576 0x0fbc [ 98757F1FBFAC097BEC44A344D1259677, 8F7430EACEA82DFE52464F71FC7733363B3C2421ACF70E7C106B62E8D0BA85FC ] TASCAM_M_164UF_WDM C:\Windows\system32\drivers\tm164ufa.sys

    21:07:26.0578 0x0fbc TASCAM_M_164UF_WDM - ok

    21:07:26.0612 0x0fbc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

    21:07:26.0616 0x0fbc TBS - ok

    21:07:26.0698 0x0fbc [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys

    21:07:26.0756 0x0fbc Tcpip - ok

    21:07:26.0821 0x0fbc [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

    21:07:26.0852 0x0fbc TCPIP6 - ok

    21:07:26.0907 0x0fbc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    21:07:26.0913 0x0fbc tcpipreg - ok

    21:07:26.0953 0x0fbc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    21:07:26.0957 0x0fbc TDPIPE - ok

    21:07:26.0982 0x0fbc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

    21:07:26.0987 0x0fbc TDTCP - ok

    21:07:27.0031 0x0fbc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

    21:07:27.0043 0x0fbc tdx - ok

    21:07:27.0058 0x0fbc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys

    21:07:27.0062 0x0fbc TermDD - ok

    21:07:27.0133 0x0fbc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll

    21:07:27.0155 0x0fbc TermService - ok

    21:07:27.0192 0x0fbc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

    21:07:27.0196 0x0fbc Themes - ok

    21:07:27.0212 0x0fbc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

    21:07:27.0222 0x0fbc THREADORDER - ok

    21:07:27.0237 0x0fbc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

    21:07:27.0245 0x0fbc TrkWks - ok

    21:07:27.0320 0x0fbc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    21:07:27.0337 0x0fbc TrustedInstaller - ok

    21:07:27.0382 0x0fbc [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    21:07:27.0388 0x0fbc tssecsrv - ok

    21:07:27.0430 0x0fbc [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

    21:07:27.0437 0x0fbc TsUsbFlt - ok

    21:07:27.0490 0x0fbc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    21:07:27.0501 0x0fbc tunnel - ok

    21:07:27.0540 0x0fbc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

    21:07:27.0547 0x0fbc uagp35 - ok

    21:07:27.0602 0x0fbc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

    21:07:27.0624 0x0fbc udfs - ok

    21:07:27.0642 0x0fbc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

    21:07:27.0647 0x0fbc UI0Detect - ok

    21:07:27.0658 0x0fbc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

    21:07:27.0661 0x0fbc uliagpkx - ok

    21:07:27.0677 0x0fbc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys

    21:07:27.0679 0x0fbc umbus - ok

    21:07:27.0691 0x0fbc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

    21:07:27.0692 0x0fbc UmPass - ok

    21:07:27.0738 0x0fbc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

    21:07:27.0755 0x0fbc upnphost - ok

    21:07:27.0789 0x0fbc [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

    21:07:27.0792 0x0fbc USBAAPL64 - ok

    21:07:27.0827 0x0fbc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    21:07:27.0837 0x0fbc usbccgp - ok

    21:07:27.0875 0x0fbc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

    21:07:27.0880 0x0fbc usbcir - ok

    21:07:27.0924 0x0fbc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

    21:07:27.0931 0x0fbc usbehci - ok

    21:07:27.0984 0x0fbc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    21:07:28.0000 0x0fbc usbhub - ok

    21:07:28.0033 0x0fbc [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

    21:07:28.0035 0x0fbc usbohci - ok

    21:07:28.0075 0x0fbc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

    21:07:28.0080 0x0fbc usbprint - ok

    21:07:28.0096 0x0fbc [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys

    21:07:28.0101 0x0fbc usbscan - ok

    21:07:28.0131 0x0fbc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

    21:07:28.0136 0x0fbc USBSTOR - ok

    21:07:28.0169 0x0fbc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

    21:07:28.0172 0x0fbc usbuhci - ok

    21:07:28.0201 0x0fbc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

    21:07:28.0207 0x0fbc UxSms - ok

    21:07:28.0218 0x0fbc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe

    21:07:28.0221 0x0fbc VaultSvc - ok

    21:07:28.0236 0x0fbc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

    21:07:28.0238 0x0fbc vdrvroot - ok

    21:07:28.0302 0x0fbc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

    21:07:28.0336 0x0fbc vds - ok

    21:07:28.0375 0x0fbc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

    21:07:28.0378 0x0fbc vga - ok

    21:07:28.0412 0x0fbc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

    21:07:28.0414 0x0fbc VgaSave - ok

    21:07:28.0437 0x0fbc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

    21:07:28.0453 0x0fbc vhdmp - ok

    21:07:28.0564 0x0fbc [ 8CE7DD492B1CDA58BCC6A14E8733AAD6, 273FCEF5A8BA2968836A71D3651BDE7CD21D4AFF62BC26DA2E98A0CF248D8A3B ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys

    21:07:28.0606 0x0fbc VIAHdAudAddService - ok

    21:07:28.0643 0x0fbc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

    21:07:28.0644 0x0fbc viaide - ok

    21:07:28.0655 0x0fbc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

    21:07:28.0657 0x0fbc volmgr - ok

    21:07:28.0695 0x0fbc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

    21:07:28.0712 0x0fbc volmgrx - ok

    21:07:28.0728 0x0fbc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys

    21:07:28.0734 0x0fbc volsnap - ok

    21:07:28.0770 0x0fbc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

    21:07:28.0776 0x0fbc vsmraid - ok

    21:07:28.0877 0x0fbc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

    21:07:28.0961 0x0fbc VSS - ok

    21:07:28.0978 0x0fbc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

    21:07:28.0980 0x0fbc vwifibus - ok

    21:07:29.0019 0x0fbc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

    21:07:29.0036 0x0fbc W32Time - ok

    21:07:29.0052 0x0fbc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

    21:07:29.0055 0x0fbc WacomPen - ok

    21:07:29.0088 0x0fbc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

    21:07:29.0091 0x0fbc WANARP - ok

    21:07:29.0096 0x0fbc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    21:07:29.0098 0x0fbc Wanarpv6 - ok

    21:07:29.0160 0x0fbc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

    21:07:29.0201 0x0fbc WatAdminSvc - ok

    21:07:29.0274 0x0fbc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

    21:07:29.0324 0x0fbc wbengine - ok

    21:07:29.0372 0x0fbc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

    21:07:29.0449 0x0fbc WbioSrvc - ok

    21:07:29.0505 0x0fbc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

    21:07:29.0561 0x0fbc wcncsvc - ok

    21:07:29.0608 0x0fbc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    21:07:29.0612 0x0fbc WcsPlugInService - ok

    21:07:29.0649 0x0fbc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys

    21:07:29.0651 0x0fbc Wd - ok

    21:07:29.0670 0x0fbc [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

    21:07:29.0672 0x0fbc WDC_SAM - ok

    21:07:29.0772 0x0fbc [ 7CB1E124542329CA2060594BB2B5A98F, 0507FBD2AE98D9AD2AE2648F96E7500A4C5DA89CB4C0544C47619D016C7B484F ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

    21:07:29.0777 0x0fbc WDDMService - ok

    21:07:29.0837 0x0fbc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    21:07:29.0862 0x0fbc Wdf01000 - ok

    21:07:30.0072 0x0fbc [ 5BB2ED6A1070001038276C814BC8C1DE, 716A7E492626496203D4E557C0BE05ABFE4952DFA698071387B6ACC89359488F ] WDFME C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

    21:07:30.0163 0x0fbc WDFME - ok

    21:07:30.0204 0x0fbc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

    21:07:30.0210 0x0fbc WdiServiceHost - ok

    21:07:30.0215 0x0fbc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

    21:07:30.0219 0x0fbc WdiSystemHost - ok

    21:07:30.0271 0x0fbc [ 4BA11DA929F6ECDB2C6232F5A866EE2E, 2F7E6016639E7F9F969F45B1584582252DD5C250271E4EA603939203C694E7FC ] WDSC C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

    21:07:30.0316 0x0fbc WDSC - ok

    21:07:30.0361 0x0fbc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll

    21:07:30.0378 0x0fbc WebClient - ok

    21:07:30.0408 0x0fbc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

    21:07:30.0425 0x0fbc Wecsvc - ok

    21:07:30.0446 0x0fbc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

    21:07:30.0453 0x0fbc wercplsupport - ok

    21:07:30.0475 0x0fbc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

    21:07:30.0481 0x0fbc WerSvc - ok

    21:07:30.0525 0x0fbc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

    21:07:30.0527 0x0fbc WfpLwf - ok

    21:07:30.0541 0x0fbc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

    21:07:30.0543 0x0fbc WIMMount - ok

    21:07:30.0569 0x0fbc WinDefend - ok

    21:07:30.0577 0x0fbc WinHttpAutoProxySvc - ok

    21:07:30.0687 0x0fbc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    21:07:30.0730 0x0fbc Winmgmt - ok

    21:07:30.0860 0x0fbc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll

    21:07:30.0935 0x0fbc WinRM - ok

    21:07:30.0971 0x0fbc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

    21:07:30.0973 0x0fbc WinUsb - ok

    21:07:31.0069 0x0fbc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

    21:07:31.0114 0x0fbc Wlansvc - ok

    21:07:31.0152 0x0fbc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

    21:07:31.0153 0x0fbc WmiAcpi - ok

    21:07:31.0204 0x0fbc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    21:07:31.0230 0x0fbc wmiApSrv - ok

    21:07:31.0261 0x0fbc WMPNetworkSvc - ok

    21:07:31.0276 0x0fbc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

    21:07:31.0281 0x0fbc WPCSvc - ok

    21:07:31.0323 0x0fbc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    21:07:31.0331 0x0fbc WPDBusEnum - ok

    21:07:31.0451 0x0fbc WPFFontCache_v0400 - ok

    21:07:31.0491 0x0fbc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    21:07:31.0496 0x0fbc ws2ifsl - ok

    21:07:31.0519 0x0fbc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll

    21:07:31.0525 0x0fbc wscsvc - ok

    21:07:31.0530 0x0fbc WSearch - ok

    21:07:31.0651 0x0fbc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll

    21:07:31.0726 0x0fbc wuauserv - ok

    21:07:31.0767 0x0fbc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

    21:07:31.0770 0x0fbc WudfPf - ok

    21:07:31.0786 0x0fbc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    21:07:31.0792 0x0fbc WUDFRd - ok

    21:07:31.0826 0x0fbc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

    21:07:31.0832 0x0fbc wudfsvc - ok

    21:07:31.0866 0x0fbc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll

    21:07:31.0883 0x0fbc WwanSvc - ok

    21:07:31.0888 0x0fbc ================ Scan global ===============================

    21:07:31.0929 0x0fbc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

    21:07:31.0963 0x0fbc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

    21:07:31.0987 0x0fbc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

    21:07:32.0025 0x0fbc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

    21:07:32.0093 0x0fbc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

    21:07:32.0118 0x0fbc [ Global ] - ok

    21:07:32.0118 0x0fbc ================ Scan MBR ==================================

    21:07:32.0129 0x0fbc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

    21:07:32.0391 0x0fbc \Device\Harddisk0\DR0 - ok

    21:07:32.0392 0x0fbc ================ Scan VBR ==================================

    21:07:32.0394 0x0fbc [ 71E6100A3C1DE5F5D7F8B96EB718ED80 ] \Device\Harddisk0\DR0\Partition1

    21:07:32.0397 0x0fbc \Device\Harddisk0\DR0\Partition1 - ok

    21:07:32.0400 0x0fbc Waiting for KSN requests completion. In queue: 329

    21:07:33.0400 0x0fbc Waiting for KSN requests completion. In queue: 18

    21:07:34.0400 0x0fbc Waiting for KSN requests completion. In queue: 18

    21:07:35.0465 0x0fbc AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2018.391 ), 0x41000 ( enabled : updated )

    21:07:35.0474 0x0fbc Win FW state via NFP2: enabled

    21:07:37.0951 0x0fbc ============================================================

    21:07:37.0951 0x0fbc Scan finished

    21:07:37.0951 0x0fbc ============================================================

    21:07:37.0969 0x11bc Detected object count: 0

    21:07:37.0969 0x11bc Actual detected object count: 0
     
  4. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  5. MrJeremyC

    MrJeremyC TS Rookie Topic Starter Posts: 18

    Mbar log :
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.05.01.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17041
    Administrator :: JEREMY-PC [administrator]

    4/30/2014 10:35:11 PM
    mbar-log-2014-04-30 (22-35-11).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 1111394
    Time elapsed: 1 hour(s), 25 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    System log:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17041

    Java version: 1.6.0_31

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.210000 GHz
    Memory total: 17179869184, free: 7504453632

    Downloaded database version: v2014.05.01.02
    Downloaded database version: v2014.03.27.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: EAFAF541

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 625137664
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished

    RKreport:

    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Remove -- Date : 04/30/2014 22:29:42
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : YkPack (regsvr32.exe C:\Users\Administrator\AppData\Local\YkPack\Toshibadb.dll [7][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-312574058-3821566464-896586647-500\[...]\Run : YkPack (regsvr32.exe C:\Users\Administrator\AppData\Local\YkPack\Toshibadb.dll [7][x]) -> [0x2] The system cannot find the file specified.
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] RunDAOD : C:\Windows\DAODx.exe [-] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAJB-00J3A0 ATA Device +++++
    --- User ---
    [MBR] 4d5ca54dab669f4102188a9a1225a1a5
    [BSP] 1786e8c85783abb37c80d92f7dbcec6c : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Officejet 6500 E USB Device +++++
    Error reading User MBR! ([0x15] The device is not ready. )
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    Finished : << RKreport[0]_D_04302014_222942.txt >>
    RKreport[0]_S_04302014_220744.txt
     
  6. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  7. MrJeremyC

    MrJeremyC TS Rookie Topic Starter Posts: 18

    ComboFix 14-04-30.01 - Administrator 05/02/2014 11:26:26.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.11176 [GMT -4:00]
    Running from: c:\users\Administrator\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-04-02 to 2014-05-02 )))))))))))))))))))))))))))))))
    .
    .
    2014-05-02 15:46 . 2014-05-02 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-05-02 15:46 . 2014-05-02 15:46 -------- d-----w- c:\users\Recording\AppData\Local\temp
    2014-05-02 15:46 . 2014-05-02 15:46 -------- d-----w- c:\users\Jeremy\AppData\Local\temp
    2014-05-02 07:27 . 2014-05-02 07:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{896BDD1E-7CE0-43CF-878C-846D7258B0C3}\offreg.dll
    2014-05-02 07:26 . 2014-04-17 09:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{896BDD1E-7CE0-43CF-878C-846D7258B0C3}\mpengine.dll
    2014-05-02 07:00 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
    2014-05-02 07:00 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-05-02 07:00 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-05-01 02:35 . 2014-05-01 04:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-04-26 16:58 . 2014-04-26 16:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2014-04-26 16:58 . 2014-04-26 16:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2014-04-26 16:58 . 2014-04-26 16:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2014-04-26 16:58 . 2014-04-26 16:58 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2014-04-26 16:58 . 2014-04-26 16:58 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2014-04-26 16:58 . 2014-04-26 16:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2014-04-26 16:58 . 2014-04-26 16:58 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2014-04-26 16:58 . 2014-04-26 16:58 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2014-04-26 16:58 . 2014-04-26 16:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2014-04-26 16:58 . 2014-04-26 16:58 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2014-04-26 16:58 . 2014-04-26 16:58 -------- d-----w- c:\program files (x86)\QuickTime
    2014-04-26 16:46 . 2014-05-02 15:21 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-04-25 14:58 . 2014-04-25 14:58 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVAST Software
    2014-04-25 14:55 . 2014-04-25 14:54 85328 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-04-25 14:55 . 2014-04-25 14:54 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-04-25 14:55 . 2014-04-25 14:54 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-04-25 14:55 . 2014-04-25 14:54 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-04-25 14:55 . 2014-04-25 14:54 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-04-25 14:55 . 2014-04-25 14:54 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-04-25 14:55 . 2014-04-25 14:54 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-04-25 14:55 . 2014-04-25 14:54 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-04-25 14:55 . 2014-04-25 14:54 334648 ----a-w- c:\windows\system32\aswBoot.exe
    2014-04-25 14:54 . 2014-04-25 14:54 43152 ----a-w- c:\windows\avastSS.scr
    2014-04-25 14:53 . 2014-04-25 14:53 -------- d-----w- c:\program files\AVAST Software
    2014-04-25 14:50 . 2014-04-25 14:51 -------- d-----w- c:\programdata\AVAST Software
    2014-04-25 14:50 . 2014-05-01 02:34 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-04-25 14:50 . 2014-04-25 14:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-04-25 14:50 . 2014-04-25 14:50 -------- d-----w- c:\programdata\Malwarebytes
    2014-04-25 14:50 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-04-25 14:50 . 2014-04-03 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-04-25 14:50 . 2014-04-25 14:50 -------- d-----w- c:\users\Administrator\AppData\Local\Programs
    2014-04-25 13:44 . 2014-04-25 13:44 -------- d-sh--w- c:\users\Administrator\AppData\Local\EmieUserList
    2014-04-25 13:44 . 2014-04-25 13:44 -------- d-sh--w- c:\users\Administrator\AppData\Local\EmieSiteList
    2014-04-24 07:00 . 2014-03-06 09:31 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-04-21 16:05 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
    2014-04-21 16:05 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
    2014-04-21 16:05 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
    2014-04-21 15:58 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
    2014-04-21 15:58 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
    2014-04-21 15:58 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2014-04-21 15:58 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
    2014-04-21 15:58 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
    2014-04-21 15:53 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-04-21 15:53 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-04-29 13:48 . 2012-04-23 18:56 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-04-29 13:48 . 2011-06-24 17:47 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-04-10 07:00 . 2011-04-16 21:12 90655440 ----a-w- c:\windows\system32\MRT.exe
    2014-03-31 13:35 . 2009-10-02 17:57 270496 ------w- c:\windows\system32\MpSigStub.exe
    2014-03-04 09:17 . 2014-04-21 15:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-30 17812480]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-25 3873704]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "20131224"="c:\program files\AVAST Software\Avast\setup\emupdate\6531e30f-661c-48bb-b7ff-37d0e729b2a0.exe" [2014-04-29 181136]
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4554752]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    .
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [x]
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys;c:\windows\SYSNATIVE\drivers\SynUSB64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]
    S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
    S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
    S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
    S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys;c:\windows\SYSNATIVE\DRIVERS\RTL85n64.sys [x]
    S3 TASCAM_M_164UF;TASCAM M-164UF Audio Device driver;c:\windows\system32\Drivers\tm164ufu.sys;c:\windows\SYSNATIVE\Drivers\tm164ufu.sys [x]
    S3 TASCAM_M_164UF_WDM;TASCAM M-164UF WDM;c:\windows\system32\drivers\tm164ufa.sys;c:\windows\SYSNATIVE\drivers\tm164ufa.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 21516089
    *Deregistered* - 21516089
    *Deregistered* - eamon
    *Deregistered* - easdrv
    *Deregistered* - epfwtdir
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-04-25 14:54 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3b,4d,
    95,1f,f9,d4,05,b5,2e,8e,21,08,c8,c9,1f
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:b0,a2,65,e4,e9,77,ce,01
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,94,0f,a6,83,33,49,4b,8f,ed,57,\
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,94,0f,a6,83,33,49,4b,8f,ed,57,\
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MOV"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FoxitReader.Document"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ttffile"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-312574058-3821566464-896586647-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.13"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-05-02 11:54:49
    ComboFix-quarantined-files.txt 2014-05-02 15:54
    .
    Pre-Run: 174,176,096,256 bytes free
    Post-Run: 181,457,362,944 bytes free
    .
    - - End Of File - - 3FAD13DCF043AB9C962760E08A55748B
    A36C5E4F47E84449FF07ED3517B43A31
     
  8. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. MrJeremyC

    MrJeremyC TS Rookie Topic Starter Posts: 18

    AdwCleaner::
    # AdwCleaner v3.207 - Report created 05/05/2014 at 16:28:25
    # Updated 05/05/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Administrator - JEREMY-PC
    # Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\Users\Jeremy\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Jeremy\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Jeremy\AppData\Roaming\pdfforge
    File Deleted : C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\72c11s89.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\DeviceVM
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
    Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041


    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\prefs.js ]


    [ File : C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\72c11s89.default\prefs.js ]


    [ File : C:\Users\Recording\AppData\Roaming\Mozilla\Firefox\Profiles\z2sop8nv.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [2199 octets] - [05/05/2014 16:27:15]
    AdwCleaner[S0].txt - [2152 octets] - [05/05/2014 16:28:25]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2212 octets] ##########

    JRT:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Administrator on Mon 05/05/2014 at 16:32:47.67
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\1rsi0htq.default\extensions\info@priceblink.com.xpi



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 05/05/2014 at 16:38:41.56
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    OTL?
     
  11. MrJeremyC

    MrJeremyC TS Rookie Topic Starter Posts: 18

    Sorry, I read the alternative download and thought it said download OTL if the others don't work...

    OTL:
    OTL logfile created on: 5/5/2014 9:08:20 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    16.00 Gb Total Physical Memory | 13.87 Gb Available Physical Memory | 86.69% Memory free
    32.00 Gb Paging File | 29.76 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 298.09 Gb Total Space | 168.37 Gb Free Space | 56.48% Space Free | Partition Type: NTFS
    Computer Name: JEREMY-PC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2014/05/05 21:07:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    PRC - [2014/04/25 10:54:14 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/04/25 10:54:14 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/01/18 15:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    PRC - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2009/01/03 01:19:02 | 004,067,840 | ---- | M] () -- C:\Program Files\ASUS\EPU\EPU.exe
    PRC - [2008/11/26 10:36:12 | 000,323,584 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
    PRC - [2008/11/24 05:45:04 | 000,621,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.81\aaCenter.exe
    PRC - [2008/08/15 04:23:20 | 000,086,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
    PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
    ========== Modules (No Company Name) ==========
    MOD - [2014/04/25 10:54:14 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/08/18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    MOD - [2009/01/03 01:19:02 | 004,067,840 | ---- | M] () -- C:\Program Files\ASUS\EPU\EPU.exe
    MOD - [2008/11/24 05:45:04 | 000,621,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.81\aaCenter.exe
    MOD - [2008/04/15 10:07:34 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\EPU\AsSpindownTimeout.dll
    MOD - [2008/01/17 04:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.81\cpuutil.dll
    MOD - [2006/05/25 05:18:08 | 000,106,548 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.81\PowNap.dll
    MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
    MOD - [2005/05/11 16:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU\pngio.dll
    ========== Services (SafeList) ==========
    SRV:64bit: - [2014/04/25 10:54:14 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/05/10 11:34:50 | 000,130,560 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV - [2014/03/30 20:29:57 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
    SRV - [2010/05/10 11:31:54 | 000,483,328 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/22 13:01:30 | 000,124,256 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
    SRV - [2008/11/26 10:36:12 | 000,323,584 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
    SRV - [2008/10/16 20:31:12 | 000,906,752 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2008/08/15 04:23:20 | 000,086,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
    ========== Driver Services (SafeList) ==========
    DRV:64bit: - [2014/04/25 10:54:18 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2014/04/25 10:54:18 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2014/04/25 10:54:18 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2014/04/25 10:54:18 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
    DRV:64bit: - [2014/04/25 10:54:18 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2014/04/25 10:54:18 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2014/04/25 10:54:18 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
    DRV:64bit: - [2014/04/25 10:54:17 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/03/23 02:17:06 | 001,462,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
    DRV:64bit: - [2010/03/19 09:57:28 | 000,397,888 | ---- | M] (TASCAM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tm164ufu.sys -- (TASCAM_M_164UF)
    DRV:64bit: - [2010/03/19 09:57:28 | 000,050,240 | ---- | M] (TASCAM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tm164ufa.sys -- (TASCAM_M_164UF_WDM)
    DRV:64bit: - [2009/08/23 05:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/26 12:28:08 | 001,149,440 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2008/04/27 20:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2006/11/16 17:58:46 | 000,031,248 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synUSB64.sys -- (SynasUSB)
    DRV:64bit: - [2006/10/31 18:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 81 74 7D 48 47 CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    ========== FireFox ==========
    FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
    FF - prefs.js..extensions.enabledAddons: %7BB1EE4FDD-01A4-7379-75F7-CB875ADE66C0%7D:4.0.0
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
    FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.22
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/25 10:54:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/26 12:58:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/04/26 12:58:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    [2011/09/19 10:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
    [2014/05/05 16:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\extensions
    [2013/04/17 09:29:18 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2013/12/19 11:10:51 | 000,000,000 | ---D | M] (Color Calibration Loader) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\extensions\{B1EE4FDD-01A4-7379-75F7-CB875ADE66C0}
    [2014/05/05 11:11:04 | 000,126,171 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\extensions\elemhidehelper@adblockplus.org.xpi
    [2014/05/05 11:22:29 | 000,538,363 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2014/05/05 11:11:05 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014/04/30 21:28:38 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2014/03/30 20:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/03/30 20:29:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2014/04/25 10:54:29 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/02/27 12:54:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    ========== Chrome ==========
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage:
    CHR - Extension: Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
    O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77353E19-998A-48BA-9EAB-38BB0783FB9D}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
    ========== Files/Folders - Created Within 30 Days ==========
    [2014/05/05 21:07:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2014/05/05 16:32:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/05/05 16:27:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/05/05 16:25:42 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Administrator\Desktop\JRT.exe
    [2014/05/02 11:54:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/05/02 11:24:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/05/02 11:24:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/05/02 11:24:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/05/02 11:22:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/05/02 11:22:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/04/30 22:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/04/26 12:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2014/04/26 12:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2014/04/26 12:46:46 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/04/25 10:58:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVAST Software
    [2014/04/25 10:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/04/25 10:55:17 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
    [2014/04/25 10:55:15 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2014/04/25 10:55:14 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2014/04/25 10:55:12 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2014/04/25 10:55:11 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2014/04/25 10:55:06 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2014/04/25 10:54:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/04/25 10:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/04/25 10:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/04/25 10:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/04/25 10:50:32 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/04/25 10:50:32 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2014/04/25 10:50:32 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/04/25 10:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2014/04/25 10:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/04/25 10:50:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs
    [2014/04/25 09:44:30 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\EmieUserList
    [2014/04/25 09:44:30 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\EmieSiteList
    [2014/04/25 09:40:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Save ME
    [2014/04/24 03:01:25 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/04/24 03:01:13 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/04/24 03:01:06 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/04/24 03:00:59 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/04/24 03:00:59 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
    [2014/04/24 03:00:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/04/24 03:00:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2014/04/24 03:00:58 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2014/04/24 03:00:58 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/04/24 03:00:58 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2014/04/24 03:00:58 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2014/04/24 03:00:58 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/04/24 03:00:58 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/04/24 03:00:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/04/24 03:00:57 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/04/24 03:00:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/04/24 03:00:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/04/24 03:00:56 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/04/24 03:00:56 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    [2014/04/24 03:00:55 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2014/04/24 03:00:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2014/04/24 03:00:54 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2014/04/24 03:00:54 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2014/04/24 03:00:54 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2014/04/24 03:00:54 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2014/04/24 03:00:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2014/04/24 03:00:53 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/04/24 03:00:53 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/04/24 03:00:51 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/04/21 12:05:17 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
    [2014/04/21 12:05:17 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
    [2014/04/21 12:04:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
    [2014/04/21 12:04:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
    [2014/04/21 12:04:25 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
    [2014/04/21 12:04:25 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
    [2014/04/21 12:04:25 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
    [2014/04/21 12:04:25 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
    [2014/04/21 12:04:25 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
    [2014/04/21 12:04:25 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
    [2014/04/21 12:04:25 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
    [2014/04/21 12:04:25 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
    [2014/04/21 12:04:25 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    [2014/04/21 12:04:25 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
    [2014/04/21 12:04:25 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
    [2014/04/21 12:04:25 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
    [2014/04/21 12:04:25 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
    [2014/04/21 12:04:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
    [2014/04/21 12:04:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
    [2014/04/21 12:04:25 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
    [2014/04/21 12:04:25 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
    [2014/04/21 12:04:21 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2014/04/21 12:04:21 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2014/04/21 11:58:25 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
    [2014/04/21 11:58:25 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
    [2014/04/21 11:58:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
    [2014/04/21 11:58:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
    [2014/04/21 11:56:55 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
    [2014/04/21 11:56:55 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
    [2014/04/21 11:56:21 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2014/04/21 11:56:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2014/04/21 11:56:19 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2014/04/21 11:56:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2014/04/21 11:56:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2014/04/21 11:56:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2014/04/21 11:56:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2014/04/21 11:56:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2014/04/21 11:56:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2014/04/21 11:56:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2014/04/21 11:53:37 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    ========== Files - Modified Within 30 Days ==========
    [2014/05/05 21:07:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2014/05/05 16:37:30 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/05/05 16:37:30 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/05/05 16:36:54 | 000,799,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/05/05 16:36:54 | 000,674,782 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/05/05 16:36:54 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/05/05 16:30:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/05/05 16:29:47 | 4294,967,293 | -HS- | M] () -- C:\hiberfil.sys
    [2014/05/05 16:28:45 | 000,000,012 | -H-- | M] () -- C:\Windows\SysWow64\%sdvmexp.idx
    [2014/05/05 16:25:44 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Administrator\Desktop\JRT.exe
    [2014/05/05 16:25:40 | 001,316,991 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
    [2014/05/02 11:21:10 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/04/30 22:34:25 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/04/29 09:48:18 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/04/29 09:48:18 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/04/25 10:56:00 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/04/25 10:54:18 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2014/04/25 10:54:18 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2014/04/25 10:54:18 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2014/04/25 10:54:18 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2014/04/25 10:54:18 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
    [2014/04/25 10:54:18 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2014/04/25 10:54:18 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2014/04/25 10:54:18 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
    [2014/04/25 10:54:17 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2014/04/25 10:54:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/04/23 14:05:35 | 000,496,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/04/17 11:27:34 | 000,001,863 | ---- | M] () -- C:\Users\Administrator\AppData\Local\recently-used.xbel
    [2014/04/13 02:43:04 | 000,000,075 | ---- | M] () -- C:\Windows\SysNative\xtpuwnk.gtv
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    ========== Files Created - No Company Name ==========
    [2014/05/05 16:28:45 | 000,000,012 | -H-- | C] () -- C:\Windows\SysWow64\%sdvmexp.idx
    [2014/05/05 16:25:31 | 001,316,991 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
    [2014/05/02 11:24:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/05/02 11:24:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/05/02 11:24:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/05/02 11:24:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/05/02 11:24:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/04/25 10:56:00 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/04/25 10:55:16 | 000,208,416 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2014/04/25 10:55:13 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2014/04/25 10:55:12 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
    [2014/04/17 11:27:34 | 000,001,863 | ---- | C] () -- C:\Users\Administrator\AppData\Local\recently-used.xbel
    [2014/02/26 04:09:00 | 000,791,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/12/19 10:35:52 | 000,000,887 | ---- | C] () -- C:\Users\Administrator\.lmmsrc.xml
    [2011/03/30 15:42:45 | 000,000,151 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2009/09/19 14:31:51 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
    ========== ZeroAccess Check ==========
    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    ========== Alternate Data Streams ==========
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

    < End of report >
     
     
  12. MrJeremyC

    MrJeremyC TS Rookie Topic Starter Posts: 18

    OTL Extras:

    OTL Extras logfile created on: 5/5/2014 9:08:20 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    16.00 Gb Total Physical Memory | 13.87 Gb Available Physical Memory | 86.69% Memory free
    32.00 Gb Paging File | 29.76 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 298.09 Gb Total Space | 168.37 Gb Free Space | 56.48% Space Free | Partition Type: NTFS
    Computer Name: JEREMY-PC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    ========== Extra Registry (SafeList) ==========
    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    ========== Shell Spawning ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Add to archive] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2multi" "%1" (Giorgio Tani)
    Directory [Browse path with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browsepath" "%1" (Giorgio Tani)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Add to archive] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2multi" "%1" (Giorgio Tani)
    Directory [Browse path with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browsepath" "%1" (Giorgio Tani)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
    ========== Security Center Settings ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    ========== System Restore Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
    ========== Firewall Settings ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    ========== Authorized Applications List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    ========== Vista Active Open Ports Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{067D1991-9A3A-4781-87AE-6C6D9671DDAD}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{55D336C6-7A9A-46C1-B8F1-98A1C370FE6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{59B127DE-8BEF-4E4F-8E32-D1026757AFDC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7CE1533F-58D7-4307-9512-58F2A3EE4D95}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{87F9EABB-0A1F-4C6A-849D-DEB2ACE5E7AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9EE6BC0F-AA90-4857-A9CE-736859F60386}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{AD8E986B-4DAC-4214-A6A3-2E77C454909D}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{E1189DC3-14B5-4879-AA7A-583FC0C9FEF2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{E4B7F78B-E689-45F5-BF8D-1E313915EF80}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F3315FEE-786D-4072-B2A7-82142D7938DB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    ========== Vista Active Application Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{14665533-60D6-4A00-A8D4-53651D930438}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{1E132522-0F66-4328-831A-26986A63FA10}" = protocol=17 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\regtool.exe |
    "{247628C0-6052-4526-820F-503A99EF77A0}" = protocol=6 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\regtool.exe |
    "{2866F135-727B-401F-80A3-582B9FDEC34B}" = protocol=6 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\regtool.exe |
    "{31853AE5-919E-46EC-AB8B-3E4B77910D19}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{33DB2969-8FE9-4B19-8B77-88023A470C80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{49CE5DA1-98DF-40BD-A5C8-2DD1E3647B05}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{585E202B-83C9-4027-9B06-0FCB2A9CC74F}" = protocol=17 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\sibelius.exe |
    "{658AAC6D-25AB-4981-9865-BC7D926389D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{66CBEF44-76AA-4664-950F-F4EB0AFA96D8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{6A61B425-92C9-4A6B-95FA-A88B51B30750}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{6BDA1A57-4CAB-4A9E-AE53-AF45FF19DFBD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
    "{708A9C47-3AC6-41B6-9D84-BB4BB4515001}" = protocol=17 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\sibelius.exe |
    "{741D7FB2-CEAE-489B-BBB3-70297B1FC72C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7A6766CB-48E1-49BA-B494-6CD6C8D4D69D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{7D85FB18-140E-4AC4-A382-1BE24A427852}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{90F2C766-3A5F-4D10-9768-49E1E5E7C953}" = protocol=17 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\regtool.exe |
    "{92E51F7D-B61B-4650-A067-BC8CC294E8FE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{9670BEC1-CFFC-4E1E-8A8C-D90E87FE0AA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{B8490225-219B-471D-8061-E14D5072C1BE}" = protocol=6 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\sibelius.exe |
    "{C22391CB-EF86-45CB-A488-B3EAB7AAC93F}" = protocol=6 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\sibelius.exe |
    "{D39F56DB-7348-4679-82B9-6C7100FC8A4B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
    "{D4C0A79A-5330-4993-BE0D-DAB50D7443A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
    "{E2647DD1-0D65-49B6-A16E-588661D49E03}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{4145EAA7-9B87-4F13-8D12-BEB3BE55561D}" = WD SmartWare
    "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.2.1
    "{68451E5C-0A9C-4D5C-8D06-6E296242E908}" = 64 Bit HP CIO Components Installer
    "{6AE1CCC4-E49F-4107-BBCA-7B5984F47AE1}" = Network64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
    "{93D7DF53-FDD4-4270-B83C-1EBC15FA1A87}" = Enthought Canopy (64-bit)
    "{9F371E59-D2B3-18B8-4816-5C398DA2C6EE}" = ATI Catalyst Install Manager
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
    "{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
    "{F22C2B2B-B9DD-6546-50E6-5D0ABDE2F948}" = ccc-utility64
    "{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CutePDF Writer Installation" = CutePDF Writer 3.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 12.0
    "HPOCR" = OCR Software by I.R.I.S. 12.0
    "USB_AUDIO_DEusb-audio.deTascamM164UF" = M-164UF driver
    "z3ta+_x64_is1" = rgc:audio z3ta+ 1.5 (x64)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{0122791A-3E7B-6255-835A-56962591DB54}" = HydraVision
    "{01985013-2C45-AA2F-738B-44A3C68CC446}" = CCC Help Greek
    "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
    "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
    "{0ADFF561-2ACB-C208-6392-CA8FFE425238}" = Catalyst Control Center Localization Dutch
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1307BF0D-F51D-BA44-4E4D-CCF29547C45E}" = Catalyst Control Center Localization Chinese Traditional
    "{1546B63B-75E5-B5CD-38A6-DA1105EE7894}" = CCC Help Portuguese
    "{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
    "{1FC773D1-20BB-226D-C24A-5795D5384522}" = CCC Help Finnish
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{29D3A495-820A-0F8D-6186-1F13A015A444}" = CCC Help Italian
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    "{32CA04A9-B353-3A8D-6E52-7024A34C0BA4}" = Catalyst Control Center Localization Chinese Standard
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
    "{3B608514-5992-253E-FA26-B08BBB61A433}" = CCC Help Polish
    "{47E82E11-22ED-275E-47DB-934FE15B7062}" = CCC Help Chinese Standard
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C0F624E-F638-39C9-3966-10AB2B328CB9}" = Catalyst Control Center Localization Swedish
    "{4D283EF1-D3DA-28A1-7DD6-DC87C3B547FA}" = Catalyst Control Center Localization German
    "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
    "{4DF05FE8-5AE3-37CA-AB85-95E5B5FDE06D}" = Catalyst Control Center Localization Polish
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{577FC182-81D6-A5AC-26C0-743C8E6931FA}" = Catalyst Control Center Localization Italian
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{5A5DA3E1-9A4B-1C5F-441B-3421DC7BB2F0}" = CCC Help English
    "{5C82AA24-36DF-4268-F491-D1FF44745774}" = Catalyst Control Center Localization Russian
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5F917C87-B0E4-DB70-EF55-1497D5DC76F0}" = Catalyst Control Center Graphics Light
    "{600902DD-06B9-F28D-4CDB-401FF240A36F}" = ccc-core-static
    "{63C16E81-327C-49B6-9643-4F5EFD8A6B2D}" = winLAME 2010 beta 2
    "{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
    "{67F357D9-098D-76F0-AC96-4F64980EF7C8}" = CCC Help Spanish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
    "{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73452E17-0FAD-9180-7EE2-117F9BE40400}" = Catalyst Control Center Localization Hungarian
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78C0C6A7-F4ED-C37C-7486-DFEDACD69919}" = Catalyst Control Center Localization Finnish
    "{7E3392D9-11D6-FE22-F75B-B2746820ED6A}" = Catalyst Control Center Graphics Full New
    "{8064DB5F-0A68-1060-074B-12AA3C0ABB27}" = CCC Help Japanese
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8792E984-ECAE-0479-2074-FF9492EF4467}" = CCC Help Hungarian
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E56B06F-CE0D-C7B3-B966-284BC89C9106}" = Skins
    "{9072286C-553F-76CF-7F57-77BFBA9A79F5}" = Catalyst Control Center Graphics Previews Vista
    "{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
    "{927AD7B9-5AC6-00CD-4DE0-CAA5453DACE2}" = CCC Help Chinese Traditional
    "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
    "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
    "{9FCB512F-3C4A-58C6-9F3F-D75F19910F43}" = CCC Help Swedish
    "{A1F7A6B7-FC3A-5F8C-3C06-A5FA3196FC44}" = Catalyst Control Center HydraVision Full
    "{A2E71116-939C-8E6E-BAF0-72067071D608}" = Catalyst Control Center Localization French
    "{A344C84E-E80A-9E6F-AD7A-D1FDBFD0DBD0}" = Catalyst Control Center Localization Portuguese
    "{A5DE0993-D9E4-A2D7-2C27-D9B69EA57E88}" = Catalyst Control Center Localization Greek
    "{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
    "{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
    "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
    "{B0C594B1-6D6D-5CE7-578C-129E8237498E}" = Catalyst Control Center Localization Danish
    "{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
    "{B1FB05D6-5320-3435-6296-A9F130D135D1}" = CCC Help Danish
    "{B27258E7-3767-95A5-00F4-9BBE076E90B7}" = Catalyst Control Center Localization Turkish
    "{B289E3ED-445A-EE12-0C18-0796F561D95B}" = CCC Help Turkish
    "{B51230A4-6DB8-79A5-0853-89DB5F2A7F45}" = Catalyst Control Center Localization Korean
    "{B560D202-64EA-45BD-1B23-34900AD394C6}" = CCC Help French
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
    "{BAFDE319-0920-489C-8F9D-25317C168AA6}_is1" = Video to FLV and SWF Converter 4.1
    "{BC8B6A6B-BE06-5EFD-90DD-10BC70A71E50}" = Catalyst Control Center Localization Czech
    "{BC8DFF59-3741-A6A1-C719-C203251BD856}" = CCC Help Korean
    "{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
    "{C6CB6592-EF14-158B-AD36-3510A6E0AEAD}" = Catalyst Control Center Localization Thai
    "{CB6137F7-279F-2398-6475-7AD004BCE1DB}" = Catalyst Control Center Graphics Full Existing
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D06F20A5-33C5-63AC-2246-5FC6C75F58CD}" = Catalyst Control Center Core Implementation
    "{D3FEAB89-FC11-9087-B744-8E8EDBB4EF9E}" = Catalyst Control Center Localization Spanish
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D88D0662-5A72-3842-344F-B50D8E9846DD}" = Catalyst Control Center Localization Norwegian
    "{DB4FF013-FA85-4F86-8945-6E0B41A2D3CA}" = CCC Help Dutch
    "{DB697789-11C9-03B5-3D8B-6DC3FD68C116}" = Catalyst Control Center Localization Japanese
    "{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
    "{DE7D2953-419D-9852-47A7-6A5541FDE420}" = Catalyst Control Center Graphics Previews Common
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E13DBD80-0D28-4EFA-72BC-426DFEEFC92E}" = CCC Help Czech
    "{E27B4ED5-034C-ACA7-84FB-7D59FB77FFC8}" = CCC Help German
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E73233EE-860B-0F02-93C6-7ADB692D485C}" = CCC Help Norwegian
    "{EB0F4554-AD4F-4C8C-9764-66AC2CF8D184}" = AMD OverDrive
    "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
    "{F2ADE6DA-47E5-87B6-1A4F-EEE4E30A3ED8}" = Catalyst Control Center InstallProxy
    "{F63B780A-ED19-3B5E-5869-07755DD3B27C}" = CCC Help Thai
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
    "{FB63D9F1-5DBC-EDE3-5D14-0F1401821BB3}" = CCC Help Russian
    "{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "Audacity_is1" = Audacity 1.2.6
    "Avast" = avast! Free Antivirus
    "BB_is1" = Band-in-a-Box 2010 (Build 288)
    "FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
    "Foxit Reader" = Foxit Reader
    "Free RAR Extract Frog" = Free RAR Extract Frog
    "Inkscape" = Inkscape 0.48.4
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "LMMS" = LMMS 0.4.15
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
    "Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Native Instruments Sibelius Player" = Native Instruments Sibelius Player
    "PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
    "PG_DX_Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
    "Plants vs. Zombies" = Plants vs. Zombies
    "Syncrosoft License Control" = Syncrosoft License Control
    "VST Bridge_is1" = VST Bridge 1.1
    "WinAVI FLV Converter 1.0_is1" = WinAVI FLV Converter
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
    "Wubi" = Ubuntu
    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. MrJeremyC

    MrJeremyC TS Rookie Topic Starter Posts: 18

    OTL :
    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: Administrator
    ->Temp folder emptied: 4223964 bytes
    ->Temporary Internet Files folder emptied: 1724843 bytes
    ->Java cache emptied: 12104845 bytes
    ->FireFox cache emptied: 82415260 bytes
    ->Google Chrome cache emptied: 819568 bytes
    ->Flash cache emptied: 56979 bytes
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 57472 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: Jeremy
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5745767 bytes
    ->Java cache emptied: 14534758 bytes
    ->FireFox cache emptied: 299787327 bytes
    ->Flash cache emptied: 2801213 bytes
    User: Public
    ->Temp folder emptied: 0 bytes
    User: Recording
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 195 bytes
    ->FireFox cache emptied: 38976070 bytes
    ->Flash cache emptied: 42800 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 1591808 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 35826839 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287000 bytes
    RecycleBin emptied: 42010752 bytes
    Total Files Cleaned = 558.00 mb
    [EMPTYJAVA]
    User: Administrator
    ->Java cache emptied: 0 bytes
    User: All Users
    User: Default
    User: Default User
    User: Jeremy
    ->Java cache emptied: 0 bytes
    User: Public
    User: Recording
    Total Java Files Cleaned = 0.00 mb
    [EMPTYFLASH]
    User: Administrator
    ->Flash cache emptied: 0 bytes
    User: All Users
    User: Default
    ->Flash cache emptied: 0 bytes
    User: Default User
    ->Flash cache emptied: 0 bytes
    User: Jeremy
    ->Flash cache emptied: 0 bytes
    User: Public
    User: Recording
    ->Flash cache emptied: 0 bytes
    Total Flash Files Cleaned = 0.00 mb
    OTL by OldTimer - Version 3.2.69.0 log created on 05062014_214655

    Files\Folders moved on Reboot...
    C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  15. MrJeremyC

    MrJeremyC TS Rookie Topic Starter Posts: 18

    Security Check:

    Results of screen317's Security Check version 0.99.82
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player 11.2.202.233 Flash Player out of Date!
    Mozilla Firefox (28.0)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  16. MrJeremyC

    MrJeremyC TS Rookie Topic Starter Posts: 18

    FSS:

    Farbar Service Scanner Version: 03-05-2014
    Ran by Administrator (administrator) on 06-05-2014 at 22:08:19
    Running from "C:\Users\Administrator\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  17. MrJeremyC

    MrJeremyC TS Rookie Topic Starter Posts: 18

    Eset:

    C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1rsi0htq.default\extensions\{B1EE4FDD-01A4-7379-75F7-CB875ADE66C0}\components\ColorCalibrationLoader.js Win32/Boaxxe.BE trojan cleaned by deleting - quarantined
     
  18. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    [​IMG] Update Firefox to the current 29.0 version.

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] 1. Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==================================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    The issue seems to be resolved.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.