Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lock ups in Win7


  • Please log in to reply

#16
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
This will check your critical system files. Does this finish without complaint? ...Yes!
I need more help with the FRST repair that you asked for.
Thanks, Bry
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I see FRST crashed. Run it again and just tell it to do a Scan and post its log. Go on to the other steps even if it crashes again.
  • 0

#18
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Thanks...
Here is the re-scan of FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013
Ran by BC (administrator) on CHINOOK on 10-11-2013 11:09:40
Running from C:\Users\BC\Downloads
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
() C:\Program Files\WordWeb\wweb32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Farbar) C:\Users\BC\Downloads\FRST(5).exe
() C:\Program Files\AVG\AVG2014\avgmfapx.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [WordWeb] - C:\Program Files\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
URLSearchHook: HKLM - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKCU - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\BC\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\BC\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll (Search.Us.com)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz

Chrome:
=======
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR RestoreOnStartup: "hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5"]}},"browser":{"clear_lso_data_enabled":true,"last_known_google_url":"https://www.google.c...om/favicon.ico"
CHR Extension: (Google Docs) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (DAP Link Checker) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.8_0
CHR Extension: (Google Search) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0
CHR Extension: (avast! WebRep) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-04-02] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [772728 2013-02-27] (Speedbit Ltd.)

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-16] (AVG Technologies)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-08-09] (Egis Technology Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [827904 2009-11-26] (Ralink Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-03] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-06] (Realtek Semiconductor Corp.)
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2013-02-27] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R4 Avgdiskx; system32\DRIVERS\avgdiskx.sys [x]
R4 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [x]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [x]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-10 11:01 - 2013-11-10 11:01 - 01090265 _____ (Farbar) C:\Users\BC\Downloads\FRST(5).exe
2013-11-10 11:00 - 2013-11-10 11:00 - 01090265 _____ (Farbar) C:\Users\BC\Downloads\FRST(4).exe
2013-11-10 10:59 - 2013-11-10 10:59 - 00262088 _____ C:\Users\BC\Downloads\FRST(3).exe
2013-11-10 10:48 - 2013-11-10 10:48 - 01089447 _____ (Farbar) C:\Users\BC\Downloads\FRST(2).exe
2013-11-08 15:13 - 2013-11-10 10:44 - 00000224 _____ C:\Windows\setupact.log
2013-11-08 15:13 - 2013-11-08 15:13 - 00000358 _____ C:\Windows\PFRO.log
2013-11-08 15:13 - 2013-11-08 15:13 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 14:01 - 2013-11-08 14:01 - 00000000 ____D C:\FRST
2013-11-08 14:00 - 2013-11-08 14:00 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST(1).exe
2013-11-08 13:46 - 2013-11-08 13:46 - 00000988 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-08 13:38 - 2013-11-08 13:43 - 24278649 _____ C:\Users\BC\Downloads\vlc-2.1.0-win32.exe
2013-11-08 13:23 - 2013-11-08 14:18 - 00132750 _____ C:\Users\BC\Downloads\OTL.Txt
2013-11-08 13:23 - 2013-11-08 14:18 - 00041698 _____ C:\Users\BC\Downloads\Extras.Txt
2013-11-07 17:54 - 2013-11-07 17:54 - 00000000 ____D C:\Users\BC\AppData\Local\{3B375EDC-7B9F-4182-95FB-B5720A3E1B76}
2013-11-07 15:51 - 2013-11-07 15:51 - 00601088 _____ (OldTimer Tools) C:\Users\BC\Downloads\OTL.exe
2013-11-07 15:32 - 2013-11-08 14:10 - 00009516 _____ C:\Users\BC\Downloads\Addition.txt
2013-11-07 15:29 - 2013-11-07 15:29 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST.exe
2013-11-07 15:25 - 2013-11-07 15:25 - 00003621 _____ C:\Users\BC\Desktop\JRT.txt
2013-11-07 15:15 - 2013-11-07 15:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 15:14 - 2013-11-07 15:14 - 01034531 _____ (Thisisu) C:\Users\BC\Downloads\JRT.exe
2013-11-07 15:03 - 2013-11-07 15:07 - 00000000 ____D C:\AdwCleaner
2013-11-07 15:02 - 2013-11-07 15:03 - 01073262 _____ C:\Users\BC\Downloads\AdwCleaner.exe
2013-11-07 13:24 - 2013-11-07 13:24 - 02143832 _____ C:\Users\BC\Downloads\instsf449(1).exe
2013-11-07 13:23 - 2013-11-07 13:23 - 02143832 _____ C:\Users\BC\Downloads\instsf449.exe
2013-11-07 13:20 - 2013-11-07 13:20 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-11-07 12:55 - 2013-11-07 13:24 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-11-07 12:55 - 2013-11-07 13:24 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-11-05 12:15 - 2013-11-05 12:15 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\BC\Downloads\autoruns.exe
2013-10-30 15:05 - 2013-10-30 15:06 - 07752897 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst.exe
2013-10-30 14:56 - 2013-10-30 15:01 - 00000000 ____D C:\Program Files\FlashGet
2013-10-30 14:56 - 2013-10-30 14:56 - 00000000 ____D C:\Users\BC\AppData\Roaming\FlashGet
2013-10-30 14:54 - 2013-10-30 14:55 - 04653240 _____ C:\Users\BC\Downloads\flashget196en.exe
2013-10-30 14:36 - 2013-11-10 10:47 - 00312245 _____ C:\Windows\WindowsUpdate.log
2013-10-30 14:34 - 2013-10-30 14:34 - 00000000 ____D C:\Users\BC\AppData\Roaming\GetGo Software
2013-10-30 14:31 - 2013-10-30 14:48 - 00000000 ____D C:\Program Files\GetGo Software
2013-10-30 14:27 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-30 14:27 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-30 14:21 - 2013-10-30 14:21 - 00282784 _____ (Mozilla) C:\Users\BC\Downloads\Firefox Setup Stub 25.0.exe
2013-10-30 13:56 - 2013-10-31 09:30 - 00003734 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-10-30 13:45 - 2013-11-02 15:14 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-10-25 12:40 - 2013-10-25 12:40 - 00000000 ____D C:\ProgramData\Free Download Manager
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-19 13:05 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-18 12:37 - 2013-10-18 12:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-17 14:02 - 2013-10-17 14:02 - 00235781 _____ C:\Users\BC\AppData\Local\census.cache
2013-10-17 14:02 - 2013-10-17 14:02 - 00103792 _____ C:\Users\BC\AppData\Local\ars.cache
2013-10-16 15:09 - 2013-10-16 15:09 - 00000036 _____ C:\Users\BC\AppData\Local\housecall.guid.cache
2013-10-16 13:26 - 2013-10-30 13:36 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-10-16 13:23 - 2013-10-16 13:23 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2013-10-16 13:21 - 2013-11-10 11:09 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-12 14:12 - 2013-10-12 14:12 - 00000000 ____D C:\Users\Public\Documents\sun
2013-10-12 14:10 - 2013-10-12 14:10 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk

==================== One Month Modified Files and Folders =======

2013-11-10 11:09 - 2013-10-16 13:21 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-10 11:09 - 2011-12-09 16:38 - 00000000 ____D C:\Program Files\AVG
2013-11-10 11:09 - 2011-12-09 16:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-10 11:01 - 2013-11-10 11:01 - 01090265 _____ (Farbar) C:\Users\BC\Downloads\FRST(5).exe
2013-11-10 11:00 - 2013-11-10 11:00 - 01090265 _____ (Farbar) C:\Users\BC\Downloads\FRST(4).exe
2013-11-10 10:59 - 2013-11-10 10:59 - 00262088 _____ C:\Users\BC\Downloads\FRST(3).exe
2013-11-10 10:51 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-10 10:51 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-10 10:49 - 2010-11-20 16:01 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-10 10:48 - 2013-11-10 10:48 - 01089447 _____ (Farbar) C:\Users\BC\Downloads\FRST(2).exe
2013-11-10 10:47 - 2013-10-30 14:36 - 00312245 _____ C:\Windows\WindowsUpdate.log
2013-11-10 10:44 - 2013-11-08 15:13 - 00000224 _____ C:\Windows\setupact.log
2013-11-10 10:44 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-10 10:31 - 2012-06-12 14:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-08 19:48 - 2011-12-09 17:28 - 00000000 ____D C:\Users\BC\AppData\Roaming\vlc
2013-11-08 15:13 - 2013-11-08 15:13 - 00000358 _____ C:\Windows\PFRO.log
2013-11-08 15:13 - 2013-11-08 15:13 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 14:18 - 2013-11-08 13:23 - 00132750 _____ C:\Users\BC\Downloads\OTL.Txt
2013-11-08 14:18 - 2013-11-08 13:23 - 00041698 _____ C:\Users\BC\Downloads\Extras.Txt
2013-11-08 14:10 - 2013-11-07 15:32 - 00009516 _____ C:\Users\BC\Downloads\Addition.txt
2013-11-08 14:01 - 2013-11-08 14:01 - 00000000 ____D C:\FRST
2013-11-08 14:00 - 2013-11-08 14:00 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST(1).exe
2013-11-08 13:46 - 2013-11-08 13:46 - 00000988 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-08 13:44 - 2011-12-09 17:25 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-08 13:43 - 2013-11-08 13:38 - 24278649 _____ C:\Users\BC\Downloads\vlc-2.1.0-win32.exe
2013-11-07 17:54 - 2013-11-07 17:54 - 00000000 ____D C:\Users\BC\AppData\Local\{3B375EDC-7B9F-4182-95FB-B5720A3E1B76}
2013-11-07 15:51 - 2013-11-07 15:51 - 00601088 _____ (OldTimer Tools) C:\Users\BC\Downloads\OTL.exe
2013-11-07 15:29 - 2013-11-07 15:29 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST.exe
2013-11-07 15:25 - 2013-11-07 15:25 - 00003621 _____ C:\Users\BC\Desktop\JRT.txt
2013-11-07 15:15 - 2013-11-07 15:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 15:14 - 2013-11-07 15:14 - 01034531 _____ (Thisisu) C:\Users\BC\Downloads\JRT.exe
2013-11-07 15:07 - 2013-11-07 15:03 - 00000000 ____D C:\AdwCleaner
2013-11-07 15:03 - 2013-11-07 15:02 - 01073262 _____ C:\Users\BC\Downloads\AdwCleaner.exe
2013-11-07 13:24 - 2013-11-07 13:24 - 02143832 _____ C:\Users\BC\Downloads\instsf449(1).exe
2013-11-07 13:24 - 2013-11-07 12:55 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-11-07 13:24 - 2013-11-07 12:55 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-11-07 13:23 - 2013-11-07 13:23 - 02143832 _____ C:\Users\BC\Downloads\instsf449.exe
2013-11-07 13:20 - 2013-11-07 13:20 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-11-07 12:55 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC
2013-11-05 12:15 - 2013-11-05 12:15 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\BC\Downloads\autoruns.exe
2013-11-02 15:14 - 2013-10-30 13:45 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-10-31 09:30 - 2013-10-30 13:56 - 00003734 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-10-30 15:06 - 2013-10-30 15:05 - 07752897 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst.exe
2013-10-30 15:01 - 2013-10-30 14:56 - 00000000 ____D C:\Program Files\FlashGet
2013-10-30 14:56 - 2013-10-30 14:56 - 00000000 ____D C:\Users\BC\AppData\Roaming\FlashGet
2013-10-30 14:55 - 2013-10-30 14:54 - 04653240 _____ C:\Users\BC\Downloads\flashget196en.exe
2013-10-30 14:48 - 2013-10-30 14:31 - 00000000 ____D C:\Program Files\GetGo Software
2013-10-30 14:34 - 2013-10-30 14:34 - 00000000 ____D C:\Users\BC\AppData\Roaming\GetGo Software
2013-10-30 14:27 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-30 14:27 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-30 14:27 - 2013-10-02 14:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-30 14:21 - 2013-10-30 14:21 - 00282784 _____ (Mozilla) C:\Users\BC\Downloads\Firefox Setup Stub 25.0.exe
2013-10-30 13:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2013-10-30 13:36 - 2013-10-16 13:26 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-10-30 13:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-10-25 12:40 - 2013-10-25 12:40 - 00000000 ____D C:\ProgramData\Free Download Manager
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-20 13:57 - 2011-12-13 20:25 - 00000000 ____D C:\VirusTrap1
2013-10-18 12:37 - 2013-10-18 12:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-17 14:02 - 2013-10-17 14:02 - 00235781 _____ C:\Users\BC\AppData\Local\census.cache
2013-10-17 14:02 - 2013-10-17 14:02 - 00103792 _____ C:\Users\BC\AppData\Local\ars.cache
2013-10-16 15:09 - 2013-10-16 15:09 - 00000036 _____ C:\Users\BC\AppData\Local\housecall.guid.cache
2013-10-16 13:52 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-16 13:23 - 2013-10-16 13:23 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2013-10-14 16:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-12 14:45 - 2011-12-09 16:04 - 00064768 _____ C:\Users\BC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-12 14:45 - 2009-07-13 23:33 - 00289520 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 14:12 - 2013-10-12 14:12 - 00000000 ____D C:\Users\Public\Documents\sun
2013-10-12 14:11 - 2013-09-02 15:30 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-10-12 14:10 - 2013-10-12 14:10 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-10-11 18:39 - 2011-08-09 00:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 14:41 - 2013-09-28 13:49 - 00000000 ____D C:\Users\BC\Downloads\Video
2013-10-11 12:31 - 2013-07-20 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 12:26 - 2011-12-16 19:04 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-06 12:15

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2013
Ran by BC at 2013-11-10 11:10:59
Running from C:\Users\BC\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer ePower Management (Version: 6.00.3007)
Acer eRecovery Management (Version: 5.00.3502)
Acer Registration (Version: 1.04.3502)
Acer ScreenSaver (Version: 1.1.0617.2011)
Acer Updater (Version: 1.02.3500)
Acer VCM (Version: 4.05.3501)
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
CCleaner (Version: 4.00)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
D3DX10 (Version: 15.4.2368.0902)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
iCall (Version: 7.1.524)
Identity Card (Version: 1.00.3501)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.4)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0 (x86 en-US) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
MSVCRT (Version: 15.4.2862.0708)
MyWinLocker 4 (Version: 4.0.14.25)
MyWinLocker Suite (Version: 4.0.14.15)
OpenOffice 4.0.1 (Version: 4.01.9714)
Ralink RT2870 Wireless LAN Card (Version: 1.5.6.0)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6307)
Realtek PCIE Card Reader (Version: 6.1.7600.78)
Search.us.com
SelectionLinks (Version: 1.0)
Shredder (Version: 2.0.8.9)
Skype™ 6.6 (Version: 6.6.106)
SpeedFan (remove only)
Synaptics Pointing Device Driver (Version: 15.1.18.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.0 (Version: 2.1.0)
Welcome Center (Version: 1.02.3503)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordWeb (Version: 6)

==================== Restore Points =========================

04-10-2013 15:19:21 Windows Update
10-10-2013 17:01:41 Windows Update
10-10-2013 19:36:59 Windows Update
11-10-2013 17:20:27 Windows Update
12-10-2013 19:07:20 Installed OpenOffice 4.0.1
15-10-2013 17:51:54 Windows Update
16-10-2013 18:19:34 Installed AVG 2014
16-10-2013 18:20:21 Installed AVG 2014
19-10-2013 20:42:32 Windows Update
30-10-2013 18:13:39 Restore Operation
30-10-2013 18:23:01 Removed AVG 2014
30-10-2013 18:27:17 Removed AVG 2014
30-10-2013 18:33:07 Restore Operation
30-10-2013 18:47:02 Windows Update
30-10-2013 18:54:12 Installed AVG 2014
07-11-2013 20:58:09 OTL Restore Point - 11/7/2013 3:58:05 PM
08-11-2013 17:58:08 OTL Restore Point - 11/8/2013 12:58:03 PM
10-11-2013 16:05:13 Removed AVG 2014
10-11-2013 16:09:06 Removed AVG 2014

==================== Hosts content: ==========================

2009-07-13 21:04 - 2013-03-25 12:17 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00B7BDB0-B402-40C1-A4CB-D569BBDC1A4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {3C61BF98-B1A3-445D-813B-4B8B80A5F2E7} - System32\Tasks\{2F8EB3EA-875C-4E36-8380-B9F8CF6B71B2} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {3FD60D5F-A872-4150-835E-A0B1D7A891A6} - System32\Tasks\{423C745D-CEB9-4720-834B-5910ADC6F8D5} => C:\Program Files\tinySpell\tinyspell.exe
Task: {4A0CE86E-3B42-4A6A-8F59-93EF2A9C3340} - System32\Tasks\{47C8FCC1-4B89-44C5-A945-3D30301AE89B} => Firefox.exe
Task: {56D88B04-85C7-4410-BAEB-912E432705C3} - System32\Tasks\Adobe ARM => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {5A72B58D-E12C-4F4A-9D4D-8663E26BFA5D} - System32\Tasks\SBWUpdateTask_Time_763c67f3-78929C5B48C6 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
Task: {6796B3FF-26F4-48BC-9426-B7851C5AEF66} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {6D211B15-D4FD-4A90-B5B5-D20A153FA3F8} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe
Task: {7BAA9F29-A535-41A3-ADCB-FD77A7459241} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {82A70256-A65B-45B0-A289-2F52D670FF40} - System32\Tasks\{6977321E-CE53-4746-8B61-77A4D12D0423} => Firefox.exe
Task: {85BA6CCF-53DC-4949-8B0E-77117BA9643A} - System32\Tasks\SBWUpdateTask_Logon_763c67f3-78929C5B48C6 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
Task: {8E432221-B688-49C4-8CCA-6611CFA9F602} - System32\Tasks\{16C26C30-E35C-44AE-AFED-771B87A2A222} => C:\Program Files\OpenOffice.org
Task: {92FB80DF-3D46-471B-A2A6-DC3D2FB09EF5} - System32\Tasks\{764A393D-633B-439A-9593-6364EADF016A} => C:\Program Files\Moyea\FLV Editor Lite\FlvEditorLite.exe
Task: {9B8F7347-CAB4-4C1B-82A3-2B0CF9EE341F} - System32\Tasks\{C978A38F-7358-4587-9AE2-A8C10C5E6928} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {A369E454-F732-460B-BE75-6CEBF9561A1D} - System32\Tasks\{7A078B64-317B-47E5-AEED-6DA886061D18} => Firefox.exe
Task: {B0E4A562-7DF8-4567-92AD-2FAE0D3847C9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {B2C2BB7E-05B6-47C1-AA76-7D8BBA82DA03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {BF1191DF-E40A-4353-8A34-12509231875E} - System32\Tasks\{53931810-DABF-4DC2-BE95-7026C980B2E5} => C:\Program Files\SPEEDbit Video Downloader\Converter.exe
Task: {D5E81E6D-48AE-44AC-9B70-500CE81575B1} - System32\Tasks\{A82B7F6C-83D4-4711-AAFD-454886EA6197} => C:\Program Files\iCall\iCall.exe [2012-06-18] ()
Task: {F20CEC57-E01D-465D-92D5-565DC7849943} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F417EE00-20DF-4F86-8D2B-967557058F93} - System32\Tasks\{3E9059AE-66C4-4070-B46D-2D805B2D2D4D} => C:\Program Files\tinySpell\tinyspell.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-07-04 16:32 - 2010-07-04 16:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 16:32 - 2010-07-04 16:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-03-28 16:51 - 2012-07-15 11:27 - 02216480 ____N () C:\Windows\wweb32.dll
2012-03-28 16:51 - 2012-07-15 11:25 - 00022800 ____N () C:\Program Files\WordWeb\WUCNT.dll
2011-12-21 17:40 - 2009-11-26 17:02 - 00918816 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:553CA6CA
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2013 10:44:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 10:02:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2013 05:47:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (11/08/2013 03:14:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/08/2013 03:14:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.


Microsoft Office Sessions:
=========================
Error: (11/10/2013 10:44:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 10:02:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2013 05:47:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/08/2013 03:14:21 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 1011.87 MB
Available physical RAM: 398.63 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 1304.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.63 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:180.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E2768EF3)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Somehow I missed the Zero Access warning in the FRST log.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If it reboots and you do not get a log then run Combofix a second time (don't forget to disable your anti-virus). If you get a warning about a registry key set to delete then just reboot and that should clear it. The log is usually down in c:\Combofix\combofix.txt if you don't get one after the second running.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
  • 0

#20
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Here's ComboFix. Sorry for the delay... no WiFi in the Third World yesterday!

ComboFix 13-11-12.01 - BC 11/13/2013 13:03:44.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.410 [GMT -5:00]
Running from: c:\users\BC\AppData\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-13 to 2013-11-13 )))))))))))))))))))))))))))))))
.
.
2013-11-13 18:22 . 2013-11-13 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-12 18:06 . 2013-11-13 18:05 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B07B6A2C-6AB3-4EE3-AF0E-F073B41D1871}\offreg.dll
2013-11-12 17:56 . 2013-11-13 17:42 -------- d-----w- c:\program files\Free Download Manager
2013-11-12 17:41 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B07B6A2C-6AB3-4EE3-AF0E-F073B41D1871}\mpengine.dll
2013-11-10 16:58 . 2013-11-10 16:58 -------- d-----w- c:\users\BC\AppData\Roaming\AVG2014
2013-11-10 16:55 . 2013-11-10 16:55 -------- d-----w- C:\$AVG
2013-11-10 16:54 . 2013-11-10 16:56 -------- d-----w- c:\users\BC\AppData\Local\Avg2014
2013-11-08 19:01 . 2013-11-08 19:01 -------- d-----w- C:\FRST
2013-11-07 20:15 . 2013-11-07 20:15 -------- d-----w- c:\windows\ERUNT
2013-11-07 20:03 . 2013-11-07 20:07 -------- d-----w- C:\AdwCleaner
2013-10-30 19:56 . 2013-10-30 19:56 -------- d-----w- c:\users\BC\AppData\Roaming\FlashGet
2013-10-30 19:56 . 2013-10-30 20:01 -------- d-----w- c:\program files\FlashGet
2013-10-30 19:34 . 2013-10-30 19:34 -------- d-----w- c:\users\BC\AppData\Roaming\GetGo Software
2013-10-30 19:31 . 2013-10-30 19:48 -------- d-----w- c:\program files\GetGo Software
2013-10-25 17:40 . 2013-10-25 17:40 -------- d-----w- c:\programdata\Free Download Manager
2013-10-24 18:00 . 2013-10-24 18:00 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-10-19 18:05 . 2013-09-04 01:15 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-19 18:05 . 2013-09-04 01:14 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-19 18:05 . 2013-09-04 01:14 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-19 18:05 . 2013-09-04 01:14 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-19 18:05 . 2013-09-04 01:14 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-19 18:05 . 2013-09-04 01:14 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-19 18:05 . 2013-09-04 01:14 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-18 17:37 . 2013-10-18 17:37 -------- d-----w- c:\programdata\Kaspersky Lab
2013-10-16 18:23 . 2013-10-16 18:23 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-16 18:21 . 2013-11-10 16:56 -------- d-----w- c:\programdata\AVG2014
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 18:34 . 2012-06-12 19:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 18:34 . 2011-08-09 05:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-26 01:57 . 2013-09-26 01:57 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-14 00:48 . 2013-10-10 17:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-11 03:11 . 2013-09-11 03:11 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 03:12 . 2013-09-09 03:12 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-08 02:07 . 2013-10-10 17:07 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-10 17:07 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-03 18:35 . 2013-03-16 19:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-09-02 15:39 . 2013-09-02 15:39 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 15:28 . 2013-09-02 15:28 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 15:28 . 2013-09-02 15:28 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28 . 2013-09-02 15:28 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:51 . 2013-10-10 17:06 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 17:06 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 17:06 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50 . 2013-10-10 17:06 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48 . 2013-10-10 17:06 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04 . 2013-10-10 17:06 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57 . 2013-10-10 17:06 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-21 03:54 . 2013-08-21 03:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2012-04-21 77064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-11 10025576]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 715368]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-08 4908592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-8-9 723560]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2011-12-21 1643808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Users^BC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
path=c:\users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall]
2012-06-18 22:31 4852416 ----a-w- c:\program files\iCall\iCall.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2013-10-04 3538480]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-11-26 827904]
R3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [2013-02-27 31640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [2013-02-27 772728]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-09-02 145720]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-09-02 223032]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-09 27448]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2013-09-26 120632]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-09-02 209208]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-11 22840]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-09-02 176952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-16 37664]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-09 21600]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-09 16936]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-09 62240]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2013-09-26 301152]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 739944]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 1755136]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-04 7435264]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-07 252520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-28 327784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 10.0.13.1 200.88.127.22
FF - ProfilePath - c:\users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\
FF - ExtSQL: 2013-11-12 12:56; [email protected]; c:\program files\Free Download Manager\Firefox\Extension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DownloadAccelerator - c:\program files\DAP\DAP.EXE
MSConfigStartUp-SPEEDbitVideoAccelerator - c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
AddRemove-sl-dlc - c:\program files\OApps\sl-dlc_uninstall.exe
AddRemove-SpeedFan - c:\program files\SpeedFan\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4820)
c:\program files\Acer\Acer ePower Management\SysHook.dll
.
Completion time: 2013-11-13 13:27:51
ComboFix-quarantined-files.txt 2013-11-13 18:27
.
Pre-Run: 186,491,002,880 bytes free
Post-Run: 186,165,268,480 bytes free
.
- - End Of File - - 6AED703F203BEF437C1D3C5145FE6278
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
When you finish, run FRST again and just do a Scan.
  • 0

#22
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Here is the TKSS log:

12:40:44.0011 5756 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:40:54.0665 5756 Perform update action was selected
12:40:54.0665 5836 Deinitialize success


12:48:42.0980 3704 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:48:44.0993 3704 ============================================================
12:48:44.0993 3704 Current date / time: 2013/11/14 12:48:44.0993
12:48:44.0993 3704 SystemInfo:
12:48:44.0993 3704
12:48:44.0993 3704 OS Version: 6.1.7601 ServicePack: 1.0
12:48:44.0993 3704 Product type: Workstation
12:48:44.0993 3704 ComputerName: CHINOOK
12:48:44.0993 3704 UserName: BC
12:48:44.0993 3704 Windows directory: C:\Windows
12:48:44.0993 3704 System windows directory: C:\Windows
12:48:44.0993 3704 Processor architecture: Intel x86
12:48:44.0993 3704 Number of processors: 4
12:48:44.0993 3704 Page size: 0x1000
12:48:44.0993 3704 Boot type: Normal boot
12:48:44.0993 3704 ============================================================
12:48:47.0847 3704 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:48:47.0925 3704 ============================================================
12:48:47.0925 3704 \Device\Harddisk0\DR0:
12:48:47.0925 3704 MBR partitions:
12:48:47.0925 3704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
12:48:47.0925 3704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x1B792800
12:48:47.0925 3704 ============================================================
12:48:47.0972 3704 C: <-> \Device\Harddisk0\DR0\Partition2
12:48:48.0019 3704 ============================================================
12:48:48.0019 3704 Initialize success
12:48:48.0019 3704 ============================================================
12:51:09.0666 5468 ============================================================
12:51:09.0666 5468 Scan started
12:51:09.0666 5468 Mode: Manual; SigCheck; TDLFS;
12:51:09.0666 5468 ============================================================
12:51:10.0742 5468 ================ Scan system memory ========================
12:51:10.0742 5468 System memory - ok
12:51:10.0742 5468 ================ Scan services =============================
12:51:11.0195 5468 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:51:11.0522 5468 1394ohci - ok
12:51:11.0600 5468 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:51:11.0663 5468 ACPI - ok
12:51:11.0709 5468 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:51:11.0834 5468 AcpiPmi - ok
12:51:11.0975 5468 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:51:12.0037 5468 AdobeARMservice - ok
12:51:12.0146 5468 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:51:12.0193 5468 AdobeFlashPlayerUpdateSvc - ok
12:51:12.0349 5468 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:51:12.0411 5468 adp94xx - ok
12:51:12.0489 5468 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:51:12.0536 5468 adpahci - ok
12:51:12.0599 5468 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:51:12.0661 5468 adpu320 - ok
12:51:12.0708 5468 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:51:12.0801 5468 AeLookupSvc - ok
12:51:12.0895 5468 [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD C:\Windows\system32\drivers\afd.sys
12:51:12.0989 5468 AFD - ok
12:51:13.0020 5468 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:51:13.0051 5468 agp440 - ok
12:51:13.0113 5468 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:51:13.0160 5468 aic78xx - ok
12:51:13.0207 5468 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:51:13.0269 5468 ALG - ok
12:51:13.0363 5468 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:51:13.0410 5468 aliide - ok
12:51:13.0441 5468 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:51:13.0472 5468 amdagp - ok
12:51:13.0503 5468 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:51:13.0535 5468 amdide - ok
12:51:13.0566 5468 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:51:13.0628 5468 AmdK8 - ok
12:51:13.0659 5468 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:51:13.0722 5468 AmdPPM - ok
12:51:13.0784 5468 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:51:13.0831 5468 amdsata - ok
12:51:13.0893 5468 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:51:13.0940 5468 amdsbs - ok
12:51:13.0956 5468 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:51:14.0003 5468 amdxata - ok
12:51:14.0065 5468 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:51:14.0143 5468 AppID - ok
12:51:14.0221 5468 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:51:14.0346 5468 AppIDSvc - ok
12:51:14.0393 5468 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
12:51:14.0486 5468 Appinfo - ok
12:51:14.0564 5468 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
12:51:14.0595 5468 arc - ok
12:51:14.0627 5468 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:51:14.0673 5468 arcsas - ok
12:51:14.0751 5468 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:51:15.0110 5468 AsyncMac - ok
12:51:15.0173 5468 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:51:15.0219 5468 atapi - ok
12:51:15.0266 5468 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:51:15.0344 5468 AudioEndpointBuilder - ok
12:51:15.0375 5468 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:51:15.0453 5468 Audiosrv - ok
12:51:15.0563 5468 [ 8A7DC10E81E73994AF8D8FB4E921BA20 ] Avgdiskx C:\Windows\system32\DRIVERS\avgdiskx.sys
12:51:15.0625 5468 Avgdiskx - ok
12:51:15.0843 5468 [ 332AEB8F6F9595C8886A7AA7A62322DC ] AVGIDSAgent C:\Program Files\AVG\AVG2014\avgidsagent.exe
12:51:16.0109 5468 AVGIDSAgent - ok
12:51:16.0249 5468 [ E2D441E3F58C04DD91286F38916CE102 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
12:51:16.0296 5468 AVGIDSDriver - ok
12:51:16.0358 5468 [ 7E7E946C5620BD398BFCFA41E435545B ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
12:51:16.0405 5468 AVGIDSHX - ok
12:51:16.0483 5468 [ C3828E5C49924969799ED8B1E123A267 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
12:51:16.0530 5468 AVGIDSShim - ok
12:51:16.0608 5468 [ A997D4A7361F4870A4F13BA5BF36F388 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
12:51:16.0655 5468 Avgldx86 - ok
12:51:16.0748 5468 [ 62C926243D7875BDE097904E4DE4FFAD ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
12:51:16.0795 5468 Avglogx - ok
12:51:16.0857 5468 [ 02C25C2974F728391E33A2E45A23FFA4 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
12:51:16.0904 5468 Avgmfx86 - ok
12:51:17.0013 5468 [ 9745AD34365318593909EDDEDAE66B9A ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
12:51:17.0060 5468 Avgrkx86 - ok
12:51:17.0076 5468 [ E98603F9D1F412F38ADF2F76053F9E5A ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
12:51:17.0123 5468 Avgtdix - ok
12:51:17.0216 5468 [ 15ACA2AD17ACECA4814F249783E63AD3 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
12:51:17.0263 5468 avgtp - ok
12:51:17.0544 5468 [ 07646F5F37F18F1F978CE3B0378EF1C9 ] avgwd C:\Program Files\AVG\AVG2014\avgwdsvc.exe
12:51:17.0591 5468 avgwd - ok
12:51:17.0731 5468 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:51:17.0825 5468 AxInstSV - ok
12:51:17.0903 5468 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
12:51:17.0996 5468 b06bdrv - ok
12:51:18.0090 5468 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:51:18.0152 5468 b57nd60x - ok
12:51:18.0230 5468 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:51:18.0339 5468 BDESVC - ok
12:51:18.0371 5468 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:51:18.0464 5468 Beep - ok
12:51:18.0527 5468 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:51:18.0636 5468 BFE - ok
12:51:18.0683 5468 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
12:51:18.0807 5468 BITS - ok
12:51:18.0839 5468 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:51:18.0917 5468 blbdrive - ok
12:51:18.0995 5468 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:51:19.0088 5468 bowser - ok
12:51:19.0119 5468 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:51:19.0213 5468 BrFiltLo - ok
12:51:19.0244 5468 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:51:19.0307 5468 BrFiltUp - ok
12:51:19.0385 5468 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:51:19.0494 5468 BridgeMP - ok
12:51:19.0525 5468 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:51:19.0619 5468 Browser - ok
12:51:19.0650 5468 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:51:19.0728 5468 Brserid - ok
12:51:19.0759 5468 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:51:19.0821 5468 BrSerWdm - ok
12:51:19.0837 5468 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:51:19.0899 5468 BrUsbMdm - ok
12:51:19.0931 5468 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:51:19.0993 5468 BrUsbSer - ok
12:51:20.0024 5468 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:51:20.0087 5468 BTHMODEM - ok
12:51:20.0165 5468 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:51:20.0243 5468 bthserv - ok
12:51:20.0508 5468 catchme - ok
12:51:20.0570 5468 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:51:20.0679 5468 cdfs - ok
12:51:20.0757 5468 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:51:20.0820 5468 cdrom - ok
12:51:20.0882 5468 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:51:20.0976 5468 CertPropSvc - ok
12:51:20.0991 5468 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
12:51:21.0054 5468 circlass - ok
12:51:21.0101 5468 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:51:21.0147 5468 CLFS - ok
12:51:21.0257 5468 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:51:21.0319 5468 clr_optimization_v2.0.50727_32 - ok
12:51:21.0428 5468 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:51:21.0506 5468 clr_optimization_v4.0.30319_32 - ok
12:51:21.0537 5468 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:51:21.0600 5468 CmBatt - ok
12:51:21.0631 5468 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:51:21.0662 5468 cmdide - ok
12:51:21.0709 5468 [ 85449EEBE8F8EBD6481EFBF0F352B4EB ] CNG C:\Windows\system32\Drivers\cng.sys
12:51:21.0834 5468 CNG - ok
12:51:21.0912 5468 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:51:21.0959 5468 Compbatt - ok
12:51:22.0052 5468 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:51:22.0161 5468 CompositeBus - ok
12:51:22.0193 5468 COMSysApp - ok
12:51:22.0239 5468 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:51:22.0271 5468 crcdisk - ok
12:51:22.0317 5468 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:51:22.0442 5468 CryptSvc - ok
12:51:22.0505 5468 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:51:22.0614 5468 DcomLaunch - ok
12:51:22.0676 5468 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:51:22.0785 5468 defragsvc - ok
12:51:22.0848 5468 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:51:22.0941 5468 DfsC - ok
12:51:23.0019 5468 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:51:23.0129 5468 Dhcp - ok
12:51:23.0160 5468 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:51:23.0253 5468 discache - ok
12:51:23.0316 5468 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
12:51:23.0363 5468 Disk - ok
12:51:23.0394 5468 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:51:23.0472 5468 Dnscache - ok
12:51:23.0503 5468 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:51:23.0597 5468 dot3svc - ok
12:51:23.0628 5468 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:51:23.0721 5468 DPS - ok
12:51:23.0784 5468 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:51:23.0862 5468 drmkaud - ok
12:51:24.0033 5468 [ 4AB2A58816CC6BE771F1D8C768B804C5 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
12:51:24.0080 5468 DsiWMIService - ok
12:51:24.0143 5468 [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:51:24.0221 5468 DXGKrnl - ok
12:51:24.0252 5468 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:51:24.0345 5468 EapHost - ok
12:51:24.0517 5468 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
12:51:24.0735 5468 ebdrv - ok
12:51:24.0782 5468 [ 803B370865D907EA21DC0C2B6A8936B5 ] EFS C:\Windows\System32\lsass.exe
12:51:24.0876 5468 EFS - ok
12:51:24.0969 5468 [ 18DD872DD46ACB24E106DC2C9C270466 ] EgisTec Ticket Service C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
12:51:25.0016 5468 EgisTec Ticket Service - ok
12:51:25.0110 5468 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:51:25.0172 5468 elxstor - ok
12:51:25.0235 5468 [ 7240A2ABC6C2F982A6D7BE2BB5EB8D78 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
12:51:25.0328 5468 ePowerSvc - ok
12:51:25.0359 5468 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:51:25.0422 5468 ErrDev - ok
12:51:25.0515 5468 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:51:25.0609 5468 EventSystem - ok
12:51:25.0640 5468 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:51:25.0734 5468 exfat - ok
12:51:25.0765 5468 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:51:25.0859 5468 fastfat - ok
12:51:25.0937 5468 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:51:26.0046 5468 Fax - ok
12:51:26.0077 5468 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
12:51:26.0124 5468 fdc - ok
12:51:26.0155 5468 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:51:26.0264 5468 fdPHost - ok
12:51:26.0295 5468 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:51:26.0389 5468 FDResPub - ok
12:51:26.0420 5468 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:51:26.0467 5468 FileInfo - ok
12:51:26.0483 5468 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:51:26.0576 5468 Filetrace - ok
12:51:26.0607 5468 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:51:26.0685 5468 flpydisk - ok
12:51:26.0748 5468 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:51:26.0795 5468 FltMgr - ok
12:51:26.0888 5468 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
12:51:27.0029 5468 FontCache - ok
12:51:27.0107 5468 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:51:27.0138 5468 FontCache3.0.0.0 - ok
12:51:27.0169 5468 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:51:27.0216 5468 FsDepends - ok
12:51:27.0278 5468 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:51:27.0325 5468 Fs_Rec - ok
12:51:27.0403 5468 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:51:27.0465 5468 fvevol - ok
12:51:27.0528 5468 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:51:27.0575 5468 gagp30kx - ok
12:51:27.0699 5468 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
12:51:27.0731 5468 giveio ( UnsignedFile.Multi.Generic ) - warning
12:51:27.0731 5468 giveio - detected UnsignedFile.Multi.Generic (1)
12:51:27.0777 5468 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:51:27.0902 5468 gpsvc - ok
12:51:27.0996 5468 [ 84E58FEA8B1A7537696A20C59CB9B0C9 ] GREGService C:\Program Files\Acer\Registration\GREGsvc.exe
12:51:28.0011 5468 GREGService ( UnsignedFile.Multi.Generic ) - warning
12:51:28.0011 5468 GREGService - detected UnsignedFile.Multi.Generic (1)
12:51:28.0043 5468 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:51:28.0136 5468 hcw85cir - ok
12:51:28.0199 5468 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:51:28.0261 5468 HdAudAddService - ok
12:51:28.0292 5468 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:51:28.0355 5468 HDAudBus - ok
12:51:28.0386 5468 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:51:28.0448 5468 HidBatt - ok
12:51:28.0479 5468 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:51:28.0557 5468 HidBth - ok
12:51:28.0604 5468 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:51:28.0667 5468 HidIr - ok
12:51:28.0698 5468 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
12:51:28.0807 5468 hidserv - ok
12:51:28.0838 5468 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
12:51:28.0963 5468 HidUsb - ok
12:51:28.0979 5468 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:51:29.0088 5468 hkmsvc - ok
12:51:29.0119 5468 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:51:29.0228 5468 HomeGroupListener - ok
12:51:29.0275 5468 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:51:29.0384 5468 HomeGroupProvider - ok
12:51:29.0462 5468 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:51:29.0493 5468 HpSAMD - ok
12:51:29.0618 5468 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:51:29.0743 5468 HTTP - ok
12:51:29.0774 5468 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:51:29.0821 5468 hwpolicy - ok
12:51:29.0883 5468 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:51:29.0961 5468 i8042prt - ok
12:51:30.0071 5468 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\Windows\system32\drivers\iaStor.sys
12:51:30.0133 5468 iaStor - ok
12:51:30.0227 5468 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:51:30.0258 5468 IAStorDataMgrSvc - ok
12:51:30.0320 5468 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:51:30.0383 5468 iaStorV - ok
12:51:30.0476 5468 [ 0DFFBA5AE3D2E1C076BD8E6F52C4FDFB ] IconMan_R C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
12:51:30.0617 5468 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
12:51:30.0617 5468 IconMan_R - detected UnsignedFile.Multi.Generic (1)
12:51:30.0851 5468 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:51:30.0944 5468 idsvc - ok
12:51:31.0147 5468 [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:51:31.0428 5468 igfx - ok
12:51:31.0490 5468 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:51:31.0537 5468 iirsp - ok
12:51:31.0646 5468 [ B9C54120F46392100478F58F374E5709 ] IKEEXT C:\Windows\System32\ikeext.dll
12:51:31.0755 5468 IKEEXT - ok
12:51:31.0943 5468 [ FEAAE1C549D14B9759B88C569F33CD4E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:51:32.0208 5468 IntcAzAudAddService - ok
12:51:32.0255 5468 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:51:32.0286 5468 intelide - ok
12:51:32.0364 5468 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:51:32.0442 5468 intelppm - ok
12:51:32.0473 5468 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:51:32.0567 5468 IPBusEnum - ok
12:51:32.0582 5468 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:51:32.0707 5468 IpFilterDriver - ok
12:51:32.0785 5468 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:51:32.0879 5468 iphlpsvc - ok
12:51:32.0925 5468 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:51:32.0972 5468 IPMIDRV - ok
12:51:32.0988 5468 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:51:33.0081 5468 IPNAT - ok
12:51:33.0128 5468 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:51:33.0206 5468 IRENUM - ok
12:51:33.0237 5468 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:51:33.0284 5468 isapnp - ok
12:51:33.0331 5468 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:51:33.0378 5468 iScsiPrt - ok
12:51:33.0440 5468 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:51:33.0471 5468 kbdclass - ok
12:51:33.0503 5468 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:51:33.0565 5468 kbdhid - ok
12:51:33.0596 5468 [ 803B370865D907EA21DC0C2B6A8936B5 ] KeyIso C:\Windows\system32\lsass.exe
12:51:33.0643 5468 KeyIso - ok
12:51:33.0674 5468 [ F286830298323272260332D6ABC905C1 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:51:33.0721 5468 KSecDD - ok
12:51:33.0768 5468 [ D7C760D57B1656DD748B9E4AB6CB5A51 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:51:33.0815 5468 KSecPkg - ok
12:51:33.0861 5468 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:51:33.0971 5468 KtmRm - ok
12:51:34.0049 5468 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
12:51:34.0158 5468 LanmanServer - ok
12:51:34.0220 5468 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:51:34.0314 5468 LanmanWorkstation - ok
12:51:34.0439 5468 [ 93B73DED2BC688F140C6AE2FBAD45789 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:51:34.0470 5468 Live Updater Service - ok
12:51:34.0532 5468 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:51:34.0641 5468 lltdio - ok
12:51:34.0688 5468 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:51:34.0797 5468 lltdsvc - ok
12:51:34.0829 5468 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:51:34.0922 5468 lmhosts - ok
12:51:35.0000 5468 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:51:35.0047 5468 LSI_FC - ok
12:51:35.0109 5468 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:51:35.0156 5468 LSI_SAS - ok
12:51:35.0172 5468 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:51:35.0219 5468 LSI_SAS2 - ok
12:51:35.0250 5468 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:51:35.0297 5468 LSI_SCSI - ok
12:51:35.0390 5468 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:51:35.0499 5468 luafv - ok
12:51:35.0531 5468 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
12:51:35.0562 5468 megasas - ok
12:51:35.0593 5468 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:51:35.0640 5468 MegaSR - ok
12:51:35.0687 5468 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:51:35.0780 5468 MMCSS - ok
12:51:35.0811 5468 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:51:35.0905 5468 Modem - ok
12:51:35.0936 5468 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:51:35.0999 5468 monitor - ok
12:51:36.0061 5468 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:51:36.0108 5468 mouclass - ok
12:51:36.0155 5468 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:51:36.0233 5468 mouhid - ok
12:51:36.0248 5468 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:51:36.0295 5468 mountmgr - ok
12:51:36.0342 5468 [ 5D494509432897338AFC19DB78A76DCB ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:51:36.0389 5468 MozillaMaintenance - ok
12:51:36.0420 5468 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:51:36.0467 5468 mpio - ok
12:51:36.0498 5468 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:51:36.0607 5468 mpsdrv - ok
12:51:36.0654 5468 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:51:36.0794 5468 MpsSvc - ok
12:51:36.0825 5468 [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:51:36.0919 5468 MRxDAV - ok
12:51:36.0997 5468 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:51:37.0122 5468 mrxsmb - ok
12:51:37.0169 5468 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:51:37.0231 5468 mrxsmb10 - ok
12:51:37.0262 5468 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:51:37.0325 5468 mrxsmb20 - ok
12:51:37.0356 5468 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:51:37.0387 5468 msahci - ok
12:51:37.0434 5468 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:51:37.0465 5468 msdsm - ok
12:51:37.0496 5468 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:51:37.0574 5468 MSDTC - ok
12:51:37.0605 5468 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:51:37.0699 5468 Msfs - ok
12:51:37.0730 5468 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:51:37.0824 5468 mshidkmdf - ok
12:51:37.0855 5468 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:51:37.0902 5468 msisadrv - ok
12:51:37.0964 5468 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:51:38.0073 5468 MSiSCSI - ok
12:51:38.0089 5468 msiserver - ok
12:51:38.0136 5468 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:51:38.0229 5468 MSKSSRV - ok
12:51:38.0292 5468 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:51:38.0385 5468 MSPCLOCK - ok
12:51:38.0417 5468 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:51:38.0510 5468 MSPQM - ok
12:51:38.0526 5468 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:51:38.0573 5468 MsRPC - ok
12:51:38.0604 5468 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:51:38.0651 5468 mssmbios - ok
12:51:38.0682 5468 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:51:38.0775 5468 MSTEE - ok
12:51:38.0807 5468 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:51:38.0869 5468 MTConfig - ok
12:51:38.0900 5468 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:51:38.0963 5468 Mup - ok
12:51:39.0009 5468 [ 383379F94280E5CCE2C563711FD17F43 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:51:39.0056 5468 mwlPSDFilter - ok
12:51:39.0072 5468 [ 9DDF22CFFACFE91FB60336276A2F2524 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:51:39.0119 5468 mwlPSDNServ - ok
12:51:39.0119 5468 [ 755B8CEFEC291F42CDC560A68CDDE6EF ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:51:39.0165 5468 mwlPSDVDisk - ok
12:51:39.0197 5468 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:51:39.0306 5468 napagent - ok
12:51:39.0368 5468 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:51:39.0431 5468 NativeWifiP - ok
12:51:39.0509 5468 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:51:39.0587 5468 NDIS - ok
12:51:39.0649 5468 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:51:39.0743 5468 NdisCap - ok
12:51:39.0789 5468 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:51:39.0883 5468 NdisTapi - ok
12:51:39.0930 5468 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:51:40.0023 5468 Ndisuio - ok
12:51:40.0055 5468 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:51:40.0164 5468 NdisWan - ok
12:51:40.0195 5468 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:51:40.0289 5468 NDProxy - ok
12:51:40.0367 5468 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:51:40.0476 5468 NetBIOS - ok
12:51:40.0491 5468 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:51:40.0585 5468 NetBT - ok
12:51:40.0616 5468 [ 803B370865D907EA21DC0C2B6A8936B5 ] Netlogon C:\Windows\system32\lsass.exe
12:51:40.0663 5468 Netlogon - ok
12:51:40.0788 5468 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:51:40.0881 5468 Netman - ok
12:51:40.0913 5468 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:51:41.0037 5468 netprofm - ok
12:51:41.0131 5468 [ B74A4304325C2D470D10D3F76BBE883A ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
12:51:41.0271 5468 netr28u - ok
12:51:41.0318 5468 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:51:41.0349 5468 NetTcpPortSharing - ok
12:51:41.0677 5468 [ 5C531E96643A74CE8BD9AB16B6C7EAD7 ] NETwNs32 C:\Windows\system32\DRIVERS\NETwNs32.sys
12:51:42.0083 5468 NETwNs32 - ok
12:51:42.0161 5468 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:51:42.0192 5468 nfrd960 - ok
12:51:42.0239 5468 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:51:42.0317 5468 NlaSvc - ok
12:51:42.0363 5468 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:51:42.0441 5468 Npfs - ok
12:51:42.0488 5468 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:51:42.0582 5468 nsi - ok
12:51:42.0613 5468 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:51:42.0691 5468 nsiproxy - ok
12:51:42.0769 5468 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:51:42.0894 5468 Ntfs - ok
12:51:42.0941 5468 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:51:43.0034 5468 Null - ok
12:51:43.0081 5468 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:51:43.0128 5468 nvraid - ok
12:51:43.0190 5468 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:51:43.0253 5468 nvstor - ok
12:51:43.0268 5468 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:51:43.0315 5468 nv_agp - ok
12:51:43.0377 5468 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:51:43.0440 5468 ohci1394 - ok
12:51:43.0487 5468 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:51:43.0580 5468 p2pimsvc - ok
12:51:43.0596 5468 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:51:43.0658 5468 p2psvc - ok
12:51:43.0689 5468 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
12:51:43.0736 5468 Parport - ok
12:51:43.0783 5468 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:51:43.0845 5468 partmgr - ok
12:51:43.0877 5468 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:51:43.0923 5468 Parvdm - ok
12:51:43.0955 5468 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:51:44.0017 5468 PcaSvc - ok
12:51:44.0048 5468 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:51:44.0111 5468 pci - ok
12:51:44.0142 5468 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:51:44.0189 5468 pciide - ok
12:51:44.0220 5468 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:51:44.0267 5468 pcmcia - ok
12:51:44.0282 5468 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:51:44.0329 5468 pcw - ok
12:51:44.0407 5468 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:51:44.0516 5468 PEAUTH - ok
12:51:44.0610 5468 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:51:44.0797 5468 pla - ok
12:51:44.0891 5468 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:51:44.0984 5468 PlugPlay - ok
12:51:45.0015 5468 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:51:45.0078 5468 PNRPAutoReg - ok
12:51:45.0109 5468 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:51:45.0171 5468 PNRPsvc - ok
12:51:45.0218 5468 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:51:45.0327 5468 PolicyAgent - ok
12:51:45.0374 5468 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:51:45.0483 5468 Power - ok
12:51:45.0546 5468 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:51:45.0639 5468 PptpMiniport - ok
12:51:45.0671 5468 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
12:51:45.0717 5468 Processor - ok
12:51:45.0764 5468 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:51:45.0842 5468 ProfSvc - ok
12:51:45.0873 5468 [ 803B370865D907EA21DC0C2B6A8936B5 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:51:45.0936 5468 ProtectedStorage - ok
12:51:46.0029 5468 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:51:46.0123 5468 Psched - ok
12:51:46.0217 5468 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:51:46.0341 5468 ql2300 - ok
12:51:46.0373 5468 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:51:46.0419 5468 ql40xx - ok
12:51:46.0466 5468 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:51:46.0529 5468 QWAVE - ok
12:51:46.0560 5468 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:51:46.0638 5468 QWAVEdrv - ok
12:51:46.0716 5468 [ 583608EE65AABF971117A61AEE4BCAAE ] RalinkRegistryWriter C:\Program Files\Ralink\Common\RaRegistry.exe
12:51:46.0778 5468 RalinkRegistryWriter - ok
12:51:46.0809 5468 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:51:46.0919 5468 RasAcd - ok
12:51:46.0981 5468 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:51:47.0075 5468 RasAgileVpn - ok
12:51:47.0106 5468 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:51:47.0215 5468 RasAuto - ok
12:51:47.0309 5468 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:51:47.0433 5468 Rasl2tp - ok
12:51:47.0480 5468 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:51:47.0589 5468 RasMan - ok
12:51:47.0605 5468 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:51:47.0683 5468 RasPppoe - ok
12:51:47.0730 5468 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:51:47.0839 5468 RasSstp - ok
12:51:47.0870 5468 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:51:47.0964 5468 rdbss - ok
12:51:47.0995 5468 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:51:48.0042 5468 rdpbus - ok
12:51:48.0073 5468 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:51:48.0182 5468 RDPCDD - ok
12:51:48.0245 5468 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:51:48.0338 5468 RDPENCDD - ok
12:51:48.0385 5468 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:51:48.0494 5468 RDPREFMP - ok
12:51:48.0525 5468 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:51:48.0603 5468 RDPWD - ok
12:51:48.0666 5468 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:51:48.0728 5468 rdyboost - ok
12:51:48.0759 5468 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:51:48.0869 5468 RemoteAccess - ok
12:51:48.0900 5468 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:51:49.0009 5468 RemoteRegistry - ok
12:51:49.0025 5468 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:51:49.0118 5468 RpcEptMapper - ok
12:51:49.0165 5468 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:51:49.0259 5468 RpcLocator - ok
12:51:49.0290 5468 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
12:51:49.0383 5468 RpcSs - ok
12:51:49.0477 5468 [ 5AFF9074165F855B790D3A576B6B453B ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
12:51:49.0524 5468 RSPCIESTOR - ok
12:51:49.0664 5468 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:51:49.0773 5468 rspndr - ok
12:51:49.0867 5468 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
12:51:49.0914 5468 RS_Service - ok
12:51:49.0992 5468 [ F83FEAF4C5A3A559A6CC98E112B62744 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
12:51:50.0054 5468 RTL8167 - ok
12:51:50.0085 5468 [ 803B370865D907EA21DC0C2B6A8936B5 ] SamSs C:\Windows\system32\lsass.exe
12:51:50.0148 5468 SamSs - ok
12:51:50.0210 5468 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:51:50.0273 5468 sbp2port - ok
12:51:50.0335 5468 SBUpd - ok
12:51:50.0397 5468 [ BC0CA42A1BE03D18246F8AB74FC126B3 ] SBUpdd C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys
12:51:50.0444 5468 SBUpdd - ok
12:51:50.0491 5468 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:51:50.0600 5468 SCardSvr - ok
12:51:50.0647 5468 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:51:50.0741 5468 scfilter - ok
12:51:50.0912 5468 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:51:51.0021 5468 Schedule - ok
12:51:51.0053 5468 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:51:51.0146 5468 SCPolicySvc - ok
12:51:51.0162 5468 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:51:51.0240 5468 SDRSVC - ok
12:51:51.0318 5468 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:51:51.0427 5468 secdrv - ok
12:51:51.0458 5468 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:51:51.0567 5468 seclogon - ok
12:51:51.0614 5468 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
12:51:51.0692 5468 SENS - ok
12:51:51.0723 5468 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:51:51.0770 5468 Serenum - ok
12:51:51.0817 5468 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
12:51:51.0911 5468 Serial - ok
12:51:51.0973 5468 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:51:52.0035 5468 sermouse - ok
12:51:52.0082 5468 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:51:52.0207 5468 SessionEnv - ok
12:51:52.0238 5468 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:51:52.0301 5468 sffdisk - ok
12:51:52.0332 5468 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:51:52.0394 5468 sffp_mmc - ok
12:51:52.0410 5468 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:51:52.0472 5468 sffp_sd - ok
12:51:52.0503 5468 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:51:52.0566 5468 sfloppy - ok
12:51:52.0628 5468 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:51:52.0737 5468 SharedAccess - ok
12:51:52.0784 5468 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:51:52.0878 5468 ShellHWDetection - ok
12:51:52.0925 5468 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:51:52.0971 5468 sisagp - ok
12:51:53.0034 5468 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:51:53.0081 5468 SiSRaid2 - ok
12:51:53.0112 5468 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:51:53.0174 5468 SiSRaid4 - ok
12:51:53.0408 5468 [ F2B755D3835089590E8113F48AA931F7 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:51:53.0455 5468 SkypeUpdate - ok
12:51:53.0502 5468 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:51:53.0611 5468 Smb - ok
12:51:53.0689 5468 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:51:53.0736 5468 SNMPTRAP - ok
12:51:53.0829 5468 [ DC8D2952FB6FFBAEC67BD1B93A34DF11 ] speedfan C:\Windows\system32\speedfan.sys
12:51:53.0876 5468 speedfan - ok
12:51:53.0907 5468 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:51:53.0954 5468 spldr - ok
12:51:54.0017 5468 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:51:54.0095 5468 Spooler - ok
12:51:54.0204 5468 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:51:54.0391 5468 sppsvc - ok
12:51:54.0422 5468 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:51:54.0531 5468 sppuinotify - ok
12:51:54.0563 5468 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:51:54.0641 5468 srv - ok
12:51:54.0656 5468 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:51:54.0734 5468 srv2 - ok
12:51:54.0765 5468 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:51:54.0828 5468 srvnet - ok
12:51:54.0875 5468 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:51:54.0984 5468 SSDPSRV - ok
12:51:55.0015 5468 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:51:55.0124 5468 SstpSvc - ok
12:51:55.0155 5468 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:51:55.0202 5468 stexstor - ok
12:51:55.0296 5468 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:51:55.0389 5468 StiSvc - ok
12:51:55.0421 5468 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:51:55.0467 5468 swenum - ok
12:51:55.0545 5468 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:51:55.0655 5468 swprv - ok
12:51:55.0857 5468 [ 31B6B2D25FCFF1B71AE225000D656CD0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:51:55.0967 5468 SynTP - ok
12:51:56.0029 5468 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:51:56.0154 5468 SysMain - ok
12:51:56.0185 5468 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:51:56.0247 5468 TabletInputService - ok
12:51:56.0279 5468 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:51:56.0388 5468 TapiSrv - ok
12:51:56.0403 5468 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:51:56.0497 5468 TBS - ok
12:51:56.0606 5468 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:51:56.0731 5468 Tcpip - ok
12:51:56.0762 5468 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:51:56.0871 5468 TCPIP6 - ok
12:51:56.0934 5468 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:51:57.0012 5468 tcpipreg - ok
12:51:57.0059 5468 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:51:57.0168 5468 TDPIPE - ok
12:51:57.0215 5468 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:51:57.0261 5468 TDTCP - ok
12:51:57.0293 5468 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:51:57.0386 5468 tdx - ok
12:51:57.0417 5468 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:51:57.0464 5468 TermDD - ok
12:51:57.0527 5468 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:51:57.0651 5468 TermService - ok
12:51:57.0667 5468 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:51:57.0745 5468 Themes - ok
12:51:57.0761 5468 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:51:57.0854 5468 THREADORDER - ok
12:51:57.0870 5468 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:51:57.0979 5468 TrkWks - ok
12:51:58.0104 5468 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:51:58.0182 5468 TrustedInstaller - ok
12:51:58.0229 5468 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:51:58.0322 5468 tssecsrv - ok
12:51:58.0369 5468 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:51:58.0478 5468 TsUsbFlt - ok
12:51:58.0509 5468 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:51:58.0587 5468 TsUsbGD - ok
12:51:58.0681 5468 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:51:58.0775 5468 tunnel - ok
12:51:58.0806 5468 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:51:58.0853 5468 uagp35 - ok
12:51:58.0884 5468 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:51:58.0993 5468 udfs - ok
12:51:59.0040 5468 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:51:59.0102 5468 UI0Detect - ok
12:51:59.0165 5468 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:51:59.0211 5468 uliagpkx - ok
12:51:59.0274 5468 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:51:59.0321 5468 umbus - ok
12:51:59.0352 5468 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
12:51:59.0414 5468 UmPass - ok
12:51:59.0445 5468 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:51:59.0570 5468 upnphost - ok
12:51:59.0617 5468 [ 71D97F1A3CC47A56728F7A400A3F8295 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:51:59.0695 5468 usbccgp - ok
12:51:59.0773 5468 [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:51:59.0835 5468 usbcir - ok
12:51:59.0867 5468 [ C4FB8E7ADEA9B5CEEA885A1B504B7E40 ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:51:59.0929 5468 usbehci - ok
12:51:59.0960 5468 [ 86AA95ACB611001E26CD2C0145F2225A ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:52:00.0023 5468 usbhub - ok
12:52:00.0054 5468 [ DCDF9855145A14DFCA0AB32308871961 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:52:00.0116 5468 usbohci - ok
12:52:00.0147 5468 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:52:00.0225 5468 usbprint - ok
12:52:00.0241 5468 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:52:00.0335 5468 USBSTOR - ok
12:52:00.0366 5468 [ 8E51D04175BAA14C4F79AA5F6D248770 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:52:00.0444 5468 usbuhci - ok
12:52:00.0522 5468 [ DE014425522610BEDCA3821BB8C0F1D5 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:52:00.0584 5468 usbvideo - ok
12:52:00.0631 5468 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:52:00.0725 5468 UxSms - ok
12:52:00.0756 5468 [ 803B370865D907EA21DC0C2B6A8936B5 ] VaultSvc C:\Windows\system32\lsass.exe
12:52:00.0803 5468 VaultSvc - ok
12:52:00.0865 5468 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:52:00.0912 5468 vdrvroot - ok
12:52:00.0943 5468 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:52:01.0068 5468 vds - ok
12:52:01.0099 5468 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:52:01.0177 5468 vga - ok
12:52:01.0193 5468 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:52:01.0286 5468 VgaSave - ok
12:52:01.0317 5468 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:52:01.0380 5468 vhdmp - ok
12:52:01.0427 5468 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:52:01.0473 5468 viaagp - ok
12:52:01.0505 5468 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:52:01.0567 5468 ViaC7 - ok
12:52:01.0598 5468 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:52:01.0661 5468 viaide - ok
12:52:01.0676 5468 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:52:01.0739 5468 volmgr - ok
12:52:01.0754 5468 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:52:01.0801 5468 volmgrx - ok
12:52:01.0832 5468 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:52:01.0895 5468 volsnap - ok
12:52:01.0926 5468 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:52:01.0973 5468 vsmraid - ok
12:52:02.0051 5468 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:52:02.0207 5468 VSS - ok
12:52:02.0222 5468 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:52:02.0300 5468 vwifibus - ok
12:52:02.0316 5468 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:52:02.0378 5468 vwififlt - ok
12:52:02.0441 5468 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:52:02.0519 5468 vwifimp - ok
12:52:02.0534 5468 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:52:02.0659 5468 W32Time - ok
12:52:02.0690 5468 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:52:02.0737 5468 WacomPen - ok
12:52:02.0799 5468 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:52:02.0877 5468 WANARP - ok
12:52:02.0893 5468 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:52:02.0971 5468 Wanarpv6 - ok
12:52:03.0018 5468 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:52:03.0158 5468 wbengine - ok
12:52:03.0189 5468 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:52:03.0267 5468 WbioSrvc - ok
12:52:03.0299 5468 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:52:03.0377 5468 wcncsvc - ok
12:52:03.0408 5468 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:52:03.0501 5468 WcsPlugInService - ok
12:52:03.0564 5468 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
12:52:03.0611 5468 Wd - ok
12:52:03.0689 5468 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:52:03.0751 5468 Wdf01000 - ok
12:52:03.0782 5468 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:52:03.0891 5468 WdiServiceHost - ok
12:52:03.0907 5468 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:52:03.0969 5468 WdiSystemHost - ok
12:52:04.0001 5468 [ 75E8EBD7040CE238684333F97014762A ] WebClient C:\Windows\System32\webclnt.dll
12:52:04.0079 5468 WebClient - ok
12:52:04.0110 5468 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:52:04.0219 5468 Wecsvc - ok
12:52:04.0235 5468 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:52:04.0344 5468 wercplsupport - ok
12:52:04.0406 5468 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:52:04.0515 5468 WerSvc - ok
12:52:04.0578 5468 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:52:04.0656 5468 WfpLwf - ok
12:52:04.0703 5468 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:52:04.0749 5468 WIMMount - ok
12:52:04.0827 5468 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:52:04.0952 5468 WinDefend - ok
12:52:04.0983 5468 WinHttpAutoProxySvc - ok
12:52:05.0077 5468 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:52:05.0171 5468 Winmgmt - ok
12:52:05.0249 5468 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:52:05.0420 5468 WinRM - ok
12:52:05.0545 5468 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:52:05.0607 5468 WinUsb - ok
12:52:05.0670 5468 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:52:05.0795 5468 Wlansvc - ok
12:52:05.0857 5468 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:52:05.0904 5468 wlcrasvc - ok
12:52:06.0013 5468 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:52:06.0169 5468 wlidsvc - ok
12:52:06.0216 5468 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:52:06.0278 5468 WmiAcpi - ok
12:52:06.0325 5468 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:52:06.0403 5468 wmiApSrv - ok
12:52:06.0481 5468 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:52:06.0637 5468 WMPNetworkSvc - ok
12:52:06.0668 5468 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:52:06.0762 5468 WPCSvc - ok
12:52:06.0793 5468 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:52:06.0933 5468 WPDBusEnum - ok
12:52:06.0965 5468 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:52:07.0058 5468 ws2ifsl - ok
12:52:07.0121 5468 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
12:52:07.0199 5468 wscsvc - ok
12:52:07.0214 5468 WSearch - ok
12:52:07.0308 5468 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:52:07.0479 5468 wuauserv - ok
12:52:07.0526 5468 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:52:07.0589 5468 WudfPf - ok
12:52:07.0651 5468 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:52:07.0713 5468 WUDFRd - ok
12:52:07.0776 5468 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:52:07.0838 5468 wudfsvc - ok
12:52:07.0869 5468 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:52:07.0947 5468 WwanSvc - ok
12:52:07.0994 5468 ================ Scan global ===============================
12:52:08.0057 5468 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:52:08.0103 5468 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
12:52:08.0135 5468 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
12:52:08.0181 5468 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:52:08.0244 5468 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:52:08.0259 5468 [Global] - ok
12:52:08.0259 5468 ================ Scan MBR ==================================
12:52:08.0275 5468 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:52:08.0883 5468 \Device\Harddisk0\DR0 - ok
12:52:08.0883 5468 ================ Scan VBR ==================================
12:52:08.0899 5468 [ 225FC73C4A1394479247A9492B366FEC ] \Device\Harddisk0\DR0\Partition1
12:52:08.0899 5468 \Device\Harddisk0\DR0\Partition1 - ok
12:52:08.0930 5468 [ 7EB49AFDB44254535FFE524E60C1EB10 ] \Device\Harddisk0\DR0\Partition2
12:52:08.0946 5468 \Device\Harddisk0\DR0\Partition2 - ok
12:52:08.0946 5468 ============================================================
12:52:08.0946 5468 Scan finished
12:52:08.0946 5468 ============================================================
12:52:08.0977 5524 Detected object count: 3
12:52:08.0977 5524 Actual detected object count: 3
12:53:09.0692 5524 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:09.0692 5524 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:53:09.0692 5524 GREGService ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:09.0692 5524 GREGService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:53:09.0692 5524 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
12:53:09.0692 5524 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:54:47.0052 0980 Deinitialize success
  • 0

#23
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
And finally, the MBAM scan. Did you want me to do anything further with FRST? Thank you... Bry


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.14.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
BC :: CHINOOK [administrator]

Protection: Enabled

11/14/2013 1:23:15 PM
mbam-log-2013-11-14 (13-23-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194985
Time elapsed: 18 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\BC\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.

(end)
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
run FRST again and just do a Scan.
  • 0

#25
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Thanks... I'll do that tomorrow. Not sure what's going on but lost both Explorer and Firefox after doing the last scans. Had to go to System Restore to get back on the internet. Don't know how that has affected the malware removal.

Anyway, thanks for your help here... I know you're doing a lot of work and want you to know I appreciate it!

Bry
  • 0

Advertisements


#26
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Here's another FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by BC (administrator) on CHINOOK on 15-11-2013 12:55:08
Running from C:\Users\BC\AppData\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
() C:\Program Files\WordWeb\wweb32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Farbar) C:\Users\BC\AppData\Desktop\FRST (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [WordWeb] - C:\Program Files\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
URLSearchHook: HKLM - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKCU - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.13.1 200.88.127.22

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\BC\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\BC\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll (Search.Us.com)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz

Chrome:
=======
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR RestoreOnStartup: "hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5"]}},"browser":{"clear_lso_data_enabled":true,"last_known_google_url":"https://www.google.c...om/favicon.ico"
CHR Extension: (Google Docs) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (DAP Link Checker) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.8_0
CHR Extension: (Google Search) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0
CHR Extension: (avast! WebRep) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-04-02] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [772728 2013-02-27] (Speedbit Ltd.)

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-16] (AVG Technologies)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-08-09] (Egis Technology Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [827904 2009-11-26] (Ralink Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-03] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-06] (Realtek Semiconductor Corp.)
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2013-02-27] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 15:40 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 15:39 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 15:39 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 15:39 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 15:39 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 15:39 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 15:39 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 15:38 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 15:37 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 15:37 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:37 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:37 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 15:31 - 2013-11-14 15:33 - 23294592 _____ (Mozilla) C:\Users\BC\Downloads\Firefox Setup 25.0.exe
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 14:13 - 2013-11-14 15:26 - 00000000 ____D C:\Program Files\Free Download Manager
2013-11-13 14:13 - 2013-11-14 14:44 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:00 - 2013-11-13 13:27 - 00000000 ____D C:\Qoobox
2013-11-13 12:59 - 2013-11-13 13:24 - 00000000 ____D C:\Windows\erdnt
2013-11-10 11:58 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-11-10 11:56 - 2013-11-10 11:56 - 00000899 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-11-10 11:55 - 2013-11-10 11:55 - 00000000 ____D C:\$AVG
2013-11-10 11:54 - 2013-11-10 11:56 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-11-10 11:47 - 2013-11-10 11:48 - 04436568 _____ (AVG Technologies) C:\Users\BC\Downloads\avg_free_stb_all_2014_4158_cnet(1).exe
2013-11-10 11:22 - 2013-11-10 11:27 - 04436568 _____ (AVG Technologies) C:\Users\BC\Downloads\avg_free_stb_all_2014_4158_cnet.exe
2013-11-10 11:12 - 2013-11-10 11:12 - 00025967 _____ C:\Users\BC\Downloads\FRST.txt
2013-11-10 10:59 - 2013-11-10 10:59 - 00262088 _____ C:\Users\BC\Downloads\FRST(3).exe
2013-11-10 10:48 - 2013-11-10 10:48 - 01089447 _____ (Farbar) C:\Users\BC\Downloads\FRST(2).exe
2013-11-08 15:13 - 2013-11-15 12:49 - 00000504 _____ C:\Windows\setupact.log
2013-11-08 15:13 - 2013-11-10 11:53 - 00012470 _____ C:\Windows\PFRO.log
2013-11-08 15:13 - 2013-11-08 15:13 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 14:01 - 2013-11-08 14:01 - 00000000 ____D C:\FRST
2013-11-08 14:00 - 2013-11-08 14:00 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST(1).exe
2013-11-08 13:46 - 2013-11-08 13:46 - 00000988 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-08 13:38 - 2013-11-08 13:43 - 24278649 _____ C:\Users\BC\Downloads\vlc-2.1.0-win32.exe
2013-11-08 13:23 - 2013-11-08 14:18 - 00041698 _____ C:\Users\BC\Downloads\Extras.Txt
2013-11-07 17:54 - 2013-11-07 17:54 - 00000000 ____D C:\Users\BC\AppData\Local\{3B375EDC-7B9F-4182-95FB-B5720A3E1B76}
2013-11-07 15:51 - 2013-11-07 15:51 - 00601088 _____ (OldTimer Tools) C:\Users\BC\Downloads\OTL.exe
2013-11-07 15:32 - 2013-11-10 11:12 - 00016431 _____ C:\Users\BC\Downloads\Addition.txt
2013-11-07 15:29 - 2013-11-07 15:29 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST.exe
2013-11-07 15:25 - 2013-11-07 15:25 - 00003621 _____ C:\Users\BC\Desktop\JRT.txt
2013-11-07 15:15 - 2013-11-07 15:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 15:14 - 2013-11-07 15:14 - 01034531 _____ (Thisisu) C:\Users\BC\Downloads\JRT.exe
2013-11-07 15:03 - 2013-11-07 15:07 - 00000000 ____D C:\AdwCleaner
2013-11-07 15:02 - 2013-11-07 15:03 - 01073262 _____ C:\Users\BC\Downloads\AdwCleaner.exe
2013-11-07 13:24 - 2013-11-07 13:24 - 02143832 _____ C:\Users\BC\Downloads\instsf449(1).exe
2013-11-07 13:23 - 2013-11-07 13:23 - 02143832 _____ C:\Users\BC\Downloads\instsf449.exe
2013-11-07 13:20 - 2013-11-07 13:20 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-11-07 12:55 - 2013-11-07 13:24 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-11-07 12:55 - 2013-11-07 13:24 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-11-05 12:15 - 2013-11-05 12:15 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\BC\Downloads\autoruns.exe
2013-10-30 15:05 - 2013-10-30 15:06 - 07752897 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst.exe
2013-10-30 14:56 - 2013-10-30 15:01 - 00000000 ____D C:\Program Files\FlashGet
2013-10-30 14:56 - 2013-10-30 14:56 - 00000000 ____D C:\Users\BC\AppData\Roaming\FlashGet
2013-10-30 14:54 - 2013-10-30 14:55 - 04653240 _____ C:\Users\BC\Downloads\flashget196en.exe
2013-10-30 14:36 - 2013-11-15 12:48 - 00668762 _____ C:\Windows\WindowsUpdate.log
2013-10-30 14:34 - 2013-10-30 14:34 - 00000000 ____D C:\Users\BC\AppData\Roaming\GetGo Software
2013-10-30 14:31 - 2013-10-30 14:48 - 00000000 ____D C:\Program Files\GetGo Software
2013-10-30 14:27 - 2013-11-14 17:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-30 14:27 - 2013-11-14 15:35 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-30 14:21 - 2013-10-30 14:21 - 00282784 _____ (Mozilla) C:\Users\BC\Downloads\Firefox Setup Stub 25.0.exe
2013-10-30 13:56 - 2013-10-31 09:30 - 00003734 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-10-25 12:40 - 2013-10-25 12:40 - 00000000 ____D C:\ProgramData\Free Download Manager
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-19 13:05 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-18 12:37 - 2013-10-18 12:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-17 14:02 - 2013-10-17 14:02 - 00235781 _____ C:\Users\BC\AppData\Local\census.cache
2013-10-17 14:02 - 2013-10-17 14:02 - 00103792 _____ C:\Users\BC\AppData\Local\ars.cache
2013-10-16 15:09 - 2013-10-16 15:09 - 00000036 _____ C:\Users\BC\AppData\Local\housecall.guid.cache
2013-10-16 13:23 - 2013-10-16 13:23 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2013-10-16 13:21 - 2013-11-10 11:56 - 00000000 ____D C:\ProgramData\AVG2014

==================== One Month Modified Files and Folders =======

2013-11-15 12:55 - 2013-10-30 14:36 - 00668762 _____ C:\Windows\WindowsUpdate.log
2013-11-15 12:55 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 12:55 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 12:50 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-15 12:50 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-15 12:49 - 2013-11-08 15:13 - 00000504 _____ C:\Windows\setupact.log
2013-11-15 12:40 - 2010-11-20 16:01 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-15 12:38 - 2013-07-20 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 12:38 - 2011-12-16 19:04 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 19:20 - 2011-12-09 17:28 - 00000000 ____D C:\Users\BC\AppData\Roaming\vlc
2013-11-14 18:31 - 2012-06-12 14:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 17:41 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-14 15:35 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-14 15:34 - 2013-10-02 14:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 15:33 - 2013-11-14 15:31 - 23294592 _____ (Mozilla) C:\Users\BC\Downloads\Firefox Setup 25.0.exe
2013-11-14 15:29 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC
2013-11-14 15:29 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2013-11-14 15:26 - 2013-11-13 14:13 - 00000000 ____D C:\Program Files\Free Download Manager
2013-11-14 15:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-11-14 15:25 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-11-14 15:21 - 2011-12-09 16:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-14 15:21 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-14 14:44 - 2013-11-13 14:13 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:27 - 2013-11-13 13:00 - 00000000 ____D C:\Qoobox
2013-11-13 13:24 - 2013-11-13 12:59 - 00000000 ____D C:\Windows\erdnt
2013-11-10 11:58 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-11-10 11:56 - 2013-11-10 11:56 - 00000899 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-11-10 11:56 - 2013-11-10 11:54 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-11-10 11:56 - 2013-10-16 13:21 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-10 11:55 - 2013-11-10 11:55 - 00000000 ____D C:\$AVG
2013-11-10 11:53 - 2013-11-08 15:13 - 00012470 _____ C:\Windows\PFRO.log
2013-11-10 11:51 - 2011-12-09 16:38 - 00000000 ____D C:\Program Files\AVG
2013-11-10 11:48 - 2013-11-10 11:47 - 04436568 _____ (AVG Technologies) C:\Users\BC\Downloads\avg_free_stb_all_2014_4158_cnet(1).exe
2013-11-10 11:27 - 2013-11-10 11:22 - 04436568 _____ (AVG Technologies) C:\Users\BC\Downloads\avg_free_stb_all_2014_4158_cnet.exe
2013-11-10 11:12 - 2013-11-10 11:12 - 00025967 _____ C:\Users\BC\Downloads\FRST.txt
2013-11-10 11:12 - 2013-11-07 15:32 - 00016431 _____ C:\Users\BC\Downloads\Addition.txt
2013-11-10 10:59 - 2013-11-10 10:59 - 00262088 _____ C:\Users\BC\Downloads\FRST(3).exe
2013-11-10 10:48 - 2013-11-10 10:48 - 01089447 _____ (Farbar) C:\Users\BC\Downloads\FRST(2).exe
2013-11-08 15:13 - 2013-11-08 15:13 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 14:18 - 2013-11-08 13:23 - 00041698 _____ C:\Users\BC\Downloads\Extras.Txt
2013-11-08 14:01 - 2013-11-08 14:01 - 00000000 ____D C:\FRST
2013-11-08 14:00 - 2013-11-08 14:00 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST(1).exe
2013-11-08 13:46 - 2013-11-08 13:46 - 00000988 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-08 13:44 - 2011-12-09 17:25 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-08 13:43 - 2013-11-08 13:38 - 24278649 _____ C:\Users\BC\Downloads\vlc-2.1.0-win32.exe
2013-11-07 17:54 - 2013-11-07 17:54 - 00000000 ____D C:\Users\BC\AppData\Local\{3B375EDC-7B9F-4182-95FB-B5720A3E1B76}
2013-11-07 15:51 - 2013-11-07 15:51 - 00601088 _____ (OldTimer Tools) C:\Users\BC\Downloads\OTL.exe
2013-11-07 15:29 - 2013-11-07 15:29 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST.exe
2013-11-07 15:25 - 2013-11-07 15:25 - 00003621 _____ C:\Users\BC\Desktop\JRT.txt
2013-11-07 15:15 - 2013-11-07 15:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 15:14 - 2013-11-07 15:14 - 01034531 _____ (Thisisu) C:\Users\BC\Downloads\JRT.exe
2013-11-07 15:07 - 2013-11-07 15:03 - 00000000 ____D C:\AdwCleaner
2013-11-07 15:03 - 2013-11-07 15:02 - 01073262 _____ C:\Users\BC\Downloads\AdwCleaner.exe
2013-11-07 13:24 - 2013-11-07 13:24 - 02143832 _____ C:\Users\BC\Downloads\instsf449(1).exe
2013-11-07 13:24 - 2013-11-07 12:55 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-11-07 13:24 - 2013-11-07 12:55 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-11-07 13:23 - 2013-11-07 13:23 - 02143832 _____ C:\Users\BC\Downloads\instsf449.exe
2013-11-07 13:20 - 2013-11-07 13:20 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-11-05 12:15 - 2013-11-05 12:15 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\BC\Downloads\autoruns.exe
2013-10-31 09:30 - 2013-10-30 13:56 - 00003734 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-10-30 15:06 - 2013-10-30 15:05 - 07752897 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst.exe
2013-10-30 15:01 - 2013-10-30 14:56 - 00000000 ____D C:\Program Files\FlashGet
2013-10-30 14:56 - 2013-10-30 14:56 - 00000000 ____D C:\Users\BC\AppData\Roaming\FlashGet
2013-10-30 14:55 - 2013-10-30 14:54 - 04653240 _____ C:\Users\BC\Downloads\flashget196en.exe
2013-10-30 14:48 - 2013-10-30 14:31 - 00000000 ____D C:\Program Files\GetGo Software
2013-10-30 14:34 - 2013-10-30 14:34 - 00000000 ____D C:\Users\BC\AppData\Roaming\GetGo Software
2013-10-30 14:21 - 2013-10-30 14:21 - 00282784 _____ (Mozilla) C:\Users\BC\Downloads\Firefox Setup Stub 25.0.exe
2013-10-25 12:40 - 2013-10-25 12:40 - 00000000 ____D C:\ProgramData\Free Download Manager
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-20 13:57 - 2011-12-13 20:25 - 00000000 ____D C:\VirusTrap1
2013-10-18 12:37 - 2013-10-18 12:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-17 14:02 - 2013-10-17 14:02 - 00235781 _____ C:\Users\BC\AppData\Local\census.cache
2013-10-17 14:02 - 2013-10-17 14:02 - 00103792 _____ C:\Users\BC\AppData\Local\ars.cache
2013-10-16 15:09 - 2013-10-16 15:09 - 00000036 _____ C:\Users\BC\AppData\Local\housecall.guid.cache
2013-10-16 13:23 - 2013-10-16 13:23 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-06 12:15

==================== End Of Log ============================
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

Get Speedyfox: http://www.crystalidea.com/speedyfox . Download and Save and Run by right clicking and Run As Admin. Close Chrome/Firefox. Hit Optimize. You can run it any time that Chrome/Firefox seems slow.

How is it running now?
  • 0

#28
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
I went to log onto Geeks to ask this question but part way through, my cursor stopped responding. I could move it around the screen but not select anything. The spinning circle came up, like the computer was working and across the top of the screen I got the message that Firefox was not responding. Had to do Ctrl+Alt+Del to start over again. Anyway not clear on your request to "Download the attached fixlist.txt to the same location as FRST" I see the fixlist.txt but what do you want me to do with it? Open it and copy-paste it somewhere?

Give me a shout back and I'll start in again tomorrow.

Thanks so much...
Bry
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
If you click on fixlist.txt in Firefox then it will by default save the file in your downloads folder. Frst is running from your desktop so you need to move the file to your desktop then run frst.
  • 0

#30
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Thank you. The FRST scan first followed by the Fix results:



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by BC (administrator) on CHINOOK on 16-11-2013 12:37:31
Running from C:\Users\BC\AppData\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
() C:\Program Files\WordWeb\wweb32.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\BC\AppData\Desktop\FRST (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [WordWeb] - C:\Program Files\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKCU\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
URLSearchHook: HKLM - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKCU - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.13.1 208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\BC\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\BC\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll (Search.Us.com)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: fdm_ffext - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\Extensions\[email protected]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz

Chrome:
=======
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR RestoreOnStartup: "hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5"]}},"browser":{"clear_lso_data_enabled":true,"last_known_google_url":"https://www.google.c...om/favicon.ico"
CHR Extension: (Google Docs) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (DAP Link Checker) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.8_0
CHR Extension: (Google Search) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0
CHR Extension: (avast! WebRep) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-04-02] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [772728 2013-02-27] (Speedbit Ltd.)

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-16] (AVG Technologies)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-08-09] (Egis Technology Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [827904 2009-11-26] (Ralink Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-03] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-06] (Realtek Semiconductor Corp.)
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2013-02-27] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-15 13:06 - 2013-11-15 13:08 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 15:40 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 15:39 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 15:39 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 15:39 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 15:39 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 15:39 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 15:39 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 15:38 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 15:37 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 15:37 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:37 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:37 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 15:31 - 2013-11-14 15:33 - 23294592 _____ (Mozilla) C:\Users\BC\Downloads\Firefox Setup 25.0.exe
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 14:13 - 2013-11-16 12:34 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-11-13 14:13 - 2013-11-15 13:08 - 00000000 ____D C:\Program Files\Free Download Manager
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:00 - 2013-11-13 13:27 - 00000000 ____D C:\Qoobox
2013-11-13 12:59 - 2013-11-13 13:24 - 00000000 ____D C:\Windows\erdnt
2013-11-10 11:58 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-11-10 11:55 - 2013-11-10 11:55 - 00000000 ____D C:\$AVG
2013-11-10 11:54 - 2013-11-10 11:56 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-11-10 11:47 - 2013-11-10 11:48 - 04436568 _____ (AVG Technologies) C:\Users\BC\Downloads\avg_free_stb_all_2014_4158_cnet(1).exe
2013-11-10 11:22 - 2013-11-10 11:27 - 04436568 _____ (AVG Technologies) C:\Users\BC\Downloads\avg_free_stb_all_2014_4158_cnet.exe
2013-11-10 11:12 - 2013-11-10 11:12 - 00025967 _____ C:\Users\BC\Downloads\FRST.txt
2013-11-10 10:59 - 2013-11-10 10:59 - 00262088 _____ C:\Users\BC\Downloads\FRST(3).exe
2013-11-10 10:48 - 2013-11-10 10:48 - 01089447 _____ (Farbar) C:\Users\BC\Downloads\FRST(2).exe
2013-11-08 15:13 - 2013-11-16 12:27 - 00000672 _____ C:\Windows\setupact.log
2013-11-08 15:13 - 2013-11-10 11:53 - 00012470 _____ C:\Windows\PFRO.log
2013-11-08 15:13 - 2013-11-08 15:13 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 14:01 - 2013-11-08 14:01 - 00000000 ____D C:\FRST
2013-11-08 14:00 - 2013-11-08 14:00 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST(1).exe
2013-11-08 13:46 - 2013-11-08 13:46 - 00000988 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-08 13:38 - 2013-11-08 13:43 - 24278649 _____ C:\Users\BC\Downloads\vlc-2.1.0-win32.exe
2013-11-08 13:23 - 2013-11-08 14:18 - 00041698 _____ C:\Users\BC\Downloads\Extras.Txt
2013-11-07 17:54 - 2013-11-07 17:54 - 00000000 ____D C:\Users\BC\AppData\Local\{3B375EDC-7B9F-4182-95FB-B5720A3E1B76}
2013-11-07 15:51 - 2013-11-07 15:51 - 00601088 _____ (OldTimer Tools) C:\Users\BC\Downloads\OTL.exe
2013-11-07 15:32 - 2013-11-10 11:12 - 00016431 _____ C:\Users\BC\Downloads\Addition.txt
2013-11-07 15:29 - 2013-11-07 15:29 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST.exe
2013-11-07 15:25 - 2013-11-07 15:25 - 00003621 _____ C:\Users\BC\Desktop\JRT.txt
2013-11-07 15:15 - 2013-11-07 15:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 15:14 - 2013-11-07 15:14 - 01034531 _____ (Thisisu) C:\Users\BC\Downloads\JRT.exe
2013-11-07 15:03 - 2013-11-07 15:07 - 00000000 ____D C:\AdwCleaner
2013-11-07 15:02 - 2013-11-07 15:03 - 01073262 _____ C:\Users\BC\Downloads\AdwCleaner.exe
2013-11-07 13:24 - 2013-11-07 13:24 - 02143832 _____ C:\Users\BC\Downloads\instsf449(1).exe
2013-11-07 13:23 - 2013-11-07 13:23 - 02143832 _____ C:\Users\BC\Downloads\instsf449.exe
2013-11-07 13:20 - 2013-11-07 13:20 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-11-07 12:55 - 2013-11-07 13:24 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-11-07 12:55 - 2013-11-07 13:24 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-11-05 12:15 - 2013-11-05 12:15 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\BC\Downloads\autoruns.exe
2013-10-30 15:05 - 2013-10-30 15:06 - 07752897 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst.exe
2013-10-30 14:56 - 2013-10-30 15:01 - 00000000 ____D C:\Program Files\FlashGet
2013-10-30 14:56 - 2013-10-30 14:56 - 00000000 ____D C:\Users\BC\AppData\Roaming\FlashGet
2013-10-30 14:54 - 2013-10-30 14:55 - 04653240 _____ C:\Users\BC\Downloads\flashget196en.exe
2013-10-30 14:36 - 2013-11-15 19:56 - 00729569 _____ C:\Windows\WindowsUpdate.log
2013-10-30 14:34 - 2013-10-30 14:34 - 00000000 ____D C:\Users\BC\AppData\Roaming\GetGo Software
2013-10-30 14:31 - 2013-10-30 14:48 - 00000000 ____D C:\Program Files\GetGo Software
2013-10-30 14:27 - 2013-11-15 17:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-30 14:27 - 2013-11-14 15:35 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-30 14:21 - 2013-10-30 14:21 - 00282784 _____ (Mozilla) C:\Users\BC\Downloads\Firefox Setup Stub 25.0.exe
2013-10-30 13:56 - 2013-10-31 09:30 - 00003734 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-10-25 12:40 - 2013-10-25 12:40 - 00000000 ____D C:\ProgramData\Free Download Manager
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-19 13:05 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-19 13:05 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-18 12:37 - 2013-10-18 12:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-17 14:02 - 2013-10-17 14:02 - 00235781 _____ C:\Users\BC\AppData\Local\census.cache
2013-10-17 14:02 - 2013-10-17 14:02 - 00103792 _____ C:\Users\BC\AppData\Local\ars.cache

==================== One Month Modified Files and Folders =======

2013-11-16 12:35 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 12:35 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 12:34 - 2013-11-13 14:13 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-11-16 12:32 - 2013-10-30 14:36 - 00729569 _____ C:\Windows\WindowsUpdate.log
2013-11-16 12:31 - 2012-06-12 14:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 12:27 - 2013-11-08 15:13 - 00000672 _____ C:\Windows\setupact.log
2013-11-16 12:27 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-15 19:56 - 2011-12-09 17:28 - 00000000 ____D C:\Users\BC\AppData\Roaming\vlc
2013-11-15 17:42 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-15 15:11 - 2010-11-20 16:01 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-15 13:08 - 2013-11-15 13:06 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:08 - 2013-11-13 14:13 - 00000000 ____D C:\Program Files\Free Download Manager
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 12:50 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-15 12:45 - 2013-07-20 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 12:38 - 2011-12-16 19:04 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 15:35 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-14 15:33 - 2013-11-14 15:31 - 23294592 _____ (Mozilla) C:\Users\BC\Downloads\Firefox Setup 25.0.exe
2013-11-14 15:29 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC
2013-11-14 15:29 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2013-11-14 15:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-11-14 15:25 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-11-14 15:21 - 2011-12-09 16:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-14 15:21 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:27 - 2013-11-13 13:00 - 00000000 ____D C:\Qoobox
2013-11-13 13:24 - 2013-11-13 12:59 - 00000000 ____D C:\Windows\erdnt
2013-11-10 11:58 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-11-10 11:56 - 2013-11-10 11:54 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-11-10 11:56 - 2013-10-16 13:21 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-10 11:55 - 2013-11-10 11:55 - 00000000 ____D C:\$AVG
2013-11-10 11:53 - 2013-11-08 15:13 - 00012470 _____ C:\Windows\PFRO.log
2013-11-10 11:51 - 2011-12-09 16:38 - 00000000 ____D C:\Program Files\AVG
2013-11-10 11:48 - 2013-11-10 11:47 - 04436568 _____ (AVG Technologies) C:\Users\BC\Downloads\avg_free_stb_all_2014_4158_cnet(1).exe
2013-11-10 11:27 - 2013-11-10 11:22 - 04436568 _____ (AVG Technologies) C:\Users\BC\Downloads\avg_free_stb_all_2014_4158_cnet.exe
2013-11-10 11:12 - 2013-11-10 11:12 - 00025967 _____ C:\Users\BC\Downloads\FRST.txt
2013-11-10 11:12 - 2013-11-07 15:32 - 00016431 _____ C:\Users\BC\Downloads\Addition.txt
2013-11-10 10:59 - 2013-11-10 10:59 - 00262088 _____ C:\Users\BC\Downloads\FRST(3).exe
2013-11-10 10:48 - 2013-11-10 10:48 - 01089447 _____ (Farbar) C:\Users\BC\Downloads\FRST(2).exe
2013-11-08 15:13 - 2013-11-08 15:13 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 14:18 - 2013-11-08 13:23 - 00041698 _____ C:\Users\BC\Downloads\Extras.Txt
2013-11-08 14:01 - 2013-11-08 14:01 - 00000000 ____D C:\FRST
2013-11-08 14:00 - 2013-11-08 14:00 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST(1).exe
2013-11-08 13:46 - 2013-11-08 13:46 - 00000988 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-08 13:44 - 2011-12-09 17:25 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-08 13:43 - 2013-11-08 13:38 - 24278649 _____ C:\Users\BC\Downloads\vlc-2.1.0-win32.exe
2013-11-07 17:54 - 2013-11-07 17:54 - 00000000 ____D C:\Users\BC\AppData\Local\{3B375EDC-7B9F-4182-95FB-B5720A3E1B76}
2013-11-07 15:51 - 2013-11-07 15:51 - 00601088 _____ (OldTimer Tools) C:\Users\BC\Downloads\OTL.exe
2013-11-07 15:29 - 2013-11-07 15:29 - 01089445 _____ (Farbar) C:\Users\BC\Downloads\FRST.exe
2013-11-07 15:25 - 2013-11-07 15:25 - 00003621 _____ C:\Users\BC\Desktop\JRT.txt
2013-11-07 15:15 - 2013-11-07 15:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 15:14 - 2013-11-07 15:14 - 01034531 _____ (Thisisu) C:\Users\BC\Downloads\JRT.exe
2013-11-07 15:07 - 2013-11-07 15:03 - 00000000 ____D C:\AdwCleaner
2013-11-07 15:03 - 2013-11-07 15:02 - 01073262 _____ C:\Users\BC\Downloads\AdwCleaner.exe
2013-11-07 13:24 - 2013-11-07 13:24 - 02143832 _____ C:\Users\BC\Downloads\instsf449(1).exe
2013-11-07 13:24 - 2013-11-07 12:55 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-11-07 13:24 - 2013-11-07 12:55 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-11-07 13:23 - 2013-11-07 13:23 - 02143832 _____ C:\Users\BC\Downloads\instsf449.exe
2013-11-07 13:20 - 2013-11-07 13:20 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-11-05 12:15 - 2013-11-05 12:15 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\BC\Downloads\autoruns.exe
2013-10-31 09:30 - 2013-10-30 13:56 - 00003734 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-10-30 15:06 - 2013-10-30 15:05 - 07752897 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst.exe
2013-10-30 15:01 - 2013-10-30 14:56 - 00000000 ____D C:\Program Files\FlashGet
2013-10-30 14:56 - 2013-10-30 14:56 - 00000000 ____D C:\Users\BC\AppData\Roaming\FlashGet
2013-10-30 14:55 - 2013-10-30 14:54 - 04653240 _____ C:\Users\BC\Downloads\flashget196en.exe
2013-10-30 14:48 - 2013-10-30 14:31 - 00000000 ____D C:\Program Files\GetGo Software
2013-10-30 14:34 - 2013-10-30 14:34 - 00000000 ____D C:\Users\BC\AppData\Roaming\GetGo Software
2013-10-30 14:21 - 2013-10-30 14:21 - 00282784 _____ (Mozilla) C:\Users\BC\Downloads\Firefox Setup Stub 25.0.exe
2013-10-25 12:40 - 2013-10-25 12:40 - 00000000 ____D C:\ProgramData\Free Download Manager
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-10-24 13:00 - 2013-10-24 13:00 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-10-20 13:57 - 2011-12-13 20:25 - 00000000 ____D C:\VirusTrap1
2013-10-18 12:37 - 2013-10-18 12:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-17 14:02 - 2013-10-17 14:02 - 00235781 _____ C:\Users\BC\AppData\Local\census.cache
2013-10-17 14:02 - 2013-10-17 14:02 - 00103792 _____ C:\Users\BC\AppData\Local\ars.cache

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-06 12:15

==================== End Of Log ============================






Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-11-2013
Ran by BC at 2013-11-16 12:39:04 Run:1
Running from C:\Users\BC\AppData\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
URLSearchHook: HKLM - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKCU - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
FF DefaultSearchEngine: webwebweb
FF SelectedSearchEngine: webwebweb
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\BC\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\BC\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll (Search.Us.com)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: flashgot - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\45lp4nam.default-1377808082291\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR RestoreOnStartup: "hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5"]}},"browser":
CHR Extension: (DAP Link Checker) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.8_0
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0
C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.8_0
C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [772728 2013-02-27] (Speedbit Ltd.)
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2013-02-27] ()
C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
Task: {5A72B58D-E12C-4F4A-9D4D-8663E26BFA5D} - System32\Tasks\SBWUpdateTask_Time_763c67f3-78929C5B48C6 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
Task: {6796B3FF-26F4-48BC-9426-B7851C5AEF66} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {6D211B15-D4FD-4A90-B5B5-D20A153FA3F8} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe
Task: {85BA6CCF-53DC-4949-8B0E-77117BA9643A} - System32\Tasks\SBWUpdateTask_Logon_763c67f3-78929C5B48C6 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
Task: {BF1191DF-E40A-4353-8A34-12509231875E} - System32\Tasks\{53931810-DABF-4DC2-BE95-7026C980B2E5} => C:\Program Files\SPEEDbit Video Downloader\Converter.exe
AlternateDataStreams: C:\ProgramData\Temp:553CA6CA
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A






*****************

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => Value deleted successfully.
HKCR\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94} => Key deleted successfully.
HKCR\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94} => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin => Key deleted successfully.
C:\Users\BC\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll => Moved successfully.
HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin => Key deleted successfully.
C:\Users\BC\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully.
C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\45lp4nam.default-1377808082291\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi => not found.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\[email protected] => Value deleted successfully.
C:\Program Files\WordWeb\WCaptureMoz => Moved successfully.
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5 ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5"]}},"browser": ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh => Moved successfully.
C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb => Moved successfully.
"C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.8_0" => File/Directory not found.
"C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf => Key deleted successfully.
C:\Program Files\WordWeb\wcxChrome.crx => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
SBUpd => Service deleted successfully.
SBUpdd => Service deleted successfully.
C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A72B58D-E12C-4F4A-9D4D-8663E26BFA5D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A72B58D-E12C-4F4A-9D4D-8663E26BFA5D} => Key deleted successfully.
C:\Windows\System32\Tasks\SBWUpdateTask_Time_763c67f3-78929C5B48C6 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Time_763c67f3-78929C5B48C6 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6796B3FF-26F4-48BC-9426-B7851C5AEF66} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6796B3FF-26F4-48BC-9426-B7851C5AEF66} => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Reader Speed Launcher => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Reader Speed Launcher => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D211B15-D4FD-4A90-B5B5-D20A153FA3F8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D211B15-D4FD-4A90-B5B5-D20A153FA3F8} => Key deleted successfully.
C:\Windows\System32\Tasks\Express Files Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express Files Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85BA6CCF-53DC-4949-8B0E-77117BA9643A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85BA6CCF-53DC-4949-8B0E-77117BA9643A} => Key deleted successfully.
C:\Windows\System32\Tasks\SBWUpdateTask_Logon_763c67f3-78929C5B48C6 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SBWUpdateTask_Logon_763c67f3-78929C5B48C6 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF1191DF-E40A-4353-8A34-12509231875E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF1191DF-E40A-4353-8A34-12509231875E} => Key deleted successfully.
C:\Windows\System32\Tasks\{53931810-DABF-4DC2-BE95-7026C980B2E5} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{53931810-DABF-4DC2-BE95-7026C980B2E5} => Key deleted successfully.
C:\ProgramData\Temp => ":553CA6CA" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\ProgramData\Temp => ":862BDB1A" ADS removed successfully.

==== End of Fixlog ====
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP