Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

wuauclt.exe question [Closed]

Started by BerDov , Jun 23 2014 11:31 AM

wuauclt.exe

This topic is locked

#1
BerDov

Posted 23 June 2014 - 11:31 AM

Member

Member
228 posts

It is my understanding that tha file is a part of the windows update system and is better to be left alone if it is in the windows\system32\ folder.

My machine runs on Win 7. My ;.\win updates\change settings\ is set to : “Check for updates but let me choose...”

Several other forums I found first state that a copy of this file residing not in windows\system32\ may actually be a malware. The file in my \system32\ folder is 56.5K, dated 6/2/12 6:19PM, version 7.6.7600.256.

What puzzle me is that the program UltraFileSearch which I often use to find a file on my computers, fails to see this file. Instead, it finds two other copies:

one in c\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\

and one in c\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f2519f276\

I assume these are registry locations.

Does anything in the above look suspicious?

Thank you!

Boris

P.S. to test UltraFileSearch, I asked it to find a random file in the \system32\ folder. It did it instantly.

Attached Thumbnails

#2
Valinorum

Posted 24 June 2014 - 05:37 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Step #1 SystemLook Search
- Please download SystemLook by jpshortstuff to your Desktop from the suitable link below.
  - Download Link for 32-bit System.
  - Download Link for 64-bit System
- Right-click and choose Run as administrator;
- In the search box, copy and pasted the following code in the code-box.
```
:filefind
wuauclt.exe
```
- Click on Look;
- After the scan a log will be opened;
- Post the log in your next reply.

#3
BerDov

Posted 24 June 2014 - 06:07 AM

Member

Topic Starter
Member
228 posts

Valinorum,

Thank you!

Here is the log:

[

SystemLook 30.07.11 by jpshortstuff
Log created at 08:04 on 24/06/2014 by DovBer
Administrator - Elevation successful

========== filefind ==========

Searching for "wuauclt.exe"
C:\Windows\System32\wuauclt.exe   --a---- 57880 bytes   [00:02 25/05/2014]   [22:19 02/06/2012] C1C03EA437EDDA8A7D4D8786E5AE6751
C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuauclt.exe   --a---- 51200 bytes   [00:34 14/07/2009]   [01:39 14/07/2009] 0C12A2B863FEA45598134E3B6E379F88
C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuauclt.exe   --a---- 57880 bytes   [00:02 25/05/2014]   [22:19 02/06/2012] C1C03EA437EDDA8A7D4D8786E5AE6751

-= EOF =-

]

#4
Valinorum

Posted 24 June 2014 - 06:31 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

File is fine. One located in the System32 is the active file. Others are backups made by Microsoft. Any issue?

#5
BerDov

Posted 24 June 2014 - 06:38 AM

Member

Topic Starter
Member
228 posts

Thank you!

I do not know enough to say there are or there are no issues. Sometimes, the machine becomes VERY slow as if something is consuming all resources. So, I started looking into processes and services that are active.

#6
Valinorum

Posted 25 June 2014 - 12:27 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi,

Step #2 Scan with Farbar Recovery Scan Tool
- Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
  Download link for 32 bit system
  Download link for 64 bit system
- Right-click on the program and choose Run as administrator;
- Put tick-mark on all boxes under Whitelist and Optional Scan;
- Click on Scan;
- After the scan two notepad files will be opened --
  - FRST.txt;
  - Addition.txt
- Copy and Paste the contents of the logs in your next reply.

Required Log(s):
- FRST Logs --
  - FRST.txt
  - Addition.txt

Regards,
Valinorum

#7
BerDov

Posted 25 June 2014 - 06:40 AM

Member

Topic Starter
Member
228 posts

thank you again, Valinorum!

One remark, before I paste the files:

In the additions.txt, in teh log errors section, tehre are references to ViewPassword program. A week or two ago, I experienced an onslaught of pop-ups in Firefox. Somewhow I traced it to ViewPassword.exe. I uninstalled the program, then uninstaled Firefox, including bookmarks, cookies, history, etc, then installed the latest Firefox 30.0. THere are no pop-ups any longer.

Thank you!

BerDov

FRST.txt

=============

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by DovBer (administrator) on COMPAQ on 25-06-2014 08:02:05
Running from G:\DATA\__message_boards
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(IntelliQuest Communications, Inc.) C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service

\Garmin.Cartography.MapUpdate.CoreService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(High Criteria inc.) C:\Program Files (x86)\HighCriteria\TotalRecorder\TotalRecorder.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16333856 2009-07-29] (NVIDIA Corporation)
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17]

(PC-Doctor, Inc.)
HKLM\...\Run: [ISW] => "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

[446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-

Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

[656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08]

(Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26]

(Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ,

s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19]

(Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager

\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02]

(Oracle Corporation)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-04-23]

(Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite

\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [FBackup Scheduler] => [X]
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [GFI Backup 2009 - Home Edition] => C:\Program Files (x86)\GFI\GFI

Backup 2009 - Home Edition\GFIAgent.exe [2195824 2010-07-30] (GFI Software Ltd.)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [EPSON Stylus Photo R1800] => C:\Windows\system32\spool\DRIVERS

\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [EPSON Stylus Photo R1800 (Copy 1)] => C:\Windows\system32\spool

\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin

\Lifetime Updater\GarminLifetime.exe /StartMinimized
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express

Tray\ExpressTray.exe [122200 2014-04-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\DovBer\AppData\Roaming\AVG April

2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 97d9323c768e9936ad0e8106831d03d9-

5cc5ec22afae10e0c32388f46f7f6cfd8788e865 --CMPID ROC_APR2013_AV
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\DovBer\AppData

\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 97d9323c768e9936ad0e8106831d03d9-

5cc5ec22afae10e0c32388f46f7f6cfd8788e865 --CMPID 0913a
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224

2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2938443985-2931035666-1222182777-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect

\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe

Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Corel Registration.lnk
ShortcutTarget: Corel Registration.lnk -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe

(IntelliQuest Communications, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK
ShortcutTarget: CorelCENTRAL 9.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\ccwin9.exe (Corel

Corporation Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
ShortcutTarget: CorelCENTRAL Alarms.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel

Corporation Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe

Systems, Inc.)
Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\DovBer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and

Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

(Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bfcollection.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9F3FF4A9-0362-48AA-B1CF-6A4047631527} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9F3FF4A9-0362-48AA-B1CF-6A4047631527} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKCU - {9F3FF4A9-0362-48AA-B1CF-6A4047631527} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-se...q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG

Technologies CZ, s.r.o.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG

Technologies CZ, s.r.o.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

(Oracle Corporation)
BHO-x32: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField

\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar

\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin

\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar

\DTToolbar64.dll ()
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN

\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools

Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField

\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar

\DTToolbar64.dll ()
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies

CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG

Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger

\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger

\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

(Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\1fjerz5e.default
FF Homepage: hxxp://www.bfcollection.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft

Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle

Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle

Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll (

Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

(Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

(Google Inc.)
FF Plugin HKCU: @e-academy.com/Host SDM Plugin; version=1.0.0.0 - C:\Users\DovBer\AppData\Local\e-academy Inc\Mozilla\Firefox

\plugins\npHostSdmLoader.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2014-05-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-

43525BDAD38A} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField

\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField

\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-03-30]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG

Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

[436056 2014-04-23] (Garmin Ltd or its subsidiaries)
R2 GFIBckHAtt; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe [858480 2010-07-30] (GFI Software Ltd.)
R2 GFIBckHSched; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe [2324848 2010-07-30] (GFI Software

Ltd.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24]

(Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company)

[File not signed]
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760 2011-10-02] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems

Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
U4 B06sama; No ImagePath
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-15] () [File not signed]
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123632 2011-12-14] (High Criteria inc.)
U3 am9j76fy; C:\Windows\System32\Drivers\am9j76fy.sys [0 ] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\DRIVERS\agrsm64.sys A6AB6F0ACE87DA76B4C401813D18BE95
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 7A4B413614C055935567CF88A9734D38
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys E6671E90D38C88764412E07C9D9B3D63
C:\Windows\System32\DRIVERS\AVGIDSEH.Sys 1553B388E0F0462C25AD8F30C3C29E83
C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys DCA426A66739E75F51A72160DFB945AD
C:\Windows\System32\DRIVERS\avgldx64.sys 5D9D7009EDA9338F286730390DBEB5B6
C:\Windows\System32\DRIVERS\avgmfx64.sys 997D002827D3E3DCBBB25BF46DB161AB
C:\Windows\System32\DRIVERS\avgrkx64.sys BCCFE3374C887075CDE2AC8FDB1CB2F8
C:\Windows\System32\DRIVERS\avgtdia.sys 0D49ADCEBE243B79366EA523B647519A
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\grmnusb.sys B9893A68032A6D9ADDB5B98287C630F7
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys EF75C94792187A143871FBB87611B0B7
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 181B6E6F49F9F3AD05589B48E29BA167
C:\Windows\System32\DRIVERS\nvmf6264.sys 909EEDCBD365BB81027D8E742E6B3416
C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvstor64.sys 1E45F96342429D63DC30E0D9117DA3D8
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\TotRec8.sys 298BAD15E3CC9086021B47C98D51FA48
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 77B01BC848298223A95D4EC23E1785A1
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usb8023x.sys E388D1507E779D0B499A1D87476E4230
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\am9j76fy.sys

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-25 08:01 - 2014-06-25 08:02 - 00000000 ____D () C:\FRST
2014-06-20 17:27 - 2014-06-20 17:27 - 00000000 ____D () C:\Users\DovBer\AppData\Local\TomTom
2014-06-20 17:27 - 2014-06-20 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-06-20 17:27 - 2014-06-20 17:27 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V
2014-06-20 17:27 - 2014-06-20 17:27 - 00000000 ____D () C:\Program Files (x86)\MyDrive Connect
2014-06-19 20:46 - 2014-06-19 20:46 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla

Firefox.lnk
2014-06-19 20:46 - 2014-06-19 20:46 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 18:01 - 2014-06-19 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
2014-06-19 18:00 - 2014-06-19 18:02 - 00000000 ____D () C:\Program Files (x86)\CDex
2014-05-26 03:48 - 2014-05-26 03:48 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-26 03:48 - 2014-05-26 03:48 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-26 03:48 - 2014-05-26 03:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-26 03:48 - 2014-05-26 03:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-26 03:48 - 2014-05-26 03:48 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-26 03:48 - 2014-05-26 03:48 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-26 03:48 - 2014-05-26 03:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-26 03:48 - 2014-05-26 03:48 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-26 03:48 - 2014-05-26 03:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-26 03:48 - 2014-05-26 03:48 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-26 03:48 - 2014-05-26 03:48 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-26 03:46 - 2014-05-26 03:46 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-05-26 03:46 - 2014-05-26 03:46 - 01863680 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-05-26 03:46 - 2014-05-26 03:46 - 01495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-05-26 03:46 - 2014-05-26 03:46 - 00662528 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-05-26 03:46 - 2014-05-26 03:46 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-05-26 03:45 - 2014-05-26 03:49 - 00003797 _____ () C:\Windows\IE9_main.log
2014-05-26 03:20 - 2012-12-16 12:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-05-26 03:20 - 2012-12-16 10:40 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-05-26 03:20 - 2012-12-16 10:25 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-05-26 03:20 - 2012-12-16 10:25 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-05-26 03:20 - 2009-10-19 10:46 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-05-26 03:20 - 2009-10-19 10:10 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-05-26 03:11 - 2014-05-26 03:11 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-05-26 03:11 - 2014-05-26 03:11 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-05-26 03:07 - 2012-03-01 02:54 - 00022896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-05-26 03:07 - 2012-03-01 02:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-05-26 03:07 - 2012-03-01 02:35 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-05-26 03:07 - 2012-03-01 01:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-05-26 03:07 - 2012-03-01 01:40 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-05-26 03:06 - 2014-05-26 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft

Silverlight
2014-05-26 03:05 - 2014-05-26 03:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-26 03:05 - 2014-05-26 03:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

2014-06-25 08:02 - 2014-06-25 08:01 - 00000000 ____D () C:\FRST
2014-06-25 07:55 - 2010-04-17 11:42 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Skype
2014-06-25 07:40 - 2010-01-19 23:08 - 02084679 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 07:26 - 2012-08-20 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 07:15 - 2011-02-10 00:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 02:00 - 2010-05-04 22:37 - 00000000 ____D () C:\Users\DovBer\AppData\Local\Adobe
2014-06-24 19:15 - 2011-02-10 00:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 08:56 - 2009-07-14 01:13 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-24 08:04 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 08:04 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 17:32 - 2010-04-16 23:38 - 00000000 ____D () C:\Windows\system32\Drivers\Avg
2014-06-23 16:15 - 2010-04-16 14:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-23 16:15 - 2010-04-14 16:03 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Adobe
2014-06-22 21:17 - 2011-02-05 11:33 - 00000000 ___RD () C:\Users\DovBer\Dropbox
2014-06-22 21:16 - 2014-05-24 20:21 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\DropboxMaster
2014-06-22 21:16 - 2011-02-05 11:29 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Dropbox
2014-06-22 21:15 - 2010-04-14 23:21 - 00000000 ____D () C:\Users\DovBer\Documents\CCWin9
2014-06-22 21:15 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-06-22 21:14 - 2010-01-12 20:15 - 00244582 _____ () C:\Windows\PFRO.log
2014-06-22 21:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 21:14 - 2009-07-14 00:51 - 00072454 _____ () C:\Windows\setupact.log
2014-06-21 07:52 - 2010-04-14 16:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-21 07:51 - 2010-04-16 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla

Firefox.lnk
2014-06-19 20:46 - 2014-06-19 20:46 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 20:46 - 2014-05-10 09:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 20:46 - 2010-04-14 16:56 - 00000000 ____D () C:\Users\DovBer\AppData\Roaming\Mozilla
2014-06-19 18:02 - 2014-06-19 18:00 - 00000000 ____D () C:\Program Files (x86)\CDex
2014-06-19 18:01 - 2014-06-19 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
2014-06-17 19:10 - 2011-02-10 00:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 19:10 - 2011-02-10 00:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-01 09:16 - 2010-04-14 20:44 - 00012954 _____ () C:\Users\DovBer\AppData\Roaming\Microsoft Excel 97-2003.CAL
2014-05-31 10:05 - 2010-04-14 20:00 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-05-27 18:54 - 2010-04-17 11:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-27 18:54 - 2010-04-17 11:42 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 08:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-26 06:29 - 2010-04-14 15:59 - 00402200 _____ () C:\Users\DovBer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-26 06:04 - 2010-04-14 16:00 - 00001453 _____ () C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Internet Explorer.lnk
2014-05-26 06:04 - 2010-04-14 16:00 - 00001419 _____ () C:\Users\DovBer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Internet Explorer (64-bit).lnk
2014-05-26 06:01 - 2009-07-14 00:45 - 03433408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-26 05:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-26 05:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-26 05:57 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-05-26 03:49 - 2014-05-26 03:45 - 00003797 _____ () C:\Windows\IE9_main.log
2014-05-26 03:48 - 2014-05-26 03:48 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-26 03:48 - 2014-05-26 03:48 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-26 03:48 - 2014-05-26 03:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-26 03:48 - 2014-05-26 03:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-26 03:48 - 2014-05-26 03:48 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-26 03:48 - 2014-05-26 03:48 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-26 03:48 - 2014-05-26 03:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-26 03:48 - 2014-05-26 03:48 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-26 03:48 - 2014-05-26 03:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-26 03:48 - 2014-05-26 03:48 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-26 03:48 - 2014-05-26 03:48 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-26 03:48 - 2014-05-26 03:48 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-26 03:48 - 2014-05-26 03:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-26 03:46 - 2014-05-26 03:46 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-05-26 03:46 - 2014-05-26 03:46 - 01863680 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-05-26 03:46 - 2014-05-26 03:46 - 01495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-05-26 03:46 - 2014-05-26 03:46 - 00662528 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-05-26 03:46 - 2014-05-26 03:46 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-05-26 03:46 - 2014-05-26 03:46 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-05-26 03:30 - 2010-01-12 20:39 - 00001153 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works

Task Launcher.lnk
2014-05-26 03:30 - 2010-01-12 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2014-05-26 03:30 - 2010-01-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-05-26 03:11 - 2014-05-26 03:11 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-05-26 03:11 - 2014-05-26 03:11 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-05-26 03:11 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2014-05-26 03:06 - 2014-05-26 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft

Silverlight
2014-05-26 03:05 - 2014-05-26 03:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-26 03:05 - 2014-05-26 03:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\DovBer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgvdzcy.dll
C:\Users\DovBer\AppData\Local\Temp\i4jdel0.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\openssl.exe
C:\Users\DovBer\AppData\Local\Temp\SkypeSetup.exe
C:\Users\DovBer\AppData\Local\Temp\tmp2BA.exe
C:\Users\DovBer\AppData\Local\Temp\tmp5408.exe
C:\Users\DovBer\AppData\Local\Temp\tmp6246.exe
C:\Users\DovBer\AppData\Local\Temp\tmp67D6.exe
C:\Users\DovBer\AppData\Local\Temp\tmp784A.exe
C:\Users\DovBer\AppData\Local\Temp\tmp84F7.exe
C:\Users\DovBer\AppData\Local\Temp\tmpE32.exe
C:\Users\DovBer\AppData\Local\Temp\uninst.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {e0b98640-ffd7-11de-baa2-e0cb4e57cc64}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {e0b98642-ffd7-11de-baa2-e0cb4e57cc64}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {e0b98642-ffd7-11de-baa2-e0cb4e57cc64}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {e0b98640-ffd7-11de-baa2-e0cb4e57cc64}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {e0b98642-ffd7-11de-baa2-e0cb4e57cc64}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{e0b98643-ffd7-11de-baa2-e0cb4e57cc64}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{e0b98643-ffd7-11de-baa2-e0cb4e57cc64}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {e0b98640-ffd7-11de-baa2-e0cb4e57cc64}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {e0b98643-ffd7-11de-baa2-e0cb4e57cc64}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

LastRegBack: 2014-06-18 16:09

==================== End Of Log ============================

ADDITION.TXT

====================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2014
Ran by DovBer at 2014-06-25 08:03:11
Running from G:\DATA\__message_boards
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version: - )
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.19709 - Ask.com) <==== ATTENTION
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1432 - AVG Technologies)
AVG 2011 (Version: 10.0.1432 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.3955 - AVG Technologies) Hidden
Blurb Book Creator CS6 v2.2.0.20d10 (HKLM-x32\...\Blurb Template Creator CS6_is1) (Version: - )
BookSmart® 3.4.3 3.4.3 (HKLM-x32\...\BookSmart® 3.4.3 3.4.3) (Version: - Blurb, Inc)
BPM Counter 1.2.0.0 (HKLM-x32\...\BPM Counter_is1) (Version: 1.2.0.0 - AbyssMedia.com)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.1.2.0185 - DT Soft Ltd) <==== ATTENTION
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
E.M. PowerPoint Video Converter 3.20 (HKLM-x32\...\E.M. PowerPoint Video Converter_is1) (Version: - EffectMatrix, Inc.)
Elevated Installer (x32 Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
FirstClass® Client (HKLM-x32\...\{5B35C417-2649-11D6-83D1-0050FC01225C}) (Version: 8.2 (8.200) - )
fotoQuote Pro 6 (HKLM-x32\...\{9ACDAF5E-318F-4761-ABC3-DDC58089E818}) (Version: 6.0.3 - Cradoc fotoSoftware)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{a2c69cba-542a-4a49-af31-b8a49349064d}) (Version: 3.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
GFI Backup 2009 - Home Edition (HKLM-x32\...\GFI Backup 2009 - Home Edition) (Version: 3.0 - GFI Software Ltd.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
ICC Profiles (HKLM-x32\...\{8925AD1C-13DE-4709-9E88-6A0C320D0D43}) (Version: 1.10 - EPSON)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDiskReport 1.4.0 (HKLM-x32\...\JDiskReport 1.4.0) (Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)
JGoodies JDiskReport 1.3.2 (HKLM-x32\...\JDiskReport 1.3.2) (Version: 1.3.2 (2009-12-18 11:57:44) - JGoodies Karsten Lentzsch)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
Leawo PowerPoint to Video Free version 2.2.0.55 (HKLM-x32\...\{CF143FD7-FAA3-48C4-81B5-DFE18E1FC216}_is1) (Version: - Leawo Software)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ Run Time Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version: - Photodex Corporation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Russian Phonetic Student - WinRus.com (HKLM\...\{7AE27077-F326-46AA-9CB2-DF595D56C8FA}) (Version: 1.0.3.40 - Paul Gorodyansky)
Russian Phonetic YaWert - WinRus.com (HKLM\...\{3A414249-4B92-422C-904C-5FA6FF525AB1}) (Version: 1.0.3.40 - personal)
Secure Download Manager (HKLM-x32\...\{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}) (Version: 3.0.0 - e-academy Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Total Recorder 8.3 Professional Edition (HKLM-x32\...\TotalRecorder) (Version: - )
UltraFileSearch (HKLM-x32\...\UltraFileSearch) (Version: - Stegisoft)
UltraFileSearch (x32 Version: 2.8.0.12335 - Stegisoft) Hidden
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:

- Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-

26D948FD971B}) (Version: - Microsoft)
VBA (2720) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201

- Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs

Software)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WPF Toolkit June 2009 (Version 3.5.40619.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.40619.1 - Microsoft Corporation)

==================== Restore Points =========================

03-06-2014 04:00:06 Scheduled Checkpoint
10-06-2014 05:49:05 Scheduled Checkpoint
18-06-2014 20:14:45 Scheduled Checkpoint
19-06-2014 22:00:16 Installed Microsoft Visual C++ 2005 Redistributable
21-06-2014 11:49:56 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {188F939C-9518-4A70-A7A2-38405D969509} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-23] ()
Task: {19C6569A-71A5-4568-9CC9-FF6A615891D9} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {1AA82037-44DE-4024-9DF8-62D8B3BF53E1} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-

09-24] (Hewlett-Packard)
Task: {360A606C-8870-4509-9C56-5948B7BF7B14} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe

Systems Incorporated)
Task: {5B7561FE-2F9F-4789-9BCC-4994E0144076} - System32\Tasks\{26856B04-0623-4702-899E-36D3A1E2D462} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies

S.A.)
Task: {72379DFD-9294-47DC-82ED-9AE46A92F8BE} - System32\Tasks\AdobeAAMUpdater-1.0-compaq-DovBer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

[2012-04-04] (Adobe Systems Incorporated)
Task: {792E481B-2CF9-4879-8D36-4D65908D30F0} - System32\Tasks\{D94CEE4D-025E-46FC-A74F-5975D45FFF67} => H:\Crack\keygen.exe
Task: {87D26F9E-9676-4EC4-A532-7D75C37B5790} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10] (Google Inc.)
Task: {904CEAB8-70A6-4A5D-8309-7FEABF2792A4} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

[2009-09-24] (Hewlett-Packard)
Task: {935F0929-5F95-4F57-90C6-AE3FC67DEC81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10] (Google Inc.)
Task: {E704E4BF-5973-40E3-9E79-435D23C7A532} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\fba_bk_test_01.job => C:\Program Files (x86)\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2010-06-21 09:36 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2009-10-16 15:23 - 2009-10-16 15:23 - 00409384 ____N () C:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dll
2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
2011-10-02 20:20 - 2011-10-02 20:20 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2011-05-31 15:45 - 2011-05-31 15:45 - 00756048 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-06-19 20:45 - 2014-06-06 00:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-13 17:26 - 2014-05-13 17:26 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
2010-04-14 23:15 - 1999-03-29 13:58 - 00057344 ____N () C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\axcntrls.dll
2014-06-21 07:53 - 2014-06-21 07:53 - 00712192 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Autho#\1a022cfc2fa6ea7d68dd9315bc7f7cae

\Microsoft.Web.Authoring.ni.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0CFF5F08

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2014 07:51:12 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only

affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (06/19/2014 07:20:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ViewPasswordHh174.exe, version: 1.174.0.0, time stamp: 0x53a17e28
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x692f3130
Faulting process id: 0x35a0
Faulting application start time: 0xViewPasswordHh174.exe0
Faulting application path: ViewPasswordHh174.exe1
Faulting module path: ViewPasswordHh174.exe2
Report Id: ViewPasswordHh174.exe3

Error: (06/19/2014 07:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ViewPasswordHh174.exe, version: 1.174.0.0, time stamp: 0x53a17e28
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000005
Fault offset: 0x00038df9
Faulting process id: 0x1c8
Faulting application start time: 0xViewPasswordHh174.exe0
Faulting application path: ViewPasswordHh174.exe1
Faulting module path: ViewPasswordHh174.exe2
Report Id: ViewPasswordHh174.exe3

Error: (06/18/2014 11:47:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 8.0.0.0, time stamp: 0x3f8fad4d
Faulting module name: Photoshop.exe, version: 8.0.0.0, time stamp: 0x3f8fad4d
Exception code: 0xc0000005
Fault offset: 0x009979da
Faulting process id: 0x15ac
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3

Error: (06/14/2014 03:56:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16450, time stamp: 0x4aebab8d
Faulting module name: SHELL32.dll, version: 6.1.7600.17038, time stamp: 0x4fd2dd43
Exception code: 0xc0000005
Fault offset: 0x000000000034e4f1
Faulting process id: 0xb54
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (05/27/2014 06:56:00 PM) (Source: Microsoft Office 12) (EventID: 2000) (User: )
Description: Accepted Safe Mode action : Microsoft Office Outlook.

System errors:
=============
Error: (06/25/2014 01:25:14 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (06/25/2014 01:24:14 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (06/25/2014 01:23:14 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (06/24/2014 07:10:47 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (06/24/2014 06:19:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (06/24/2014 00:50:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (06/24/2014 01:25:14 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (06/24/2014 01:24:14 AM) (Source: srv) (EventID: 2017) (User: )
Description: The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Error: (06/23/2014 01:00:47 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (06/23/2014 00:45:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Microsoft Office Sessions:
=========================
Error: (11/08/2013 07:29:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 598937 seconds

with 11220 seconds of active time. This session ended with a crash.

Error: (11/06/2013 10:03:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 826373 seconds with

1320 seconds of active time. This session ended with a crash.

Error: (11/01/2013 09:06:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 781173 seconds

with 15780 seconds of active time. This session ended with a crash.

Error: (01/22/2013 07:40:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37362 seconds with

840 seconds of active time. This session ended with a crash.

Error: (11/16/2012 07:41:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81034 seconds with

2100 seconds of active time. This session ended with a crash.

Error: (11/02/2012 06:48:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 303209 seconds

with 7860 seconds of active time. This session ended with a crash.

Error: (08/21/2012 07:25:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41214 seconds with

780 seconds of active time. This session ended with a crash.

Error: (07/15/2012 06:33:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40344 seconds with

180 seconds of active time. This session ended with a crash.

Error: (06/23/2012 06:21:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 627 seconds with 0

seconds of active time. This session ended with a crash.

Error: (12/15/2011 10:58:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11 seconds with 0

seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2010-04-16 23:24:44.829
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set

of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 76%
Total physical RAM: 2815.3 MB
Available physical RAM: 669.89 MB
Total Pagefile: 5628.75 MB
Available Pagefile: 1947.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.79 GB) (Free:383.66 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.87 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:27.35 GB) NTFS
Drive i: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:98.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 4F06C035)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 57640DE4)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#8
Valinorum

Posted 25 June 2014 - 09:48 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Step #3 Uninstall Programs
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
- Ask Toolbar Updater

Step #4 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

Open Notepad.exe. Do not use any other text editor software;

Copy and Paste the contents inside the code-box to your Notepad --

Start
AlternateDataStreams: C:\ProgramData\Temp:0CFF5F08
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.19709 - Ask.com) <==== ATTENTION
C:\Users\DovBer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgvdzcy.dll
C:\Users\DovBer\AppData\Local\Temp\i4jdel0.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\DovBer\AppData\Local\Temp\openssl.exe
C:\Users\DovBer\AppData\Local\Temp\SkypeSetup.exe
C:\Users\DovBer\AppData\Local\Temp\tmp2BA.exe
C:\Users\DovBer\AppData\Local\Temp\tmp5408.exe
C:\Users\DovBer\AppData\Local\Temp\tmp6246.exe
C:\Users\DovBer\AppData\Local\Temp\tmp67D6.exe
C:\Users\DovBer\AppData\Local\Temp\tmp784A.exe
C:\Users\DovBer\AppData\Local\Temp\tmp84F7.exe
C:\Users\DovBer\AppData\Local\Temp\tmpE32.exe
C:\Users\DovBer\AppData\Local\Temp\uninst.exe
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
SearchScopes: HKLM-x32 - {9F3FF4A9-0362-48AA-B1CF-6A4047631527} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKCU - {9F3FF4A9-0362-48AA-B1CF-6A4047631527} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM - {9F3FF4A9-0362-48AA-B1CF-6A4047631527} URL = http://www.ask.com/w...}&l=dis&o=uscqd
Reboot:
End

Click on File > Save as...
- Inside the File Name box type fixlist.txt;
- From the Save as type drop down list, choose All Files
Save the file to your Desktop;
Re-run FRST.exe and click Fix;
- Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
After the completion, a log will be produced;
Copy and Paste the contents of the log in your next reply.

Step #5 Upload File(s) to Virus-Total
I want you to upload the following suspicious file(s) to an online virus-scanner to scan.
- Please go to www.virustotal.com
- Click on Choose File
- Go to C:\Windows\System32\Drivers\am9j76fy.sys
- Click on Open;
- Click on Scan it;
- Copy and Paste the link of the result page in your reply;
Follow the same procedure for --
C:\Windows\System32\Drivers\sptd.sys

Required Log(s):
- FRST Fix Log
- VirusTotal Links

Regards,
Valinorum

#9
BerDov

Posted 26 June 2014 - 11:04 AM

Member

Topic Starter
Member
228 posts

Thanks, Valinoram!

Before I procede as per your instructions, one question: if the SkypeSetup.exe is uninstalled, will it affect Skype currently running or future intslls of their updates?

Thanks,

BerDov

#10
Valinorum

Posted 26 June 2014 - 11:13 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

No. It is an old setup file. If you wish, you can keep it. To keep it, just remove the C:\Users\DovBer\AppData\Local\Temp\SkypeSetup.exe entry from the script.

#11
Valinorum

Posted 01 July 2014 - 12:19 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.