Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 Trojan-Downloader.Win32.Update.eou [Solved]


  • This topic is locked This topic is locked

#1
Dazed&Confused

Dazed&Confused

    Member

  • Member
  • PipPip
  • 29 posts

Running a scan using ZoneAlarm, this malware was detected:  Trojan-Downloader.Win32.Update.eou  It was quarantined, but keeps coming back.  The PC is periodically running very slowly.  Uninstalled ZoneAlarm and tried to reinstall Windows Security Essentials but it is not available in the Action Center.  When trying to download WSE from the Microsoft site, it identifies the PC as running Windows XP (it is running Windows 7) and won't allow the download.  Tried to run the .exe file from a USB drive; the installation started fine, but quit after accepting the license, saying it couldn't continue, and forcing a restart of the computer.

 

OTL log file:

 

OTL logfile created on: 2/11/2015 9:38:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Guitar\Documents\Downloads
64bit-Windows XP  Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.90 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 57.06% Memory free
7.81 Gb Paging File | 5.76 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 170.81 Gb Free Space | 73.38% Space Free | Partition Type: NTFS
 
Computer Name: GUITAR-PC | User Name: Guitar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/11 09:13:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Guitar\My Documents\Downloads\OTL.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/11 02:39:16 | 000,511,872 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2014/05/02 15:47:14 | 001,065,024 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/08/21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/08/21 14:43:58 | 000,105,120 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2015/02/11 06:54:12 | 001,025,920 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2015/01/11 19:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/12 00:06:52 | 002,449,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2013/09/20 16:30:00 | 000,654,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/17 00:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/02/05 11:21:23 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/26 20:17:58 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/10 20:09:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2015/02/11 06:54:21 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2014/07/10 11:30:58 | 000,322,736 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)
DRV:64bit: - [2014/06/11 10:09:28 | 000,490,592 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/06/11 10:09:26 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2014/03/31 21:06:06 | 000,058,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/27 01:26:12 | 000,805,088 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/11 07:59:34 | 000,334,936 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0200.sys -- (RsFx0200)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/30 12:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 12:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/06/19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.hiddenOneOffs: ""
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Guitar\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/07 18:11:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/07 18:11:11 | 000,000,000 | ---D | M]
 
[2013/10/07 10:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guitar\AppData\Roaming\Mozilla\Extensions
[2015/02/11 08:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\extensions
[2014/04/09 15:52:24 | 000,002,542 | ---- | M] () -- C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\searchplugins\ask-search.xml
[2014/05/22 08:22:16 | 000,005,529 | ---- | M] () -- C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\searchplugins\startpage-custom-search.xml
[2014/11/24 13:30:03 | 000,001,497 | ---- | M] () -- C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\searchplugins\zonealarm.xml
[2015/01/26 20:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 20:17:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ShipWorksScheduler$CA3940B9E53441448E08C6625A9D9DB2] C:\Program Files\ShipWorks\ShipWorks.exe (Interapptive®, Inc.)
O4:64bit: - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Guitar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-410 Series" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E75A27F2-08D3-446D-9020-52FD51C6D43C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/02/11 06:57:12 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/11 06:56:56 | 000,000,000 | ---D | C] -- C:\Users\Guitar\AppData\Roaming\Enigma Software Group
[2015/02/11 06:56:49 | 000,000,000 | ---D | C] -- C:\Users\Guitar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2015/02/11 06:56:31 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2015/02/11 06:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2015/01/26 20:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/14 12:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2015/01/13 11:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2015/01/13 11:50:58 | 000,000,000 | ---D | C] -- C:\Users\Guitar\AppData\Local\Citrix
[2015/01/12 16:15:15 | 000,000,000 | ---D | C] -- C:\Users\Guitar\AppData\Roaming\Apple Computer
[2015/01/12 16:15:15 | 000,000,000 | ---D | C] -- C:\Users\Guitar\AppData\Local\Apple Computer
[2015/01/12 16:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015/01/12 16:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015/01/12 16:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2015/01/12 16:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2015/01/12 16:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2015/01/12 16:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2015/01/12 16:13:09 | 000,000,000 | ---D | C] -- C:\Users\Guitar\AppData\Local\Apple
[2015/01/12 16:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2015/01/12 16:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2015/01/12 16:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2015/01/12 16:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2015/01/12 16:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2015/01/12 16:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/11 09:36:00 | 000,000,911 | ---- | M] () -- C:\Windows\tasks\EPSON XP-410 Series Update {CBD881FB-6534-4107-912B-3F850E014EAA}.job
[2015/02/11 09:36:00 | 000,000,725 | ---- | M] () -- C:\Windows\tasks\EPSON XP-410 Series Invitation {CBD881FB-6534-4107-912B-3F850E014EAA}.job
[2015/02/11 09:23:40 | 000,923,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/11 09:23:40 | 000,760,372 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/11 09:23:40 | 000,161,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/11 09:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/11 09:21:00 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2404089428-2033709462-2392081876-1000.job
[2015/02/11 09:16:46 | 000,031,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/11 09:16:46 | 000,031,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/11 09:09:59 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2015/02/11 09:08:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/11 09:08:35 | 3144,216,576 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/11 09:06:54 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015/02/11 08:34:41 | 000,327,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/11 06:57:12 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2015/02/11 06:56:49 | 000,001,087 | ---- | M] () -- C:\Users\Guitar\Desktop\SpyHunter.lnk
[2015/02/11 06:56:43 | 000,008,192 | ---- | M] () -- C:\shldr.mbr
[2015/02/11 06:56:42 | 000,285,747 | ---- | M] () -- C:\shldr
[2015/02/11 06:54:21 | 000,022,704 | ---- | M] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2015/02/06 16:55:29 | 000,915,430 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/01/31 12:53:58 | 000,000,814 | ---- | M] () -- C:\Users\Guitar\Desktop\ShipWorks.lnk
[2015/01/31 12:53:58 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\dazzle.lnk
[2015/01/14 22:23:46 | 000,003,929 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2015/01/14 13:17:26 | 000,002,114 | ---- | M] () -- C:\Users\Guitar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2015/01/13 22:17:53 | 000,012,288 | ---- | M] () -- C:\Users\Guitar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015/01/12 16:15:05 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2015/02/11 08:05:25 | 3144,216,576 | -HS- | C] () -- C:\hiberfil.sys
[2015/02/11 08:02:57 | 000,285,747 | ---- | C] () -- C:\shldr
[2015/02/11 08:02:57 | 000,008,192 | ---- | C] () -- C:\shldr.mbr
[2015/02/11 06:57:12 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2015/02/11 06:56:49 | 000,001,087 | ---- | C] () -- C:\Users\Guitar\Desktop\SpyHunter.lnk
[2015/02/11 06:54:21 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2015/01/13 11:51:23 | 000,000,540 | ---- | C] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2404089428-2033709462-2392081876-1000.job
[2015/01/12 16:15:05 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/01/12 16:13:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/11/27 18:43:34 | 000,003,929 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2014/05/02 09:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/05/02 08:39:07 | 000,000,044 | ---- | C] () -- C:\Windows\XP-410.ini
[2013/12/09 10:14:41 | 000,012,288 | ---- | C] () -- C:\Users\Guitar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/08 16:34:51 | 000,000,094 | ---- | C] () -- C:\Users\Guitar\AppData\Local\fusioncache.dat
[2013/10/07 18:05:33 | 000,207,029 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/10/07 16:59:40 | 000,915,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/02 08:41:22 | 000,000,000 | ---D | M] -- C:\Users\Guitar\AppData\Roaming\Acer
[2014/09/30 17:15:24 | 000,000,000 | ---D | M] -- C:\Users\Guitar\AppData\Roaming\Dropbox
[2015/02/11 06:56:56 | 000,000,000 | ---D | M] -- C:\Users\Guitar\AppData\Roaming\Enigma Software Group
[2014/05/06 16:13:23 | 000,000,000 | ---D | M] -- C:\Users\Guitar\AppData\Roaming\Epson
[2014/01/27 18:47:43 | 000,000,000 | ---D | M] -- C:\Users\Guitar\AppData\Roaming\IrfanView
[2014/05/02 08:41:03 | 000,000,000 | ---D | M] -- C:\Users\Guitar\AppData\Roaming\Leader Technologies
[2014/05/02 08:39:11 | 000,000,000 | ---D | M] -- C:\Users\Guitar\AppData\Roaming\Leadertech
[2013/10/08 10:05:39 | 000,000,000 | ---D | M] -- C:\Users\Guitar\AppData\Roaming\Product_RM
[2013/12/18 17:49:40 | 000,000,000 | ---D | M] -- C:\Users\Guitar\AppData\Roaming\Registry Mechanic
[2013/10/07 10:09:45 | 000,000,000 | ---D | M] -- C:\Users\Guitar\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
 


  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Virus, Spyware, Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

When trying to download WSE from the Microsoft site, it identifies the PC as running Windows XP (it is running Windows 7) and won't allow the download.

Intriguing as OTL denotes the system as a 64bit-Windows XP Service Pack 2. Was the machine updated from this originally ? Also Try both of the below:

Which Windows operating system am I running?

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

And let myself know the results please, plus run the below scan for myself...

Download/run Rkill:

(If one fails to work delete it and download/try another):

One, Two,Three, Four or Five
  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Post the log created, found on the desktop rkill.txt. in your next reply.
  • Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • 0

#3
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hi

 

 


When trying to download WSE from the Microsoft site, it identifies the PC as running Windows XP (it is running Windows 7) and won't allow the download.

Intriguing as OTL denotes the system as a 64bit-Windows XP Service Pack 2. Was the machine updated from this originally ? Also Try both of the below:

Which Windows operating system am I running?

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

And let myself know the results please, plus run the below scan for myself...

 

 

Hi Dakeyras, thanks so much for the help.  This computer came with Windows 7 installed on it.   Our documents and files were transferred to it by an IT service company from an XP hard drive.

 

When clicking the "Which Windows operating system am I running" link, it says:  This PC is running: Windows XP

 

When clicking the second link, it tells me I am running a 64-bit system.  If I do a manual check of the PC, it is running Windows 7, Service Pack 1, 64-bit.

 

Here is the Rkill log:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 02/11/2015 02:21:18 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 


  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

thanks so much for the help.

You're welcome!

This computer came with Windows 7 installed on it. Our documents and files were transferred to it by an IT service company from an XP hard drive.

When clicking the "Which Windows operating system am I running" link, it says: This PC is running: Windows XP

When clicking the second link, it tells me I am running a 64-bit system. If I do a manual check of the PC, it is running Windows 7, Service Pack 1, 64-bit.

Acknowledged, at this stage the root source could be malware and or the incorrect removal by ZoneAlarm possibly as the aforementioned is far from effective in my humble opinion.

Anyway lets proceed as follows shall we so I can better ascertain the root cause as follows...

Scan with aswMBR:

Please download aswMBR to your desktop.

Alternate downloads are here and here.
  • Right-click on aswMBR.exe and select Run as Administrator to launch the application.
  • If a prompt stating: The computer supports "Virtualization Technology" appears >> select Yes
  • When prompted with: The application can use the Avast! Free Antivirus for scanning >> select Yes
  • The Avast! virus definitions database will automatically be downloaded. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once it has downloaded >> ensure the option next to AV scan: >> QuickScan is selected only. It should be by default.
  • Now click on the Scan button to start the scan.
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
  • Click on Exit.
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit] to to your desktop.
  • Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
  • After the tool has checked for any updates/backed up the registry etc and The tool is ready to use is denoted:-
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
Next:

When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any further symptoms and or problems encountered ?
  • aswMBR Log.
  • Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#5
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I would like to double check something before proceeding, please.  My husband downloaded and installed AVG (free version) after I made my initial post because he needs the computer for his business and was nervous about not having anti-virus installed.  Is it ok to run the Avast scan while AVG is installed and active?


  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

My husband downloaded and installed AVG (free version) after I made my initial post because he needs the computer for his business and was nervous about not having anti-virus installed.

If I may refer to a portion of a prior post of mine:-

Refrain from running self fixes as this will hinder the malware removal process.

A good reason I advise such, plus by business please elaborate as I personally(nor this forum) do not provide Anti-Malware support for machines used for business purposes unless extenuating circumstances so please elaborate upon this.

Is it ok to run the Avast scan while AVG is installed and active?

Aye indeed it is, though AVG is not exactly a good option and no doubt third party dross installed by it but we can address all in due course.
  • 0

#7
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Yeah, sorry, he installed it before we got that instruction.  We promise not to do anything more.  As for using the computer for his business, I meant that he sometimes answers business emails in the evening or the weekend.  It is his personal computer.

 

We don't seem to be very good at picking antivirus software :)

 

I'll run the scans and post the results.


  • 0

#8
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

There isn't any change to how the computer is running (it seems to be running fine) but the previous slow speeds and "extra hard drive" noise were sporadic before.

 

 

axwMBR scan result:

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-02-11 15:44:12
-----------------------------
15:44:12.080    OS Version: Windows x64 6.1.7601 Service Pack 1
15:44:12.080    Number of processors: 4 586 0x3A09
15:44:12.081    ComputerName: GUITAR-PC  UserName: Guitar
15:44:13.172    Initialize success
15:44:13.317    VM: initialized successfully
15:44:13.318    VM: Intel CPU supported
15:44:16.044    VM: supported disk I/O ataport.SYS
15:51:05.082    AVAST engine defs: 15021101
15:51:21.976    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:51:21.976    Disk 0 Vendor: ST250DM000-1BD141 KC47 Size: 238475MB BusType: 11
15:51:22.070    VM: Disk 0 MBR read successfully
15:51:22.070    Disk 0 MBR scan
15:51:22.086    Disk 0 Windows 7 default MBR code
15:51:22.101    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
15:51:22.101    Disk 0 default boot code
15:51:22.117    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       238373 MB offset 206848
15:51:22.148    Disk 0 scanning C:\Windows\system32\drivers
15:51:32.397    Service scanning
15:51:56.937    Modules scanning
15:51:57.265    Disk 0 trace - called modules:
15:51:57.296    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:51:57.312    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004791060]
15:51:57.312    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004074060]
15:51:58.497    AVAST engine scan C:\Windows
15:52:00.291    AVAST engine scan C:\Windows\system32
15:56:30.152    AVAST engine scan C:\Windows\system32\drivers
15:56:50.136    AVAST engine scan C:\Users\Guitar
16:09:39.921    AVAST engine scan C:\ProgramData
16:13:18.010    Disk 0 statistics 4405527/0/18 @ 2.75 MB/s
16:13:18.025    Scan stopped
16:13:53.142    Disk 0 MBR has been saved successfully to "C:\Users\Guitar\Desktop\MBR.dat"
16:13:53.142    The log file has been saved successfully to "C:\Users\Guitar\Desktop\aswMBR.txt"

 


Edited by Dazed&Confused, 11 February 2015 - 05:28 PM.

  • 0

#9
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

FRST Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Guitar at 2015-02-11 16:17:42
Running from C:\Users\Guitar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat  9 Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4284 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZzle (HKLM-x32\...\DAZzle) (Version:  - )
Dell System Detect (HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-410 User's Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-410 User's Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
GoToMeeting 6.4.12.2331 (HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\...\GoToMeeting) (Version: 6.4.12.2331 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (SHIPWORKS) (HKLM-x32\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
ShipWorks® 2.9.73 (HKLM-x32\...\ShipWorks_is1) (Version: 2.9.73 - Interapptive®, Inc.)
ShipWorks® 3.9.6.6889 (HKLM\...\{CA3940B9-E534-4144-8E08-C6625A9D9DB2}_is1) (Version: 3.9.6.6889 - Interapptive®, Inc.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
ZoneAlarm Antivirus (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2404089428-2033709462-2392081876-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Guitar\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2404089428-2033709462-2392081876-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2404089428-2033709462-2392081876-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Guitar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2404089428-2033709462-2392081876-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Guitar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2404089428-2033709462-2392081876-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Guitar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2404089428-2033709462-2392081876-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Guitar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2404089428-2033709462-2392081876-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Guitar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-02-2015 08:34:05 Windows Update
06-02-2015 16:52:22 Windows Update
10-02-2015 08:37:05 Windows Update
11-02-2015 08:25:55 Windows Update
11-02-2015 08:51:24 Installed Microsoft Fix it 50981
11-02-2015 10:21:31 Windows Backup
11-02-2015 13:41:47 Installed AVG 2015
11-02-2015 13:42:20 Installed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F1DFA0F-9A13-486A-ABB9-75D8976491D0} - System32\Tasks\EPSON XP-410 Series Update {CBD881FB-6534-4107-912B-3F850E014EAA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {216B8931-EDCF-430A-A42F-C79861240F30} - System32\Tasks\{B77CCD62-67BC-4013-95F5-A6A72E56C0FE} => Firefox.exe
Task: {25013580-8DFF-484F-8CFC-A2758D06B854} - System32\Tasks\G2MUpdateTask-S-1-5-21-2404089428-2033709462-2392081876-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\2331\g2mupdate.exe [2015-02-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6B70F4B3-EECD-4E13-BD39-8C0EBEAE0ECA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {93AF5C6C-0B45-414E-A988-38BADE96A4C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {9EF53E35-1545-4E41-AACF-F5EF7949B4B5} - System32\Tasks\EPSON XP-410 Series Invitation {CBD881FB-6534-4107-912B-3F850E014EAA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {A3B6A73E-5BD0-4EEF-9154-27DB8655E4B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B9D7A167-393C-488D-9955-58B0BA079D93} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2012-08-21] (PC Tools)
Task: {D619EFDD-1BEC-4D1A-8848-7A063EC9D28C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EC8ACBF0-0C57-439C-A585-3F9EFB543C86} - System32\Tasks\{5BCB3FA4-E271-4E8E-9D07-DCBC71E2C31A} => Firefox.exe
Task: {FF1C2103-4BF7-4252-9307-C0A07A6EFCE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-410 Series Invitation {CBD881FB-6534-4107-912B-3F850E014EAA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\EPSON XP-410 Series Update {CBD881FB-6534-4107-912B-3F850E014EAA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2404089428-2033709462-2392081876-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\2331\g2mupdate.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-19 06:29 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-19 18:02 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-09 09:08 - 2014-10-15 10:22 - 00148992 _____ () C:\Program Files\ShipWorks\RestSharp.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-26 20:17 - 2015-01-26 20:17 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\Guitar\Documents\Dyna-ST70.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Guitar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2404089428-2033709462-2392081876-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2404089428-2033709462-2392081876-1005 - Limited - Enabled)
Guest (S-1-5-21-2404089428-2033709462-2392081876-501 - Limited - Disabled)
Guitar (S-1-5-21-2404089428-2033709462-2392081876-1000 - Administrator - Enabled) => C:\Users\Guitar
HomeGroupUser$ (S-1-5-21-2404089428-2033709462-2392081876-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2015 02:10:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 02:09:59 PM) (Source: MSSQL$SHIPWORKS) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0

Error: (02/11/2015 09:10:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 09:09:41 AM) (Source: MSSQL$SHIPWORKS) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0

Error: (02/11/2015 09:06:54 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Guitar-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (02/11/2015 08:35:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 08:34:46 AM) (Source: MSSQL$SHIPWORKS) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0

Error: (02/11/2015 08:23:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpyHunter4.exe version 4.18.9.4384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 698

Start Time: 01d0460d9918d3b4

Termination Time: 16

Application Path: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

Report Id: dca484df-b201-11e4-814e-a41f7284d306

Error: (02/11/2015 08:17:35 AM) (Source: MSSQL$SHIPWORKS) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0

Error: (02/11/2015 08:17:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/11/2015 02:10:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/11/2015 02:09:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%2

Error: (02/11/2015 02:05:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (02/11/2015 01:29:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esgiguard service failed to start due to the following error:
%%2

Error: (02/11/2015 01:28:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esgiguard service failed to start due to the following error:
%%2

Error: (02/11/2015 01:28:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esgiguard service failed to start due to the following error:
%%2

Error: (02/11/2015 01:18:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esgiguard service failed to start due to the following error:
%%2

Error: (02/11/2015 01:18:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esgiguard service failed to start due to the following error:
%%2

Error: (02/11/2015 01:18:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esgiguard service failed to start due to the following error:
%%2

Error: (02/11/2015 00:36:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 2 time(s).


Microsoft Office Sessions:
=========================
Error: (02/11/2015 02:10:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 02:09:59 PM) (Source: MSSQL$SHIPWORKS) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0

Error: (02/11/2015 09:10:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 09:09:41 AM) (Source: MSSQL$SHIPWORKS) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0

Error: (02/11/2015 09:06:54 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Guitar-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (02/11/2015 08:35:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 08:34:46 AM) (Source: MSSQL$SHIPWORKS) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0

Error: (02/11/2015 08:23:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpyHunter4.exe4.18.9.438469801d0460d9918d3b416C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exedca484df-b201-11e4-814e-a41f7284d306

Error: (02/11/2015 08:17:35 AM) (Source: MSSQL$SHIPWORKS) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0

Error: (02/11/2015 08:17:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 58%
Total physical RAM: 3998.08 MB
Available physical RAM: 1643.68 MB
Total Pagefile: 7994.35 MB
Available Pagefile: 5146.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:170.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: FC026294)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#10
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Guitar (administrator) on GUITAR-PC on 11-02-2015 16:16:52
Running from C:\Users\Guitar\Desktop
Loaded Profiles: Guitar (Available profiles: Guitar)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS3\MSSQL\Binn\sqlservr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Interapptive®, Inc.) C:\Program Files\ShipWorks\ShipWorks.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShipWorksScheduler$CA3940B9E53441448E08C6625A9D9DB2] => C:\Program Files\ShipWorks\ShipWorks.exe [22757520 2014-10-15] (Interapptive®, Inc.)
HKLM\...\Run: [SpyHunter Security Suite] => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [7580544 2015-02-11] (Enigma Software Group USA, LLC.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-02] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2404089428-2033709462-2392081876-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default
FF DefaultSearchEngine: Google
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2404089428-2033709462-2392081876-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Guitar\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\user.js
FF SearchPlugin: C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\searchplugins\startpage-custom-search.xml
FF SearchPlugin: C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\searchplugins\zonealarm.xml
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-07]
FF HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-02-10] (Macrovision Europe Ltd.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MSSQL$SHIPWORKS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
R2 MSSQL$SHIPWORKS3; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS3\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-11] (Enigma Software Group USA, LLC.)
S3 SQLAgent$SHIPWORKS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S4 SQLAgent$SHIPWORKS3; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS3\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-11] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-06-11] (Kaspersky Lab ZAO)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U2 TMAgent; No ImagePath
U3 aswMBR; \??\C:\Users\Guitar\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Guitar\AppData\Local\Temp\aswVmm.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgdiska.sys 54FE1CAFA3B3029B282E6A05EA672031
C:\Windows\System32\DRIVERS\avgidsdrivera.sys A3124AC9C0AF30ABD000A7CB5779C101
C:\Windows\System32\DRIVERS\avgidsha.sys 68070AEEE757ACC6EC5BC291B1E8EA1A
C:\Windows\System32\DRIVERS\avgldx64.sys 7C9E8FD2BFCE60BDF9B5944C0BE47C87
C:\Windows\System32\DRIVERS\avgloga.sys 734DCC05A7F327FDCE43A18BA011FD4E
C:\Windows\System32\DRIVERS\avgmfx64.sys B4D589C734D796B5B76E0A0E5DA50397
C:\Windows\System32\DRIVERS\avgrkx64.sys 3CE824D46BA1871713ABF147E6BAD556
C:\Windows\System32\DRIVERS\avgtdia.sys 0BB7ECAC81554D83A66A0B9F961BB9D0
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys E45CDE1C8340DFEDF1D6724263F39E5B
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\EsgScanner.sys 3B32CAA07D672F8A2E0DF5CB3A873F45
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 8DE1B4F579F8F8897409856F3BB7A7D2
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 348214F96642FD4FEF630DE021BA3540
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys CAA8BC6737DFA3BF1A50175CFB226788
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 1C6256096A341051509D36AD724830BE
C:\Windows\System32\DRIVERS\klif.sys 33730023A37E259AB26F25C164BC2471
C:\Windows\System32\Drivers\ksecdd.sys C60C6B9A2E50B0404F6789C62B428C03
C:\Windows\System32\Drivers\ksecpkg.sys 78D152A9FD5747FF6AA89C79F0346F62
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D
C:\Windows\system32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RsFx0153.sys 8415D92661B147BA54BE05AD18B82186
C:\Windows\System32\DRIVERS\RsFx0200.sys 5AA85332CB1694871B2F0704E0FC9113
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 61A04C0C084D560BBEF1D09604608262
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 16:16 - 2015-02-11 16:17 - 00033982 _____ () C:\Users\Guitar\Desktop\FRST.txt
2015-02-11 16:16 - 2015-02-11 16:16 - 00000000 ____D () C:\FRST
2015-02-11 16:14 - 2015-02-11 16:14 - 02134016 _____ (Farbar) C:\Users\Guitar\Desktop\FRST64.exe
2015-02-11 16:13 - 2015-02-11 16:13 - 00002079 _____ () C:\Users\Guitar\Desktop\aswMBR.txt
2015-02-11 16:13 - 2015-02-11 16:13 - 00000512 _____ () C:\Users\Guitar\Desktop\MBR.dat
2015-02-11 15:43 - 2015-02-11 15:43 - 05200384 _____ (AVAST Software) C:\Users\Guitar\Desktop\aswmbr.exe
2015-02-11 14:19 - 2015-02-11 14:21 - 00001666 _____ () C:\Users\Guitar\Desktop\Rkill.txt
2015-02-11 13:44 - 2015-02-11 13:44 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\AVG2015
2015-02-11 13:43 - 2015-02-11 13:43 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-11 13:43 - 2015-02-11 13:43 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\TuneUp Software
2015-02-11 13:43 - 2015-02-11 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-11 13:42 - 2015-02-11 13:44 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-11 13:42 - 2015-02-11 13:42 - 00000000 ___HD () C:\$AVG
2015-02-11 13:42 - 2015-02-11 13:42 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-02-11 13:31 - 2015-02-11 16:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-11 13:31 - 2015-02-11 14:03 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Avg2015
2015-02-11 13:31 - 2015-02-11 13:31 - 00000000 ____D () C:\Users\Guitar\AppData\Local\MFAData
2015-02-11 08:05 - 2015-02-11 08:05 - 00000952 _____ () C:\sh4_service.log
2015-02-11 08:02 - 2015-02-11 06:56 - 00285747 _____ () C:\shldr
2015-02-11 08:02 - 2015-02-11 06:56 - 00008192 _____ () C:\shldr.mbr
2015-02-11 06:57 - 2015-02-11 06:57 - 00000000 _____ () C:\autoexec.bat
2015-02-11 06:56 - 2015-02-11 06:56 - 00001087 _____ () C:\Users\Guitar\Desktop\SpyHunter.lnk
2015-02-11 06:56 - 2015-02-11 06:56 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-02-11 06:56 - 2015-02-11 06:56 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Enigma Software Group
2015-02-11 06:56 - 2015-02-11 06:56 - 00000000 ____D () C:\sh4ldr
2015-02-11 06:54 - 2015-02-11 06:54 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-11 06:54 - 2015-02-11 06:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-11 06:44 - 2015-02-03 20:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 06:44 - 2015-02-03 20:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 06:44 - 2015-02-03 20:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 06:44 - 2015-02-03 20:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 06:44 - 2015-02-03 20:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 06:44 - 2015-02-03 20:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 06:44 - 2015-02-03 20:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 06:44 - 2015-01-27 16:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 06:44 - 2015-01-13 22:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 06:44 - 2015-01-13 22:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 06:44 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 06:44 - 2015-01-11 20:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 06:44 - 2015-01-11 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 06:44 - 2015-01-11 19:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 06:44 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 06:44 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 06:44 - 2015-01-11 19:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 06:44 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 06:44 - 2015-01-11 19:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 06:44 - 2015-01-11 19:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 06:44 - 2015-01-11 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 06:44 - 2015-01-11 19:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 06:44 - 2015-01-11 19:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 06:44 - 2015-01-11 19:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 06:44 - 2015-01-11 19:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 06:44 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 06:44 - 2015-01-11 19:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 06:44 - 2015-01-11 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 06:44 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 06:44 - 2015-01-11 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 06:44 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 06:44 - 2015-01-11 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 06:44 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 06:44 - 2015-01-11 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 06:44 - 2015-01-11 19:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 06:44 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 06:44 - 2015-01-11 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 06:44 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 06:44 - 2015-01-11 19:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 06:44 - 2015-01-11 18:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 06:44 - 2015-01-11 18:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 06:44 - 2015-01-11 18:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 06:44 - 2015-01-11 18:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 06:44 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 06:44 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 06:44 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 06:44 - 2015-01-11 18:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 06:44 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 06:44 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 06:44 - 2015-01-11 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 06:44 - 2015-01-11 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 06:44 - 2015-01-11 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 06:44 - 2015-01-11 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 06:44 - 2015-01-11 18:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 06:44 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 06:44 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 06:44 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 06:44 - 2015-01-11 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 06:44 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 06:44 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 06:44 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 06:44 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 06:44 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 06:44 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 06:44 - 2015-01-09 23:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 06:44 - 2015-01-09 23:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 06:44 - 2015-01-09 23:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 06:44 - 2015-01-09 23:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 06:44 - 2015-01-09 23:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 06:44 - 2015-01-09 23:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 06:44 - 2015-01-09 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 06:44 - 2015-01-09 23:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 06:44 - 2015-01-09 23:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 06:44 - 2015-01-09 23:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 06:44 - 2015-01-09 23:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 06:44 - 2015-01-09 23:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 06:44 - 2015-01-09 23:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 06:44 - 2015-01-09 23:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 06:41 - 2015-01-15 01:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 06:41 - 2015-01-15 01:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 06:41 - 2015-01-15 01:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 06:41 - 2015-01-15 01:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 06:41 - 2015-01-15 01:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 06:41 - 2015-01-15 01:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 06:41 - 2015-01-15 01:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 06:41 - 2015-01-15 01:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 06:41 - 2015-01-15 01:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 06:41 - 2015-01-15 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 06:41 - 2015-01-15 01:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 06:41 - 2015-01-15 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 06:41 - 2015-01-15 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 06:41 - 2015-01-15 00:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 06:41 - 2015-01-15 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 06:41 - 2015-01-15 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 06:41 - 2015-01-15 00:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 06:41 - 2015-01-14 21:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 06:41 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 06:41 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 06:41 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 06:41 - 2015-01-12 20:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 06:41 - 2015-01-12 19:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 06:41 - 2014-12-11 22:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 06:41 - 2014-12-11 22:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 06:41 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 06:41 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 06:41 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 06:41 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 06:41 - 2014-10-03 19:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 06:41 - 2014-10-03 18:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 06:41 - 2014-10-03 18:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 06:40 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 06:40 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 06:40 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 06:40 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 06:40 - 2015-01-08 19:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 01:04 - 2015-02-11 01:04 - 00002451 _____ () C:\spyhunter.log
2015-01-26 20:17 - 2015-01-26 20:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 12:37 - 2015-01-14 13:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-14 08:41 - 2014-12-11 10:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:40 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:40 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:40 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:40 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:40 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 11:51 - 2015-02-11 15:21 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2404089428-2033709462-2392081876-1000.job
2015-01-13 11:51 - 2015-02-11 12:22 - 00003574 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2404089428-2033709462-2392081876-1000
2015-01-13 11:51 - 2015-01-13 11:51 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-01-13 11:50 - 2015-01-13 11:51 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Citrix
2015-01-12 16:15 - 2015-01-12 17:50 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Apple Computer
2015-01-12 16:15 - 2015-01-12 16:15 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-12 16:15 - 2015-01-12 16:15 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Apple Computer
2015-01-12 16:15 - 2015-01-12 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-12 16:14 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-12 16:13 - 2015-01-12 16:14 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-12 16:13 - 2015-01-12 16:14 - 00000000 ____D () C:\Program Files\iTunes
2015-01-12 16:13 - 2015-01-12 16:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-12 16:13 - 2015-01-12 16:13 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-12 16:13 - 2015-01-12 16:13 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-12 16:13 - 2015-01-12 16:13 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Apple
2015-01-12 16:13 - 2015-01-12 16:13 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-12 16:13 - 2015-01-12 16:13 - 00000000 ____D () C:\Program Files\iPod
2015-01-12 16:13 - 2015-01-12 16:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-12 16:12 - 2015-01-12 16:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-12 16:12 - 2015-01-12 16:12 - 00000000 ____D () C:\ProgramData\Apple
2015-01-12 16:12 - 2015-01-12 16:12 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-12 16:12 - 2015-01-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 16:07 - 2013-10-04 15:03 - 01824756 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 15:36 - 2014-05-02 08:36 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {CBD881FB-6534-4107-912B-3F850E014EAA}.job
2015-02-11 15:36 - 2014-05-02 08:36 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {CBD881FB-6534-4107-912B-3F850E014EAA}.job
2015-02-11 15:21 - 2013-10-08 09:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 14:34 - 2009-07-13 21:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 14:34 - 2009-07-13 21:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 14:10 - 2013-10-08 10:08 - 00000304 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2015-02-11 14:10 - 2013-10-08 10:05 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-11 14:09 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 14:09 - 2009-07-13 21:51 - 00091931 _____ () C:\Windows\setupact.log
2015-02-11 13:27 - 2013-10-04 15:16 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-11 12:32 - 2013-10-09 14:17 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-02-11 10:24 - 2009-07-13 22:13 - 00923308 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 10:19 - 2014-01-27 08:52 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{01DB0E51-E110-431D-AA22-85048DC1E32D}
2015-02-11 09:09 - 2013-10-04 15:15 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Deployment
2015-02-11 09:06 - 2013-10-07 10:11 - 00002150 _____ () C:\Windows\epplauncher.mif
2015-02-11 08:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Registration
2015-02-11 08:34 - 2009-07-13 21:45 - 00327152 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 08:32 - 2014-12-10 11:50 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 08:32 - 2014-05-05 22:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 08:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 08:30 - 2013-10-04 16:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 08:27 - 2013-10-04 16:04 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 08:15 - 2010-11-20 20:47 - 00168278 _____ () C:\Windows\PFRO.log
2015-02-11 08:02 - 2013-10-07 16:48 - 00000000 ____D () C:\Users\Guitar\AppData\Local\cache
2015-02-06 16:55 - 2013-10-07 16:59 - 00915430 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-05 11:21 - 2013-10-08 09:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 11:21 - 2013-10-08 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 11:21 - 2013-10-08 09:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 13:18 - 2009-07-13 22:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-31 12:53 - 2013-10-09 09:08 - 00000814 _____ () C:\Users\Guitar\Desktop\ShipWorks.lnk
2015-01-31 12:53 - 2013-10-07 18:02 - 00000807 _____ () C:\Users\Public\Desktop\dazzle.lnk
2015-01-26 23:55 - 2013-10-07 10:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-17 09:37 - 2013-10-07 18:11 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\HpUpdate
2015-01-14 22:23 - 2014-11-27 18:43 - 00003929 ____H () C:\Windows\SysWOW64\BTImages.dat
2015-01-13 22:17 - 2013-12-09 10:14 - 00012288 _____ () C:\Users\Guitar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2013-12-09 10:14 - 2015-01-13 22:17 - 0012288 _____ () C:\Users\Guitar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-08 16:34 - 2013-10-08 16:34 - 0000094 _____ () C:\Users\Guitar\AppData\Local\fusioncache.dat
2013-10-07 18:05 - 2013-10-07 18:24 - 0000782 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 12:05

==================== End Of Log ============================


  • 0

Advertisements


#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Yeah, sorry, he installed it before we got that instruction. We promise not to do anything more. As for using the computer for his business, I meant that he sometimes answers business emails in the evening or the weekend. It is his personal computer.

Acknowledged and thank you for the explanation.

We don't seem to be very good at picking antivirus software :)

In due course we will check if say either Avast or MSE can be installed for example. Now nothing overtly malicious is standing out so I propose we perform a rollback using system restore to a time before the current problems.

Invoke a SR Point:

Please visit this page for instructions if not sure how to use system restore:-

Restore system files and settings

And scroll down to:-

To restore system files and settings using a specific restore point

Follow the instructions to perform a system restore using to the following date/time on your machine:-
 
03-02-2015 08:34:05 Windows Update

aswMBR and FRST:

Referring to my prior instructions in post #4, download and scan with both please and in turn post the logs for my review. We will then go from there, thank you.
  • 0

#12
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I am not able to go back that far.  The oldest restore point I have available is 2/6/15 at 4:52:22.  I have checked the box to show additional restore points and that is all that shows.


  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I am not able to go back that far. The oldest restore point I have available is 2/6/15 at 4:52:22. I have checked the box to show additional restore points and that is all that shows.

Fair play, try to invoke that one then please.
  • 0

#14
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Ok, system restored to 2/6/15.

 

aswMBR scan log:

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-02-16 09:19:49
-----------------------------
09:19:49.855    OS Version: Windows x64 6.1.7601 Service Pack 1
09:19:49.856    Number of processors: 4 586 0x3A09
09:19:49.857    ComputerName: GUITAR-PC  UserName: Guitar
09:20:10.442    Initialize success
09:20:10.512    VM: initialized successfully
09:20:10.512    VM: Intel CPU supported
09:20:36.315    VM: supported disk I/O ataport.SYS
09:27:58.108    AVAST engine defs: 15021600
09:29:34.267    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:29:34.267    Disk 0 Vendor: ST250DM000-1BD141 KC47 Size: 238475MB BusType: 11
09:29:34.454    VM: Disk 0 MBR read successfully
09:29:34.470    Disk 0 MBR scan
09:29:34.470    Disk 0 Windows 7 default MBR code
09:29:34.486    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
09:29:34.501    Disk 0 default boot code
09:29:34.517    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       238373 MB offset 206848
09:29:34.673    Disk 0 scanning C:\Windows\system32\drivers
09:30:12.706    Service scanning
09:31:52.640    Modules scanning
09:31:52.640    Disk 0 trace - called modules:
09:31:52.672    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:31:52.672    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800478e060]
09:31:52.672    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040a31b0]
09:32:10.939    AVAST engine scan C:\Windows
09:32:27.241    AVAST engine scan C:\Windows\system32
09:40:32.282    AVAST engine scan C:\Windows\system32\drivers
09:41:04.730    AVAST engine scan C:\Users\Guitar
09:55:43.281    AVAST engine scan C:\ProgramData
09:58:37.705    Disk 0 statistics 4454282/0/18 @ 1.82 MB/s
09:58:37.705    Scan stopped
09:59:02.493    Disk 0 MBR has been saved successfully to "C:\Users\Guitar\Desktop\MBR.dat"
09:59:02.493    The log file has been saved successfully to "C:\Users\Guitar\Desktop\aswMBR.txt"
09:59:29.598    Disk 0 MBR has been saved successfully to "C:\Users\Guitar\Desktop\MBR.dat"
09:59:29.598    The log file has been saved successfully to "C:\Users\Guitar\Desktop\aswMBR-2.16.15.txt"

 


  • 0

#15
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Guitar (administrator) on GUITAR-PC on 16-02-2015 10:26:06
Running from C:\Users\Guitar\Desktop
Loaded Profiles: Guitar (Available profiles: Guitar)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS3\MSSQL\Binn\sqlservr.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Interapptive®, Inc.) C:\Program Files\ShipWorks\ShipWorks.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dell) C:\Users\Guitar\AppData\Local\Apps\2.0\WQC9T2BM.JWG\E1RK7VDV.MY8\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShipWorksScheduler$CA3940B9E53441448E08C6625A9D9DB2] => C:\Program Files\ShipWorks\ShipWorks.exe [22757520 2014-10-15] (Interapptive®, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\...\Run: [DellSystemDetect] => C:\Users\Guitar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-02] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2404089428-2033709462-2392081876-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2404089428-2033709462-2392081876-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Guitar\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\user.js
FF SearchPlugin: C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\searchplugins\startpage-custom-search.xml
FF SearchPlugin: C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\searchplugins\zonealarm.xml
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-07]
FF HKU\S-1-5-21-2404089428-2033709462-2392081876-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\Guitar\AppData\Roaming\Mozilla\Firefox\Profiles\d3jx9paj.default\extensions\[email protected] [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-02-10] (Macrovision Europe Ltd.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$SHIPWORKS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
R2 MSSQL$SHIPWORKS3; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS3\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SQLAgent$SHIPWORKS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S4 SQLAgent$SHIPWORKS3; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS3\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-06-11] (Kaspersky Lab ZAO)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
U2 TMAgent; No ImagePath
U3 aswMBR; \??\C:\Users\Guitar\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Guitar\AppData\Local\Temp\aswVmm.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 8DE1B4F579F8F8897409856F3BB7A7D2
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 348214F96642FD4FEF630DE021BA3540
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys CAA8BC6737DFA3BF1A50175CFB226788
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 1C6256096A341051509D36AD724830BE
C:\Windows\System32\DRIVERS\klif.sys 33730023A37E259AB26F25C164BC2471
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6439D1E559D08BD8A1465A8943357053
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D
C:\Windows\system32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RsFx0153.sys 8415D92661B147BA54BE05AD18B82186
C:\Windows\System32\DRIVERS\RsFx0200.sys 5AA85332CB1694871B2F0704E0FC9113
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 61A04C0C084D560BBEF1D09604608262
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsdatant.sys 8F1E531D36D95B0586DA00D546AB8B9A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 10:00 - 2015-02-16 10:00 - 02085888 _____ (Farbar) C:\Users\Guitar\Desktop\FRST64.exe
2015-02-16 09:59 - 2015-02-16 09:59 - 00002278 _____ () C:\Users\Guitar\Desktop\aswMBR-2.16.15.txt
2015-02-16 09:18 - 2015-02-16 09:18 - 05200384 _____ (AVAST Software) C:\Users\Guitar\Desktop\aswmbr.exe
2015-02-11 16:17 - 2015-02-11 16:18 - 00028805 _____ () C:\Users\Guitar\Desktop\Addition.txt
2015-02-11 16:16 - 2015-02-16 10:26 - 00032397 _____ () C:\Users\Guitar\Desktop\FRST.txt
2015-02-11 16:16 - 2015-02-16 10:26 - 00000000 ____D () C:\FRST
2015-02-11 16:13 - 2015-02-16 09:59 - 00004158 _____ () C:\Users\Guitar\Desktop\aswMBR.txt
2015-02-11 16:13 - 2015-02-16 09:59 - 00000512 _____ () C:\Users\Guitar\Desktop\MBR.dat
2015-02-11 14:19 - 2015-02-11 14:21 - 00001666 _____ () C:\Users\Guitar\Desktop\Rkill.txt
2015-02-11 13:44 - 2015-02-11 13:44 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\AVG2015
2015-02-11 13:43 - 2015-02-11 13:43 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\TuneUp Software
2015-02-11 13:42 - 2015-02-16 09:05 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-11 13:42 - 2015-02-11 13:42 - 00000000 ___HD () C:\$AVG
2015-02-11 13:42 - 2015-02-11 13:42 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-02-11 13:31 - 2015-02-16 09:00 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-11 13:31 - 2015-02-11 14:03 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Avg2015
2015-02-11 13:31 - 2015-02-11 13:31 - 00000000 ____D () C:\Users\Guitar\AppData\Local\MFAData
2015-02-11 08:05 - 2015-02-11 08:05 - 00000952 _____ () C:\sh4_service.log
2015-02-11 08:02 - 2015-02-11 06:56 - 00285747 _____ () C:\shldr
2015-02-11 08:02 - 2015-02-11 06:56 - 00008192 _____ () C:\shldr.mbr
2015-02-11 06:57 - 2015-02-11 06:57 - 00000000 _____ () C:\autoexec.bat
2015-02-11 06:56 - 2015-02-11 06:56 - 00000000 ____D () C:\sh4ldr
2015-02-11 06:54 - 2015-02-11 06:54 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-11 01:04 - 2015-02-11 01:04 - 00002451 _____ () C:\spyhunter.log
2015-01-26 20:17 - 2015-02-16 08:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 10:21 - 2015-01-13 11:51 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2404089428-2033709462-2392081876-1000.job
2015-02-16 10:21 - 2013-10-08 09:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-16 09:36 - 2014-05-02 08:36 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {CBD881FB-6534-4107-912B-3F850E014EAA}.job
2015-02-16 09:36 - 2014-05-02 08:36 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {CBD881FB-6534-4107-912B-3F850E014EAA}.job
2015-02-16 09:35 - 2013-10-04 15:03 - 01491692 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 09:21 - 2009-07-13 21:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 09:21 - 2009-07-13 21:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 09:19 - 2014-01-27 08:52 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{01DB0E51-E110-431D-AA22-85048DC1E32D}
2015-02-16 09:15 - 2013-10-04 15:15 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Deployment
2015-02-16 09:13 - 2013-10-08 10:08 - 00000304 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2015-02-16 09:13 - 2013-10-08 10:05 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-16 09:13 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 09:07 - 2014-11-24 13:32 - 00431396 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-02-16 09:06 - 2009-07-13 21:51 - 00090127 _____ () C:\Windows\setupact.log
2015-02-16 09:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\servicing
2015-02-16 09:02 - 2014-12-10 11:50 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-16 09:02 - 2014-05-05 22:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-16 09:02 - 2013-10-04 15:03 - 00000000 ____D () C:\Users\Guitar
2015-02-16 09:02 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-02-16 09:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-02-16 09:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-02-16 09:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-16 09:01 - 2013-10-07 17:52 - 00000000 ____D () C:\Windows\system32\1033
2015-02-16 09:00 - 2015-01-12 16:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-16 09:00 - 2015-01-12 16:12 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-16 09:00 - 2015-01-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-02-16 09:00 - 2014-11-24 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-02-16 09:00 - 2014-11-24 13:30 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Check Point Software Technologies LTD
2015-02-16 09:00 - 2014-11-24 13:30 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2015-02-16 09:00 - 2014-11-24 13:29 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2015-02-16 09:00 - 2013-10-09 14:17 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-02-16 09:00 - 2013-10-09 09:08 - 00000000 ____D () C:\Program Files\ShipWorks
2015-02-16 09:00 - 2013-10-07 16:48 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-02-16 09:00 - 2013-10-07 10:10 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-16 09:00 - 2013-10-07 10:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-16 09:00 - 2013-10-04 15:16 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-16 09:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-16 08:59 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-16 08:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-02-16 08:55 - 2013-10-07 18:10 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-16 08:55 - 2010-11-21 00:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-02-16 08:55 - 2010-11-21 00:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-02-16 08:55 - 2010-11-21 00:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-02-16 08:55 - 2010-11-21 00:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-02-16 08:55 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Web
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Vss
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-02-16 08:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-02-16 08:54 - 2013-10-08 09:17 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-16 08:54 - 2010-11-21 00:06 - 00000000 ____D () C:\Windows\system32\winrm
2015-02-16 08:54 - 2010-11-21 00:06 - 00000000 ____D () C:\Windows\system32\WCN
2015-02-16 08:54 - 2010-11-21 00:06 - 00000000 ____D () C:\Windows\system32\slmgr
2015-02-16 08:54 - 2010-11-21 00:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-02-16 08:54 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2015-02-16 08:54 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-02-16 08:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-02-16 08:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\spp
2015-02-16 08:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\spool
2015-02-16 08:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Speech
2015-02-16 08:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\SMI
2015-02-16 08:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-02-16 08:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NetworkList
2015-02-16 08:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-02-16 08:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-02-16 08:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\IME
2015-02-16 08:53 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\Performance
2015-02-16 08:53 - 2009-07-13 21:45 - 00000000 ____D () C:\Windows\Setup
2015-02-16 08:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-02-16 08:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\com
2015-02-16 08:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Speech
2015-02-16 08:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security
2015-02-16 08:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\schemas
2015-02-16 08:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Resources
2015-02-16 08:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PLA
2015-02-16 08:50 - 2013-10-21 18:53 - 00000000 ____D () C:\Windows\Hewlett-Packard
2015-02-16 08:50 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media
2015-02-16 08:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\IME
2015-02-16 08:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
2015-02-16 08:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Globalization
2015-02-16 08:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Branding
2015-02-16 08:48 - 2015-01-13 11:50 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Citrix
2015-02-16 08:48 - 2014-09-29 20:55 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Dropbox
2015-02-16 08:48 - 2014-05-02 08:40 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Epson
2015-02-16 08:48 - 2014-04-25 10:47 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Microsoft_Corporation
2015-02-16 08:48 - 2013-10-07 18:02 - 00000000 ____D () C:\Users\Public\Documents\Endicia
2015-02-16 08:48 - 2013-10-07 16:57 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Mozilla
2015-02-16 08:48 - 2013-10-07 10:07 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Thunderbird
2015-02-16 08:48 - 2013-10-07 10:06 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Mozilla
2015-02-16 08:48 - 2013-10-07 10:06 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Thunderbird
2015-02-16 08:48 - 2013-10-07 08:35 - 00000000 ____D () C:\Users\Public\Intuit
2015-02-16 08:48 - 2013-10-07 08:33 - 00000000 ____D () C:\Users\Guitar\Documents\Adobe
2015-02-16 08:48 - 2013-10-07 08:32 - 00000000 ____D () C:\Users\Guitar\Documents\TrendMicro_TIS-Pro_16.0_1412_x32_F
2015-02-16 08:48 - 2013-10-07 08:31 - 00000000 ____D () C:\Users\Guitar\Documents\TISPro1610_1063
2015-02-16 08:48 - 2013-10-07 08:27 - 00000000 ____D () C:\Users\Guitar\Documents\Downloaded Program Updates
2015-02-16 08:48 - 2013-10-04 16:23 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\Adobe
2015-02-16 08:48 - 2013-10-04 15:15 - 00000000 ____D () C:\Users\Guitar\AppData\Local\Apps\2.0
2015-02-16 08:48 - 2013-10-04 15:03 - 00000000 ___RD () C:\Users\Guitar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-16 08:48 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-02-16 08:48 - 2009-07-13 20:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-16 08:48 - 2009-07-13 20:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-16 08:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-16 08:47 - 2015-01-14 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-16 08:47 - 2015-01-13 11:51 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-02-16 08:47 - 2015-01-12 16:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-16 08:47 - 2015-01-12 16:13 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-16 08:47 - 2015-01-12 16:13 - 00000000 ____D () C:\Program Files\iTunes
2015-02-16 08:47 - 2015-01-12 16:13 - 00000000 ____D () C:\Program Files\iPod
2015-02-16 08:47 - 2015-01-12 16:12 - 00000000 ____D () C:\ProgramData\Apple
2015-02-16 08:47 - 2015-01-12 16:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-16 08:47 - 2014-11-24 13:29 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-02-16 08:47 - 2014-09-29 21:26 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-02-16 08:47 - 2014-09-29 19:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-16 08:47 - 2014-09-29 19:55 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-16 08:47 - 2014-09-29 19:54 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-02-16 08:47 - 2014-05-18 11:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-16 08:47 - 2014-05-18 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-16 08:47 - 2014-05-02 08:32 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-02-16 08:47 - 2014-05-02 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-02-16 08:47 - 2014-05-02 08:22 - 00000000 ____D () C:\ProgramData\EPSON
2015-02-16 08:47 - 2014-05-02 08:22 - 00000000 ____D () C:\Program Files\EpsonNet
2015-02-16 08:47 - 2014-05-02 08:22 - 00000000 ____D () C:\Program Files\EPSON
2015-02-16 08:47 - 2014-05-02 08:22 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-02-16 08:47 - 2014-05-02 08:22 - 00000000 ____D () C:\Program Files (x86)\EPSON
2015-02-16 08:47 - 2014-04-26 08:39 - 00000000 ____D () C:\Program Files\Java
2015-02-16 08:47 - 2014-04-25 10:44 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2015-02-16 08:47 - 2014-04-25 10:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2015-02-16 08:47 - 2014-04-25 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2015-02-16 08:47 - 2014-04-09 15:48 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-16 08:47 - 2014-01-06 17:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-16 08:47 - 2013-10-08 16:34 - 00000000 ____D () C:\Program Files (x86)\ShipWorks 2
2015-02-16 08:47 - 2013-10-08 10:06 - 00000000 ____D () C:\Program Files (x86)\PC Tools
2015-02-16 08:47 - 2013-10-07 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-16 08:47 - 2013-10-07 18:07 - 00000000 ____D () C:\Program Files (x86)\HP
2015-02-16 08:47 - 2013-10-07 18:05 - 00000000 ____D () C:\ProgramData\HP
2015-02-16 08:47 - 2013-10-07 18:01 - 00000000 ____D () C:\Program Files\Envelope Manager
2015-02-16 08:47 - 2013-10-07 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2015-02-16 08:47 - 2013-10-07 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2015-02-16 08:47 - 2013-10-07 17:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-16 08:47 - 2013-10-07 17:47 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-16 08:47 - 2013-10-07 17:42 - 00000000 ____D () C:\ProgramData\Interapptive
2015-02-16 08:47 - 2013-10-07 08:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-16 08:47 - 2013-10-07 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-16 08:47 - 2013-10-07 08:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-16 08:47 - 2013-10-04 15:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-16 08:47 - 2013-10-04 15:12 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-02-16 08:47 - 2013-10-04 15:07 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-16 08:47 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-16 08:47 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-02-16 08:47 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-16 08:47 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-02-16 08:47 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-02-16 08:47 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-02-16 08:47 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-02-16 08:47 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-02-16 08:47 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-02-16 08:47 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-02-16 08:47 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-16 08:47 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-16 08:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-02-16 08:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-16 08:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2015-02-16 08:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-02-16 08:46 - 2015-01-12 16:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-02-16 08:46 - 2014-01-06 17:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-16 08:46 - 2013-10-04 15:12 - 00000000 ____D () C:\Dell
2015-02-11 08:30 - 2013-10-04 16:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 08:02 - 2013-10-07 16:48 - 00000000 ____D () C:\Users\Guitar\AppData\Local\cache
2015-02-05 11:21 - 2013-10-08 09:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 11:21 - 2013-10-08 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 11:21 - 2013-10-08 09:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 13:18 - 2009-07-13 22:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-31 12:53 - 2013-10-09 09:08 - 00000814 _____ () C:\Users\Guitar\Desktop\ShipWorks.lnk
2015-01-31 12:53 - 2013-10-07 18:02 - 00000807 _____ () C:\Users\Public\Desktop\dazzle.lnk
2015-01-26 23:55 - 2013-10-07 10:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 13:07 - 2015-01-13 11:51 - 00003574 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2404089428-2033709462-2392081876-1000
2015-01-17 09:37 - 2013-10-07 18:11 - 00000000 ____D () C:\Users\Guitar\AppData\Roaming\HpUpdate

==================== Files in the root of some directories =======

2013-12-09 10:14 - 2015-01-13 22:17 - 0012288 _____ () C:\Users\Guitar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-08 16:34 - 2013-10-08 16:34 - 0000094 _____ () C:\Users\Guitar\AppData\Local\fusioncache.dat
2013-10-07 18:05 - 2013-10-07 18:24 - 0000782 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 09:28

==================== End Of Log ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP