Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

malware/spyware issues affecting browser and video [Solved]

Started by l3arefoot , Mar 20 2014 05:48 PM

This topic is locked

#1
l3arefoot

Posted 20 March 2014 - 05:48 PM

Member

Member
40 posts

Hi there!

My browser has been bogged down with malware . spyware. or a virus. Keep getting message that issues with websites have caused IE to open in new tab. videos have become unwatchable be cause of constant buffering. Additionally I have noticed that I occasionally get an incomplete menu when using the right button on the mouse to copy/paste. Weird. Any help is greatly appreciated!

OTL logfile created on: 3/20/2014 7:36:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bears\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 51.34% Memory free
6.99 Gb Paging File | 5.15 Gb Available in Paging File | 73.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 374.70 Gb Free Space | 80.47% Space Free | Partition Type: NTFS

Computer Name: BEARS-1B | User Name: Bears | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/20 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
PRC - [2014/03/20 18:14:58 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/20 18:14:58 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/20 18:14:50 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 20:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/21 05:59:48 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2011/04/23 19:50:29 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\wlanapp.dll
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/20 18:14:58 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/20 18:14:50 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/03/11 20:55:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/20 18:15:01 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/03/20 18:15:01 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/03/20 18:15:01 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/03/20 18:15:01 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/03/20 18:15:01 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/03/20 18:15:01 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/03/20 18:15:00 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/03/20 18:14:53 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/03/20 18:14:50 | 000,445,304 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2013/02/07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/02 03:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2014/03/20 18:32:48 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.tb.ask...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {B33BC37A-4B95-4e66-B65F-25166BB18426}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{1D1F2ABD-00D0-4157-945C-BD15C36D8F98}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{95D2F487-9B42-4C5F-A654-DCB114840AE4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{AA5E5301-BCB2-4BE3-9699-CB6D88B20472}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{B33BC37A-4B95-4e66-B65F-25166BB18426}: "URL" = http://search.yahoo....icevm&type=IEBD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.CouponXplorer_5z.com/Plugin: C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\NP5zEISB.dll (CouponXplorer)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 20:14:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 20:14:09 | 000,000,000 | ---D | M]

[2011/05/02 23:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Extensions
[2013/09/12 22:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/12/02 17:41:37 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]

========== Chrome ==========

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2cb6e4ac-1b85-11e2-829c-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{2cb6e4ac-1b85-11e2-829c-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{470b7048-d2aa-11e0-8714-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{470b7048-d2aa-11e0-8714-1c6f6546eb49}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8a49e773-7ae9-11e3-a72a-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{8a49e773-7ae9-11e3-a72a-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{8a49eb28-7ae9-11e3-a72a-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{8a49eb28-7ae9-11e3-a72a-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{8a49ec8c-7ae9-11e3-a72a-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{8a49ec8c-7ae9-11e3-a72a-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{b0826963-caa4-11e2-a4ec-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{b0826963-caa4-11e2-a4ec-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{e890924a-7dd2-11e3-bfcf-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{e890924a-7dd2-11e3-bfcf-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/20 19:36:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
[2014/03/20 18:15:00 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/20 18:14:50 | 000,445,304 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/03/09 08:38:58 | 000,000,000 | ---D | C] -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites_files
[2014/03/02 15:43:45 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\malcom
[2014/02/28 20:32:09 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\school
[2014/02/25 08:13:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[1 C:\Users\Bears\Desktop\*.tmp files -> C:\Users\Bears\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/20 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
[2014/03/20 19:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/20 18:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/20 18:40:23 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/20 18:40:23 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/20 18:37:38 | 001,479,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/20 18:37:38 | 000,398,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/20 18:37:38 | 000,006,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/20 18:33:03 | 000,003,284 | ---- | M] () -- C:\Users\Bears\AppData\Roaming\ANIWZCS{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2014/03/20 18:32:47 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2014/03/20 18:32:44 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/20 18:32:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/20 18:32:30 | 2816,647,168 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/20 18:15:45 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/03/20 18:15:01 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/20 18:15:01 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/03/20 18:15:01 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/20 18:15:01 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/20 18:15:01 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/03/20 18:15:01 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/20 18:15:01 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/20 18:15:00 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/20 18:15:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/20 18:14:53 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/03/20 18:14:50 | 000,445,304 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/03/19 07:14:55 | 000,000,490 | ---- | M] () -- C:\Users\Bears\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.website
[2014/03/18 05:51:41 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2014/03/14 05:44:26 | 000,308,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/13 20:48:15 | 000,104,968 | ---- | M] () -- C:\Users\Bears\Desktop\d4g_entry_form.pdf
[2014/03/12 21:22:53 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/03/09 08:39:02 | 000,490,695 | ---- | M] () -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites.htm
[2014/03/01 23:49:00 | 000,154,656 | ---- | M] () -- C:\Users\Bears\Documents\2013-03-01 12.11.18.jpg
[1 C:\Users\Bears\Desktop\*.tmp files -> C:\Users\Bears\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/13 20:48:15 | 000,104,968 | ---- | C] () -- C:\Users\Bears\Desktop\d4g_entry_form.pdf
[2014/03/09 08:38:56 | 000,490,695 | ---- | C] () -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites.htm
[2014/03/01 23:49:00 | 000,154,656 | ---- | C] () -- C:\Users\Bears\Documents\2013-03-01 12.11.18.jpg
[2013/06/06 20:41:46 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2012/04/13 18:27:20 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/20 10:54:16 | 001,435,108 | ---- | C] () -- C:\Users\Bears\5500 series.pdf
[2011/04/23 19:53:02 | 000,003,284 | ---- | C] () -- C:\Users\Bears\AppData\Roaming\ANIWZCS{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2011/04/23 19:52:40 | 000,000,280 | ---- | C] () -- C:\Users\Bears\AppData\Roaming\ANICONFIG_{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/21 07:15:12 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\AVAST Software
[2013/07/04 07:41:00 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Garmin
[2014/01/11 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Motorola
[2014/01/11 18:30:19 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Motorola Mobility
[2014/01/25 03:29:32 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Oracle
[2011/04/23 21:35:18 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Sammsoft

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:79EB58D0

< End of report >

#2
pystryker

Posted 20 March 2014 - 09:25 PM

Trusted Helper

Malware Removal
3,912 posts

Hello and welcome to Geeks to Go! My nickname is Pystryker

, and I will be helping you with your issue today.

Before we get started, I have a few things I need to go over with you

Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.

If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
Please read through my instructions carefully and completely before executing them.
Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
If possible, please have your original Windows installation disks handy, just in case.
If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we? :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.tb.ask...r={searchTerms}
FF - HKLM\Software\MozillaPlugins\@ei.CouponXplorer_5z.com/Plugin: C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\NP5zEISB.dll (CouponXplorer)
[2012/12/02 17:41:37 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O33 - MountPoints2\{2cb6e4ac-1b85-11e2-829c-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{2cb6e4ac-1b85-11e2-829c-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{470b7048-d2aa-11e0-8714-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{470b7048-d2aa-11e0-8714-1c6f6546eb49}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8a49e773-7ae9-11e3-a72a-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{8a49e773-7ae9-11e3-a72a-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{8a49eb28-7ae9-11e3-a72a-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{8a49eb28-7ae9-11e3-a72a-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{8a49ec8c-7ae9-11e3-a72a-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{8a49ec8c-7ae9-11e3-a72a-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{b0826963-caa4-11e2-a4ec-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{b0826963-caa4-11e2-a4ec-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{e890924a-7dd2-11e3-bfcf-1c6f6546eb49}\Shell - "" = AutoRun
O33 - MountPoints2\{e890924a-7dd2-11e3-bfcf-1c6f6546eb49}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:79EB58D0

:Files
C:\Program Files (x86)\DeviceVM
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[resethosts]
[emptytemp]

Click the Run Fix button at the top of the OTL control panel.
Let the program run until it's finished and then reboot the computer.
Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.

Step 2: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

Posted Image

Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
Close any open windows or browsers.
Pause your Anti-Virus program if it is running.
Once it starts, click on the Scan button.
Let the scan complete itself. This may take a few minutes.
Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

This report is also saved at C:\AdwCleaner[R0].txt

Step 3: Junkware Removal Tool

Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 4: TDSSKiller Scan

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5: Fresh OTL Scan

Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
Please make sure the following boxes are checked.
Scan All Users
Use Company-Name WhiteList
Skip Microsoft Files
Use No-Company-Name Whitelist
LOP Check
Purity Check
Please check Use Safelist is checked under Extra Registry.
Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
Click the Run Scan button.

Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
Please post each log in your next reply.

Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

TDSSKIller Log

New OTL Scan Log

Extras.txt Log

#3
l3arefoot

Posted 22 March 2014 - 04:33 AM

Member

Topic Starter
Member
40 posts

Hello!
Below are the logs you requested. Thank you so much for your help!!!

OTL fix log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service BCUService stopped successfully!
Service BCUService deleted successfully!
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.CouponXplorer_5z.com/Plugin\ deleted successfully.
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\NP5zEISB.dll moved successfully.
C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected] moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCU deleted successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cb6e4ac-1b85-11e2-829c-1c6f6546eb49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cb6e4ac-1b85-11e2-829c-1c6f6546eb49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cb6e4ac-1b85-11e2-829c-1c6f6546eb49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cb6e4ac-1b85-11e2-829c-1c6f6546eb49}\ not found.
File E:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{470b7048-d2aa-11e0-8714-1c6f6546eb49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{470b7048-d2aa-11e0-8714-1c6f6546eb49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{470b7048-d2aa-11e0-8714-1c6f6546eb49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{470b7048-d2aa-11e0-8714-1c6f6546eb49}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a49e773-7ae9-11e3-a72a-1c6f6546eb49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a49e773-7ae9-11e3-a72a-1c6f6546eb49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a49e773-7ae9-11e3-a72a-1c6f6546eb49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a49e773-7ae9-11e3-a72a-1c6f6546eb49}\ not found.
File E:\ToolLauncher-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a49eb28-7ae9-11e3-a72a-1c6f6546eb49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a49eb28-7ae9-11e3-a72a-1c6f6546eb49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a49eb28-7ae9-11e3-a72a-1c6f6546eb49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a49eb28-7ae9-11e3-a72a-1c6f6546eb49}\ not found.
File E:\MotorolaDeviceManagerSetup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a49ec8c-7ae9-11e3-a72a-1c6f6546eb49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a49ec8c-7ae9-11e3-a72a-1c6f6546eb49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a49ec8c-7ae9-11e3-a72a-1c6f6546eb49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a49ec8c-7ae9-11e3-a72a-1c6f6546eb49}\ not found.
File E:\MotorolaDeviceManagerSetup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0826963-caa4-11e2-a4ec-1c6f6546eb49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0826963-caa4-11e2-a4ec-1c6f6546eb49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0826963-caa4-11e2-a4ec-1c6f6546eb49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0826963-caa4-11e2-a4ec-1c6f6546eb49}\ not found.
File E:\MotoCastSetup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e890924a-7dd2-11e3-bfcf-1c6f6546eb49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e890924a-7dd2-11e3-bfcf-1c6f6546eb49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e890924a-7dd2-11e3-bfcf-1c6f6546eb49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e890924a-7dd2-11e3-bfcf-1c6f6546eb49}\ not found.
File E:\MotoCastSetup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\MotorolaDeviceManagerSetup.exe -a not found.
ADS C:\ProgramData\TEMP:79EB58D0 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\template folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\icon folder moved successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility folder moved successfully.
C:\Program Files (x86)\DeviceVM folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Bears\Desktop\cmd.bat deleted successfully.
C:\Users\Bears\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Bears\Desktop\cmd.bat deleted successfully.
C:\Users\Bears\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Bears
->Temp folder emptied: 3396956844 bytes
->Temporary Internet Files folder emptied: 1151531673 bytes
->Java cache emptied: 21577356 bytes
->Google Chrome cache emptied: 20517026 bytes
->Flash cache emptied: 67174 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 944563309 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50595 bytes
RecycleBin emptied: 337834106 bytes

Total Files Cleaned = 5,601.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03222014_052424

Files\Folders moved on Reboot...
C:\Users\Bears\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Bears\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bears\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VH43XW9N\337996-malwarespyware-issues-affecting-browser-and-video[1].htm moved successfully.
C:\Users\Bears\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Bears\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Bears\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AdwCleaner Log

# AdwCleaner v3.022 - Report created 22/03/2014 at 05:42:21
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bears - BEARS-1B
# Running from : C:\Users\Bears\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\FirstRowSportApp.com
Folder Deleted : C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v

[ File : C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3636 octets] - [22/03/2014 05:40:15]
AdwCleaner[S0].txt - [3437 octets] - [22/03/2014 05:42:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3497 octets] ##########

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bears on Sat 03/22/2014 at 5:49:18.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AA5E5301-BCB2-4BE3-9699-CB6D88B20472}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/22/2014 at 5:54:42.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

New OTL Scan Log

OTL logfile created on: 3/22/2014 6:14:52 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bears\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 70.19% Memory free
6.99 Gb Paging File | 5.74 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 379.78 Gb Free Space | 81.56% Space Free | Partition Type: NTFS

Computer Name: BEARS-1B | User Name: Bears | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/20 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
PRC - [2014/03/20 18:14:58 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/20 18:14:58 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/20 18:14:50 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 20:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/21 05:59:48 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2011/04/23 19:50:29 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\wlanapp.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/20 18:14:58 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/20 18:14:50 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/03/11 20:55:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/20 18:15:01 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/03/20 18:15:01 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/03/20 18:15:01 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/03/20 18:15:01 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/03/20 18:15:01 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/03/20 18:15:01 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/03/20 18:15:00 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/03/20 18:14:53 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/03/20 18:14:50 | 000,445,304 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2013/02/07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/02 03:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2014/03/22 05:59:42 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Bears\Desktop
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes,DefaultScope = {B33BC37A-4B95-4e66-B65F-25166BB18426}
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes\{1D1F2ABD-00D0-4157-945C-BD15C36D8F98}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes\{95D2F487-9B42-4C5F-A654-DCB114840AE4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes\{B33BC37A-4B95-4e66-B65F-25166BB18426}: "URL" = http://search.yahoo....icevm&type=IEBD
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 20:14:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 20:14:09 | 000,000,000 | ---D | M]

[2011/05/02 23:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Extensions
[2014/03/22 05:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions

========== Chrome ==========

O1 HOSTS File: ([2014/03/22 05:25:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/22 05:49:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/22 05:47:14 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Bears\Desktop\JRT.exe
[2014/03/22 05:38:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/22 05:33:36 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\puter fix
[2014/03/22 05:24:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/20 19:36:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
[2014/03/20 18:15:00 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/20 18:14:50 | 000,445,304 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/03/09 08:38:58 | 000,000,000 | ---D | C] -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites_files
[2014/03/02 15:43:45 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\malcom
[2014/02/28 20:32:09 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\school
[2014/02/25 08:13:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[1 C:\Users\Bears\Desktop\*.tmp files -> C:\Users\Bears\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/22 06:07:02 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/22 06:07:02 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/22 06:04:20 | 001,516,758 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/22 06:04:20 | 000,411,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/22 06:04:20 | 000,006,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/22 06:03:07 | 004,110,135 | ---- | M] () -- C:\Users\Bears\Desktop\tdsskiller.zip
[2014/03/22 06:00:35 | 000,003,284 | ---- | M] () -- C:\Users\Bears\AppData\Roaming\ANIWZCS{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2014/03/22 06:00:27 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2014/03/22 05:59:45 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2014/03/22 05:59:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/22 05:59:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/22 05:59:18 | 2816,647,168 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/22 05:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/22 05:47:14 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Bears\Desktop\JRT.exe
[2014/03/22 05:37:28 | 001,950,720 | ---- | M] () -- C:\Users\Bears\Desktop\adwcleaner.exe
[2014/03/22 05:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/22 05:25:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/03/20 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
[2014/03/20 18:15:45 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/03/20 18:15:01 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/20 18:15:01 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/03/20 18:15:01 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/20 18:15:01 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/20 18:15:01 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/03/20 18:15:01 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/20 18:15:01 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/20 18:15:00 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/20 18:15:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/20 18:14:53 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/03/20 18:14:50 | 000,445,304 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/03/19 07:14:55 | 000,000,490 | ---- | M] () -- C:\Users\Bears\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.website
[2014/03/14 05:44:26 | 000,308,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/13 20:48:15 | 000,104,968 | ---- | M] () -- C:\Users\Bears\Desktop\d4g_entry_form.pdf
[2014/03/12 21:22:53 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/03/09 08:39:02 | 000,490,695 | ---- | M] () -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites.htm
[2014/03/01 23:49:00 | 000,154,656 | ---- | M] () -- C:\Users\Bears\Documents\2013-03-01 12.11.18.jpg
[1 C:\Users\Bears\Desktop\*.tmp files -> C:\Users\Bears\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/22 06:02:42 | 004,110,135 | ---- | C] () -- C:\Users\Bears\Desktop\tdsskiller.zip
[2014/03/22 05:37:21 | 001,950,720 | ---- | C] () -- C:\Users\Bears\Desktop\adwcleaner.exe
[2014/03/13 20:48:15 | 000,104,968 | ---- | C] () -- C:\Users\Bears\Desktop\d4g_entry_form.pdf
[2014/03/09 08:38:56 | 000,490,695 | ---- | C] () -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites.htm
[2014/03/01 23:49:00 | 000,154,656 | ---- | C] () -- C:\Users\Bears\Documents\2013-03-01 12.11.18.jpg
[2013/06/06 20:41:46 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2012/04/13 18:27:20 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/20 10:54:16 | 001,435,108 | ---- | C] () -- C:\Users\Bears\5500 series.pdf
[2011/04/23 19:53:02 | 000,003,284 | ---- | C] () -- C:\Users\Bears\AppData\Roaming\ANIWZCS{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2011/04/23 19:52:40 | 000,000,280 | ---- | C] () -- C:\Users\Bears\AppData\Roaming\ANICONFIG_{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/21 07:15:12 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\AVAST Software
[2013/07/04 07:41:00 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Garmin
[2014/01/11 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Motorola
[2014/01/11 18:30:19 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Motorola Mobility
[2014/01/25 03:29:32 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Oracle
[2011/04/23 21:35:18 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Sammsoft

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: RPCSS.DLL >
[2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 21:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 02:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2014/02/20 02:17:07 | 000,004,182 | ---- | M] () MD5=78103C8B94CFA4006452BA74BE99DD51 -- C:\Users\Bears\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.LOG >
[2012/03/14 20:44:41 | 000,056,107 | ---- | M] () MD5=35889F5288AA2B2C4FD56131F162066B -- C:\ProgramData\HP\Installer\Temp\services.log
[2012/03/14 20:44:41 | 000,056,107 | ---- | M] () MD5=35889F5288AA2B2C4FD56131F162066B -- C:\Users\All Users\HP\Installer\Temp\services.log

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 9EEC-2C21
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Bears
04/23/2011 07:42 PM <JUNCTION> Application Data [C:\Users\Bears\AppData\Roaming]
04/23/2011 07:42 PM <JUNCTION> Cookies [C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Cookies]
04/23/2011 07:42 PM <JUNCTION> Local Settings [C:\Users\Bears\AppData\Local]
04/23/2011 07:42 PM <JUNCTION> My Documents [C:\Users\Bears\Documents]
04/23/2011 07:42 PM <JUNCTION> NetHood [C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/23/2011 07:42 PM <JUNCTION> PrintHood [C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/23/2011 07:42 PM <JUNCTION> Recent [C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Recent]
04/23/2011 07:42 PM <JUNCTION> SendTo [C:\Users\Bears\AppData\Roaming\Microsoft\Windows\SendTo]
04/23/2011 07:42 PM <JUNCTION> Start Menu [C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu]
04/23/2011 07:42 PM <JUNCTION> Templates [C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Bears\AppData\Local
04/23/2011 07:42 PM <JUNCTION> Application Data [C:\Users\Bears\AppData\Local]
04/23/2011 07:42 PM <JUNCTION> History [C:\Users\Bears\AppData\Local\Microsoft\Windows\History]
04/23/2011 07:42 PM <JUNCTION> Temporary Internet Files [C:\Users\Bears\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Bears\AppData\LocalLow
07/27/2013 08:24 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Bears\Documents
04/23/2011 07:42 PM <JUNCTION> My Music [C:\Users\Bears\Music]
04/23/2011 07:42 PM <JUNCTION> My Pictures [C:\Users\Bears\Pictures]
04/23/2011 07:42 PM <JUNCTION> My Videos [C:\Users\Bears\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
51 Dir(s) 407,785,648,128 bytes free

< End of report >

Extras.txt Log

OTL Extras logfile created on: 3/22/2014 6:14:52 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bears\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 70.19% Memory free
6.99 Gb Paging File | 5.74 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 379.78 Gb Free Space | 81.56% Space Free | Partition Type: NTFS

Computer Name: BEARS-1B | User Name: Bears | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10073EAF-737D-45C6-983A-506A18DA0E2D}" = rport=445 | protocol=6 | dir=out | app=system |
"{1F186247-6710-4251-AFF5-9F14FE31693F}" = lport=138 | protocol=17 | dir=in | app=system |
"{215337BC-F757-43EE-88C7-39E21C99157E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{40F5FF48-97A8-42CB-B3D1-4C3BA2D50080}" = lport=137 | protocol=17 | dir=in | app=system |
"{465D20AD-F59A-4EF8-AE45-9B698F6C3A08}" = rport=139 | protocol=6 | dir=out | app=system |
"{4DFD906C-26F1-4167-A2B2-581BE04B8118}" = rport=137 | protocol=17 | dir=out | app=system |
"{5A4AC8AE-4809-48A2-8427-D970B20B3A4B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BE27EC04-E930-4646-BCCE-4B2229A5E52B}" = lport=139 | protocol=6 | dir=in | app=system |
"{CC3F6D49-BFA2-45D9-B5B3-DBFFE2909261}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF6E2411-6DCB-48BC-BE96-D2BCDAE048A7}" = rport=138 | protocol=17 | dir=out | app=system |
"{DD07EAD3-313F-4319-AE93-9222D51123F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E55CF1E5-6BCB-4D5A-B778-6FFF662D8DC6}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F746877-068B-42F4-B8A0-9014C0DC9EE8}" = protocol=58 | dir=in | [email protected],-28545 |
"{26483267-A6BA-4C09-83A5-C31F676D718E}" = protocol=58 | dir=out | [email protected],-28546 |
"{5CCD9F66-731E-49EE-B0F0-8C7CEDA1BAFE}" = protocol=1 | dir=out | [email protected],-28544 |
"{76C677F9-7F5E-4E30-BCC8-77147F0CFF29}" = protocol=1 | dir=in | [email protected],-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}" = Motorola Mobile Drivers Installation 6.3.0
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EF082D0-2DEF-4D45-98C8-64365D58D240}" = TurboTax 2012 wohiper
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4CA54C97-67B1-4507-9BE0-0ED39C24FA32}" = TurboTax 2012 wpaiper
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B09.1119.01
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"avast" = avast! Internet Security
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2014 6:04:17 AM | Computer Name = Bears-1b | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 3/22/2014 6:04:17 AM | Computer Name = Bears-1b | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ System Events ]
Error - 3/22/2014 5:58:42 AM | Computer Name = Bears-1b | Source = DCOM | ID = 10010
Description =

< End of report >

#4
pystryker

Posted 22 March 2014 - 05:25 AM

Trusted Helper

Malware Removal
3,912 posts

Hello!
Below are the logs you requested. Thank you so much for your help!!

Hello

You are very welcome, it's our pleasure. :thumbsup:

The logs are looking good, but we're missing the TDSSKiller log. Please post that one and we'll proceed.

It can be found here:

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".

#5
l3arefoot

Posted 22 March 2014 - 06:43 AM

Member

Topic Starter
Member
40 posts

So sorry I missed that one! Here it is....

06:03:25.0748 0x0bd4 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
06:03:40.0287 0x0bd4 ============================================================
06:03:40.0287 0x0bd4 Current date / time: 2014/03/22 06:03:40.0287
06:03:40.0287 0x0bd4 SystemInfo:
06:03:40.0287 0x0bd4
06:03:40.0287 0x0bd4 OS Version: 6.1.7601 ServicePack: 1.0
06:03:40.0287 0x0bd4 Product type: Workstation
06:03:40.0287 0x0bd4 ComputerName: BEARS-1B
06:03:40.0287 0x0bd4 UserName: Bears
06:03:40.0287 0x0bd4 Windows directory: C:\Windows
06:03:40.0287 0x0bd4 System windows directory: C:\Windows
06:03:40.0287 0x0bd4 Running under WOW64
06:03:40.0287 0x0bd4 Processor architecture: Intel x64
06:03:40.0287 0x0bd4 Number of processors: 2
06:03:40.0287 0x0bd4 Page size: 0x1000
06:03:40.0287 0x0bd4 Boot type: Normal boot
06:03:40.0287 0x0bd4 ============================================================
06:03:42.0502 0x0bd4 KLMD registered as C:\Windows\system32\drivers\19939536.sys
06:03:42.0596 0x0bd4 System UUID: {84083986-5EBC-6295-6BE1-DCB4E32F1B9B}
06:03:42.0970 0x0bd4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
06:03:42.0986 0x0bd4 ============================================================
06:03:42.0986 0x0bd4 \Device\Harddisk0\DR0:
06:03:42.0986 0x0bd4 MBR partitions:
06:03:42.0986 0x0bd4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:03:42.0986 0x0bd4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
06:03:42.0986 0x0bd4 ============================================================
06:03:43.0001 0x0bd4 C: <-> \Device\Harddisk0\DR0\Partition2
06:03:43.0001 0x0bd4 ============================================================
06:03:43.0017 0x0bd4 Initialize success
06:03:43.0017 0x0bd4 ============================================================
06:04:42.0328 0x0c74 ============================================================
06:04:42.0328 0x0c74 Scan started
06:04:42.0328 0x0c74 Mode: Manual; SigCheck; TDLFS;
06:04:42.0328 0x0c74 ============================================================
06:04:42.0328 0x0c74 KSN ping started
06:04:44.0809 0x0c74 KSN ping finished: true
06:04:45.0464 0x0c74 ================ Scan system memory ========================
06:04:45.0464 0x0c74 System memory - ok
06:04:45.0464 0x0c74 ================ Scan services =============================
06:04:45.0651 0x0c74 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
06:04:45.0745 0x0c74 1394ohci - ok
06:04:45.0791 0x0c74 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
06:04:45.0823 0x0c74 ACPI - ok
06:04:45.0838 0x0c74 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
06:04:45.0979 0x0c74 AcpiPmi - ok
06:04:46.0119 0x0c74 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:04:46.0150 0x0c74 AdobeARMservice - ok
06:04:46.0259 0x0c74 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:04:46.0291 0x0c74 AdobeFlashPlayerUpdateSvc - ok
06:04:46.0322 0x0c74 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
06:04:46.0353 0x0c74 adp94xx - ok
06:04:46.0384 0x0c74 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
06:04:46.0400 0x0c74 adpahci - ok
06:04:46.0415 0x0c74 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
06:04:46.0431 0x0c74 adpu320 - ok
06:04:46.0462 0x0c74 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:04:46.0587 0x0c74 AeLookupSvc - ok
06:04:46.0665 0x0c74 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
06:04:46.0774 0x0c74 AFD - ok
06:04:46.0805 0x0c74 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
06:04:46.0821 0x0c74 agp440 - ok
06:04:46.0837 0x0c74 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
06:04:46.0930 0x0c74 ALG - ok
06:04:46.0961 0x0c74 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
06:04:46.0977 0x0c74 aliide - ok
06:04:47.0039 0x0c74 [ A359974EAAC83A435497C52F62A2E590, 7A7AFFE1CCE8732C478AE3EA630AA46C94DE0DBFE19EE63E3FB99B0D3338F038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
06:04:47.0133 0x0c74 AMD External Events Utility - ok
06:04:47.0164 0x0c74 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
06:04:47.0195 0x0c74 amdide - ok
06:04:47.0227 0x0c74 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
06:04:47.0320 0x0c74 AmdK8 - ok
06:04:47.0585 0x0c74 [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
06:04:47.0866 0x0c74 amdkmdag - ok
06:04:47.0929 0x0c74 [ 6B4E9261B613B047A9A145F328889968, E5C6611E88381A9D40AD1CE80BFDDBDA733F4A8D3602AAE25A155D2C39B3B7FD ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
06:04:47.0960 0x0c74 amdkmdap - ok
06:04:47.0991 0x0c74 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
06:04:48.0022 0x0c74 AmdPPM - ok
06:04:48.0100 0x0c74 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:04:48.0131 0x0c74 amdsata - ok
06:04:48.0163 0x0c74 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
06:04:48.0178 0x0c74 amdsbs - ok
06:04:48.0194 0x0c74 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:04:48.0194 0x0c74 amdxata - ok
06:04:48.0241 0x0c74 [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
06:04:48.0256 0x0c74 androidusb - ok
06:04:48.0287 0x0c74 [ 4CCF421E6C4B2A4CBCE000715911F7CC, DD544BDAA4D948495D690B0AE031AA8A25563F0E0A64B467E5081F5C207A3596 ] anodlwf C:\Windows\system32\DRIVERS\anodlwfx.sys
06:04:48.0334 0x0c74 anodlwf - ok
06:04:48.0397 0x0c74 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
06:04:48.0506 0x0c74 AppID - ok
06:04:48.0537 0x0c74 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:04:48.0646 0x0c74 AppIDSvc - ok
06:04:48.0677 0x0c74 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
06:04:48.0724 0x0c74 Appinfo - ok
06:04:48.0818 0x0c74 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:04:48.0833 0x0c74 Apple Mobile Device - ok
06:04:48.0896 0x0c74 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
06:04:48.0927 0x0c74 arc - ok
06:04:48.0943 0x0c74 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
06:04:48.0958 0x0c74 arcsas - ok
06:04:49.0067 0x0c74 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:04:49.0145 0x0c74 aspnet_state - ok
06:04:49.0223 0x0c74 [ 60DD9BDD4F96FC4A1E4F528BC70EB630, 5F81F2D3873A132F2B52B6026891D95064D59F0E6FA6D3294687AA66602154F7 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
06:04:49.0255 0x0c74 aswKbd - ok
06:04:49.0286 0x0c74 [ 8BE618EB795A87DBFD1E09DA63F009C7, 87443A8DB2B4CA4CCA280E0BBB3EAFBD218F7B0B6485C304CAA6B0BFDCBEB3EC ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
06:04:49.0301 0x0c74 aswMonFlt - ok
06:04:49.0379 0x0c74 [ 693CB948002DD650C2CFA6BD58808FEE, C55EDDA28858523751E98A34E819E4DDEE6351A17D0BD1597959A3B70B00AB8C ] aswNdisFlt C:\Windows\system32\DRIVERS\aswNdisFlt.sys
06:04:49.0411 0x0c74 aswNdisFlt - ok
06:04:49.0442 0x0c74 [ D4259F75734EBCC8D815753B09EB2F0A, 93E06432F3E74B4CE606F4BECB80D11580FB72832630164427F36BD62C467103 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
06:04:49.0473 0x0c74 aswRdr - ok
06:04:49.0520 0x0c74 [ 8D4B8BF93C65BDBC133B20706A3B5208, BBCC103F722434DE38FD4D3DF8D543478405E139C5923B0EDFBA80A6C2762AB2 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
06:04:49.0535 0x0c74 aswRvrt - ok
06:04:49.0582 0x0c74 [ AA0D1B47BE967E1E17301DDFB66C432C, 0283A503D9875C7D51288FAD28BC3F44E4637EDBBBFD968E51D4D505E3AE97B1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
06:04:49.0598 0x0c74 aswSnx - ok
06:04:49.0676 0x0c74 [ 15C6B7D20EE0E44A4DF82183A89CCFC2, 8CCE561CF25A6ED686DDD15C6041B29A82EF52247AFAD937EA5ADBA61C6A18AF ] aswSP C:\Windows\system32\drivers\aswSP.sys
06:04:49.0707 0x0c74 aswSP - ok
06:04:49.0738 0x0c74 [ 81FA56F29440406A7264CBD7B1C7CB29, 704FAC64596D949C2F83AEE9E3B235CB3E9240EEF310361691CB213A30341141 ] aswStm C:\Windows\system32\drivers\aswStm.sys
06:04:49.0754 0x0c74 aswStm - ok
06:04:49.0769 0x0c74 [ 0606875650850B0697D662934529F6FC, BC0D7B83888F88966F2DFC0BC26D038290FFBA83079DC7C3B67272557DA3E25D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
06:04:49.0785 0x0c74 aswVmm - ok
06:04:49.0801 0x0c74 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:04:49.0847 0x0c74 AsyncMac - ok
06:04:49.0879 0x0c74 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
06:04:49.0879 0x0c74 atapi - ok
06:04:49.0941 0x0c74 [ FB7602C5C508BE281368AAE0B61B51C6, 81FB4ABFA006974C20CA0E9FEB279A51CC4A9F0C1DA67075AA0EAD13F43B3782 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
06:04:49.0972 0x0c74 AtiHdmiService - ok
06:04:50.0222 0x0c74 [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
06:04:50.0440 0x0c74 atikmdag - ok
06:04:50.0534 0x0c74 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:04:50.0627 0x0c74 AudioEndpointBuilder - ok
06:04:50.0643 0x0c74 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:04:50.0690 0x0c74 AudioSrv - ok
06:04:50.0768 0x0c74 [ BEA8D0FA8805CC2E6BB49728166699C7, 9A574A1E79DC2D472877443A92ACDA57A1206A2DAB3AF9110C844944EDC9D797 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
06:04:50.0799 0x0c74 avast! Antivirus - ok
06:04:50.0861 0x0c74 [ D58C10AFF2B5C09D615623A4DAC0E330, 9C4BDD2A959288F6CFE9DA4E0E96409AC4462A0C224E0C27CB7906C53C7E1453 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
06:04:50.0893 0x0c74 avast! Firewall - ok
06:04:50.0939 0x0c74 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:04:51.0033 0x0c74 AxInstSV - ok
06:04:51.0095 0x0c74 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
06:04:51.0158 0x0c74 b06bdrv - ok
06:04:51.0205 0x0c74 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:04:51.0267 0x0c74 b57nd60a - ok
06:04:51.0298 0x0c74 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
06:04:51.0361 0x0c74 BDESVC - ok
06:04:51.0376 0x0c74 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
06:04:51.0454 0x0c74 Beep - ok
06:04:51.0532 0x0c74 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
06:04:51.0563 0x0c74 BFE - ok
06:04:51.0610 0x0c74 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
06:04:51.0673 0x0c74 BITS - ok
06:04:51.0688 0x0c74 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:04:51.0719 0x0c74 blbdrive - ok
06:04:51.0813 0x0c74 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:04:51.0844 0x0c74 Bonjour Service - ok
06:04:51.0907 0x0c74 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:04:51.0953 0x0c74 bowser - ok
06:04:51.0969 0x0c74 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:04:52.0078 0x0c74 BrFiltLo - ok
06:04:52.0094 0x0c74 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:04:52.0109 0x0c74 BrFiltUp - ok
06:04:52.0141 0x0c74 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
06:04:52.0172 0x0c74 Browser - ok
06:04:52.0203 0x0c74 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:04:52.0281 0x0c74 Brserid - ok
06:04:52.0297 0x0c74 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:04:52.0328 0x0c74 BrSerWdm - ok
06:04:52.0328 0x0c74 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:04:52.0390 0x0c74 BrUsbMdm - ok
06:04:52.0390 0x0c74 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:04:52.0421 0x0c74 BrUsbSer - ok
06:04:52.0468 0x0c74 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
06:04:52.0499 0x0c74 BTHMODEM - ok
06:04:52.0531 0x0c74 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
06:04:52.0577 0x0c74 bthserv - ok
06:04:52.0593 0x0c74 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:04:52.0640 0x0c74 cdfs - ok
06:04:52.0733 0x0c74 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:04:52.0796 0x0c74 cdrom - ok
06:04:52.0843 0x0c74 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
06:04:52.0905 0x0c74 CertPropSvc - ok
06:04:52.0921 0x0c74 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
06:04:52.0936 0x0c74 circlass - ok
06:04:52.0952 0x0c74 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
06:04:52.0967 0x0c74 CLFS - ok
06:04:53.0030 0x0c74 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:04:53.0061 0x0c74 clr_optimization_v2.0.50727_32 - ok
06:04:53.0092 0x0c74 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:04:53.0123 0x0c74 clr_optimization_v2.0.50727_64 - ok
06:04:53.0201 0x0c74 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:04:53.0295 0x0c74 clr_optimization_v4.0.30319_32 - ok
06:04:53.0311 0x0c74 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:04:53.0342 0x0c74 clr_optimization_v4.0.30319_64 - ok
06:04:53.0373 0x0c74 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:04:53.0404 0x0c74 CmBatt - ok
06:04:53.0420 0x0c74 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
06:04:53.0435 0x0c74 cmdide - ok
06:04:53.0482 0x0c74 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
06:04:53.0513 0x0c74 CNG - ok
06:04:53.0513 0x0c74 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:04:53.0529 0x0c74 Compbatt - ok
06:04:53.0576 0x0c74 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
06:04:53.0654 0x0c74 CompositeBus - ok
06:04:53.0669 0x0c74 COMSysApp - ok
06:04:53.0685 0x0c74 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
06:04:53.0716 0x0c74 crcdisk - ok
06:04:53.0747 0x0c74 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:04:53.0779 0x0c74 CryptSvc - ok
06:04:53.0825 0x0c74 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:04:53.0872 0x0c74 DcomLaunch - ok
06:04:53.0903 0x0c74 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
06:04:53.0950 0x0c74 defragsvc - ok
06:04:54.0013 0x0c74 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:04:54.0091 0x0c74 DfsC - ok
06:04:54.0122 0x0c74 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
06:04:54.0184 0x0c74 Dhcp - ok
06:04:54.0200 0x0c74 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
06:04:54.0247 0x0c74 discache - ok
06:04:54.0262 0x0c74 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
06:04:54.0278 0x0c74 Disk - ok
06:04:54.0325 0x0c74 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:04:54.0387 0x0c74 Dnscache - ok
06:04:54.0449 0x0c74 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
06:04:54.0496 0x0c74 dot3svc - ok
06:04:54.0590 0x0c74 [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
06:04:54.0637 0x0c74 Dot4 - ok
06:04:54.0652 0x0c74 [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
06:04:54.0683 0x0c74 Dot4Print - ok
06:04:54.0699 0x0c74 [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
06:04:54.0730 0x0c74 dot4usb - ok
06:04:54.0761 0x0c74 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
06:04:54.0808 0x0c74 DPS - ok
06:04:54.0824 0x0c74 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:04:54.0839 0x0c74 drmkaud - ok
06:04:54.0917 0x0c74 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:04:54.0964 0x0c74 DXGKrnl - ok
06:04:55.0011 0x0c74 [ F195FBC375342BD25C936982245A8FB0, 656021B485AFC5F29A57071E235E80151198BCB40187AD1706ABBFE9F690BC40 ] D_Link_DWA-125 C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe
06:04:55.0042 0x0c74 D_Link_DWA-125 - detected UnsignedFile.Multi.Generic ( 1 )
06:04:57.0523 0x0c74 Detect skipped due to KSN trusted
06:04:57.0523 0x0c74 D_Link_DWA-125 - ok
06:04:57.0523 0x0c74 D_Link_DWA-125_WPS - ok
06:04:57.0569 0x0c74 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
06:04:57.0632 0x0c74 EapHost - ok
06:04:57.0757 0x0c74 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
06:04:57.0866 0x0c74 ebdrv - ok
06:04:57.0897 0x0c74 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
06:04:57.0944 0x0c74 EFS - ok
06:04:58.0053 0x0c74 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:04:58.0115 0x0c74 ehRecvr - ok
06:04:58.0147 0x0c74 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
06:04:58.0162 0x0c74 ehSched - ok
06:04:58.0193 0x0c74 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
06:04:58.0225 0x0c74 elxstor - ok
06:04:58.0256 0x0c74 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
06:04:58.0303 0x0c74 ErrDev - ok
06:04:58.0334 0x0c74 [ B8FA96995726D1FA58476E352C02AD82, 6BBD49B16A19CC3C3337707EFBEB6BC355CB077CBBBC99D8985A3FBB6E871A89 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
06:04:58.0365 0x0c74 ES lite Service - ok
06:04:58.0412 0x0c74 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
06:04:58.0459 0x0c74 EventSystem - ok
06:04:58.0490 0x0c74 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
06:04:58.0521 0x0c74 exfat - ok
06:04:58.0537 0x0c74 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:04:58.0583 0x0c74 fastfat - ok
06:04:58.0693 0x0c74 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
06:04:58.0771 0x0c74 Fax - ok
06:04:58.0786 0x0c74 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:04:58.0802 0x0c74 fdc - ok
06:04:58.0817 0x0c74 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
06:04:58.0864 0x0c74 fdPHost - ok
06:04:58.0880 0x0c74 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
06:04:58.0927 0x0c74 FDResPub - ok
06:04:58.0927 0x0c74 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:04:58.0942 0x0c74 FileInfo - ok
06:04:58.0942 0x0c74 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:04:58.0989 0x0c74 Filetrace - ok
06:04:58.0989 0x0c74 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:04:59.0005 0x0c74 flpydisk - ok
06:04:59.0036 0x0c74 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:04:59.0051 0x0c74 FltMgr - ok
06:04:59.0098 0x0c74 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
06:04:59.0145 0x0c74 FontCache - ok
06:04:59.0192 0x0c74 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:04:59.0223 0x0c74 FontCache3.0.0.0 - ok
06:04:59.0239 0x0c74 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:04:59.0254 0x0c74 FsDepends - ok
06:04:59.0285 0x0c74 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:04:59.0301 0x0c74 Fs_Rec - ok
06:04:59.0363 0x0c74 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:04:59.0410 0x0c74 fvevol - ok
06:04:59.0410 0x0c74 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
06:04:59.0426 0x0c74 gagp30kx - ok
06:04:59.0504 0x0c74 [ 2973B4EB7BE10A0D491B2037DCAAE88F, 17219885FF89EFD3538C7D780179060E3255B1E0D7BA5DF01AEA737123C07B59 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
06:04:59.0535 0x0c74 Garmin Core Update Service - ok
06:04:59.0551 0x0c74 [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv C:\Windows\gdrv.sys
06:04:59.0566 0x0c74 gdrv - ok
06:04:59.0597 0x0c74 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:04:59.0597 0x0c74 GEARAspiWDM - ok
06:04:59.0644 0x0c74 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
06:04:59.0707 0x0c74 gpsvc - ok
06:04:59.0831 0x0c74 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:04:59.0863 0x0c74 gupdate - ok
06:04:59.0863 0x0c74 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:04:59.0878 0x0c74 gupdatem - ok
06:04:59.0909 0x0c74 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:04:59.0956 0x0c74 hcw85cir - ok
06:05:00.0019 0x0c74 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:05:00.0050 0x0c74 HdAudAddService - ok
06:05:00.0081 0x0c74 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
06:05:00.0128 0x0c74 HDAudBus - ok
06:05:00.0143 0x0c74 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
06:05:00.0175 0x0c74 HidBatt - ok
06:05:00.0190 0x0c74 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:05:00.0237 0x0c74 HidBth - ok
06:05:00.0253 0x0c74 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
06:05:00.0284 0x0c74 HidIr - ok
06:05:00.0315 0x0c74 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
06:05:00.0346 0x0c74 hidserv - ok
06:05:00.0393 0x0c74 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:05:00.0424 0x0c74 HidUsb - ok
06:05:00.0455 0x0c74 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:05:00.0518 0x0c74 hkmsvc - ok
06:05:00.0549 0x0c74 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:05:00.0580 0x0c74 HomeGroupListener - ok
06:05:00.0611 0x0c74 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:05:00.0658 0x0c74 HomeGroupProvider - ok
06:05:00.0783 0x0c74 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
06:05:00.0814 0x0c74 hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
06:05:03.0295 0x0c74 Detect skipped due to KSN trusted
06:05:03.0295 0x0c74 hpqcxs08 - ok
06:05:03.0341 0x0c74 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
06:05:03.0373 0x0c74 HpSAMD - ok
06:05:03.0435 0x0c74 [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
06:05:03.0451 0x0c74 HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
06:05:05.0947 0x0c74 Detect skipped due to KSN trusted
06:05:05.0947 0x0c74 HPSLPSVC - ok
06:05:06.0025 0x0c74 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:05:06.0071 0x0c74 HTTP - ok
06:05:06.0118 0x0c74 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:05:06.0118 0x0c74 hwpolicy - ok
06:05:06.0149 0x0c74 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
06:05:06.0196 0x0c74 i8042prt - ok
06:05:06.0227 0x0c74 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:05:06.0243 0x0c74 iaStorV - ok
06:05:06.0321 0x0c74 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:05:06.0352 0x0c74 idsvc - ok
06:05:06.0383 0x0c74 IEEtwCollectorService - ok
06:05:06.0399 0x0c74 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
06:05:06.0430 0x0c74 iirsp - ok
06:05:06.0524 0x0c74 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
06:05:06.0571 0x0c74 IKEEXT - ok
06:05:06.0711 0x0c74 [ 76877DD763A2287F58908795F3F5CCCB, A7CB3FB767D07A23A050E3335130CC686C2EF868BDCEDD51FFE82E8861057B0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:05:06.0758 0x0c74 IntcAzAudAddService - ok
06:05:06.0789 0x0c74 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
06:05:06.0789 0x0c74 intelide - ok
06:05:06.0820 0x0c74 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:05:06.0836 0x0c74 intelppm - ok
06:05:06.0945 0x0c74 [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
06:05:06.0976 0x0c74 IntuitUpdateServiceV4 - ok
06:05:06.0992 0x0c74 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:05:07.0039 0x0c74 IPBusEnum - ok
06:05:07.0085 0x0c74 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:05:07.0148 0x0c74 IpFilterDriver - ok
06:05:07.0195 0x0c74 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:05:07.0257 0x0c74 iphlpsvc - ok
06:05:07.0304 0x0c74 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
06:05:07.0335 0x0c74 IPMIDRV - ok
06:05:07.0351 0x0c74 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:05:07.0413 0x0c74 IPNAT - ok
06:05:07.0491 0x0c74 [ 4EFFC8FF6D349E971E94B1C670C0C66A, E92DA19CE9725BB4CC34DF94873C6B441AE61679A8C615780E1A1E9404C8FA26 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:05:07.0538 0x0c74 iPod Service - ok
06:05:07.0553 0x0c74 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:05:07.0631 0x0c74 IRENUM - ok
06:05:07.0631 0x0c74 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:05:07.0647 0x0c74 isapnp - ok
06:05:07.0678 0x0c74 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
06:05:07.0694 0x0c74 iScsiPrt - ok
06:05:07.0725 0x0c74 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
06:05:07.0725 0x0c74 kbdclass - ok
06:05:07.0741 0x0c74 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
06:05:07.0756 0x0c74 kbdhid - ok
06:05:07.0787 0x0c74 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
06:05:07.0787 0x0c74 KeyIso - ok
06:05:07.0819 0x0c74 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:05:07.0834 0x0c74 KSecDD - ok
06:05:07.0850 0x0c74 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:05:07.0850 0x0c74 KSecPkg - ok
06:05:07.0865 0x0c74 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:05:07.0897 0x0c74 ksthunk - ok
06:05:07.0928 0x0c74 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
06:05:07.0990 0x0c74 KtmRm - ok
06:05:08.0037 0x0c74 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
06:05:08.0099 0x0c74 LanmanServer - ok
06:05:08.0115 0x0c74 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:05:08.0162 0x0c74 LanmanWorkstation - ok
06:05:08.0177 0x0c74 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:05:08.0224 0x0c74 lltdio - ok
06:05:08.0255 0x0c74 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:05:08.0302 0x0c74 lltdsvc - ok
06:05:08.0318 0x0c74 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:05:08.0349 0x0c74 lmhosts - ok
06:05:08.0365 0x0c74 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
06:05:08.0380 0x0c74 LSI_FC - ok
06:05:08.0380 0x0c74 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
06:05:08.0396 0x0c74 LSI_SAS - ok
06:05:08.0411 0x0c74 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:05:08.0411 0x0c74 LSI_SAS2 - ok
06:05:08.0427 0x0c74 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:05:08.0443 0x0c74 LSI_SCSI - ok
06:05:08.0443 0x0c74 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
06:05:08.0489 0x0c74 luafv - ok
06:05:08.0521 0x0c74 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:05:08.0536 0x0c74 Mcx2Svc - ok
06:05:08.0645 0x0c74 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
06:05:08.0661 0x0c74 MDM - ok
06:05:08.0723 0x0c74 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
06:05:08.0755 0x0c74 megasas - ok
06:05:08.0770 0x0c74 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
06:05:08.0786 0x0c74 MegaSR - ok
06:05:08.0833 0x0c74 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
06:05:08.0895 0x0c74 MMCSS - ok
06:05:08.0911 0x0c74 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
06:05:08.0942 0x0c74 Modem - ok
06:05:08.0973 0x0c74 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:05:09.0020 0x0c74 monitor - ok
06:05:09.0098 0x0c74 [ 7ED3A9C3763725BD700946971215EE77, 6150D52945E10B69CFA5E3E637DCEBA67158092C6350B4AFE456EA846CA90C18 ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
06:05:09.0113 0x0c74 Motorola Device Manager - ok
06:05:09.0145 0x0c74 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:05:09.0160 0x0c74 mouclass - ok
06:05:09.0207 0x0c74 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:05:09.0238 0x0c74 mouhid - ok
06:05:09.0269 0x0c74 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:05:09.0301 0x0c74 mountmgr - ok
06:05:09.0316 0x0c74 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
06:05:09.0332 0x0c74 mpio - ok
06:05:09.0363 0x0c74 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:05:09.0379 0x0c74 mpsdrv - ok
06:05:09.0441 0x0c74 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
06:05:09.0488 0x0c74 MpsSvc - ok
06:05:09.0519 0x0c74 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:05:09.0566 0x0c74 MRxDAV - ok
06:05:09.0628 0x0c74 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:05:09.0659 0x0c74 mrxsmb - ok
06:05:09.0675 0x0c74 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:05:09.0706 0x0c74 mrxsmb10 - ok
06:05:09.0722 0x0c74 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:05:09.0737 0x0c74 mrxsmb20 - ok
06:05:09.0769 0x0c74 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
06:05:09.0784 0x0c74 msahci - ok
06:05:09.0800 0x0c74 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:05:09.0815 0x0c74 msdsm - ok
06:05:09.0815 0x0c74 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
06:05:09.0862 0x0c74 MSDTC - ok
06:05:09.0894 0x0c74 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:05:09.0910 0x0c74 Msfs - ok
06:05:09.0926 0x0c74 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:05:09.0972 0x0c74 mshidkmdf - ok
06:05:09.0988 0x0c74 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:05:10.0019 0x0c74 msisadrv - ok
06:05:10.0035 0x0c74 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:05:10.0082 0x0c74 MSiSCSI - ok
06:05:10.0097 0x0c74 msiserver - ok
06:05:10.0128 0x0c74 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:05:10.0160 0x0c74 MSKSSRV - ok
06:05:10.0175 0x0c74 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:05:10.0206 0x0c74 MSPCLOCK - ok
06:05:10.0222 0x0c74 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:05:10.0253 0x0c74 MSPQM - ok
06:05:10.0316 0x0c74 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:05:10.0347 0x0c74 MsRPC - ok
06:05:10.0347 0x0c74 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
06:05:10.0362 0x0c74 mssmbios - ok
06:05:10.0362 0x0c74 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:05:10.0409 0x0c74 MSTEE - ok
06:05:10.0409 0x0c74 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
06:05:10.0440 0x0c74 MTConfig - ok
06:05:10.0472 0x0c74 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
06:05:10.0472 0x0c74 Mup - ok
06:05:10.0518 0x0c74 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
06:05:10.0596 0x0c74 napagent - ok
06:05:10.0628 0x0c74 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:05:10.0659 0x0c74 NativeWifiP - ok
06:05:10.0737 0x0c74 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
06:05:10.0768 0x0c74 NDIS - ok
06:05:10.0768 0x0c74 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:05:10.0799 0x0c74 NdisCap - ok
06:05:10.0815 0x0c74 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:05:10.0846 0x0c74 NdisTapi - ok
06:05:10.0877 0x0c74 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:05:10.0893 0x0c74 Ndisuio - ok
06:05:10.0924 0x0c74 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:05:10.0986 0x0c74 NdisWan - ok
06:05:11.0018 0x0c74 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:05:11.0064 0x0c74 NDProxy - ok
06:05:11.0096 0x0c74 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
06:05:11.0111 0x0c74 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
06:05:13.0560 0x0c74 Detect skipped due to KSN trusted
06:05:13.0560 0x0c74 Net Driver HPZ12 - ok
06:05:13.0592 0x0c74 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:05:13.0685 0x0c74 NetBIOS - ok
06:05:13.0826 0x0c74 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:05:13.0872 0x0c74 NetBT - ok
06:05:13.0966 0x0c74 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
06:05:13.0997 0x0c74 Netlogon - ok
06:05:14.0138 0x0c74 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
06:05:14.0325 0x0c74 Netman - ok
06:05:14.0465 0x0c74 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:05:14.0528 0x0c74 NetMsmqActivator - ok
06:05:14.0637 0x0c74 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:05:14.0684 0x0c74 NetPipeActivator - ok
06:05:14.0715 0x0c74 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
06:05:14.0777 0x0c74 netprofm - ok
06:05:14.0855 0x0c74 [ C7D577CB6058454228C7693DA086EF51, 36A4C386EEE182A929088FE3DC67D636E137388660E3108D8074182D411C100B ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
06:05:14.0902 0x0c74 netr28ux - ok
06:05:14.0918 0x0c74 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:05:14.0933 0x0c74 NetTcpActivator - ok
06:05:14.0933 0x0c74 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:05:14.0949 0x0c74 NetTcpPortSharing - ok
06:05:14.0964 0x0c74 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
06:05:14.0964 0x0c74 nfrd960 - ok
06:05:14.0980 0x0c74 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:05:15.0011 0x0c74 NlaSvc - ok
06:05:15.0027 0x0c74 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:05:15.0058 0x0c74 Npfs - ok
06:05:15.0058 0x0c74 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
06:05:15.0105 0x0c74 nsi - ok
06:05:15.0120 0x0c74 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:05:15.0167 0x0c74 nsiproxy - ok
06:05:15.0230 0x0c74 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:05:15.0276 0x0c74 Ntfs - ok
06:05:15.0276 0x0c74 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
06:05:15.0308 0x0c74 Null - ok
06:05:15.0339 0x0c74 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:05:15.0354 0x0c74 nvraid - ok
06:05:15.0370 0x0c74 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:05:15.0386 0x0c74 nvstor - ok
06:05:15.0401 0x0c74 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:05:15.0417 0x0c74 nv_agp - ok
06:05:15.0432 0x0c74 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
06:05:15.0448 0x0c74 ohci1394 - ok
06:05:15.0479 0x0c74 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:05:15.0510 0x0c74 ose - ok
06:05:15.0557 0x0c74 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:05:15.0604 0x0c74 p2pimsvc - ok
06:05:15.0620 0x0c74 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
06:05:15.0651 0x0c74 p2psvc - ok
06:05:15.0666 0x0c74 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
06:05:15.0682 0x0c74 Parport - ok
06:05:15.0698 0x0c74 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:05:15.0713 0x0c74 partmgr - ok
06:05:15.0729 0x0c74 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
06:05:15.0760 0x0c74 PcaSvc - ok
06:05:15.0776 0x0c74 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
06:05:15.0776 0x0c74 pci - ok
06:05:15.0807 0x0c74 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
06:05:15.0822 0x0c74 pciide - ok
06:05:15.0854 0x0c74 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
06:05:15.0885 0x0c74 pcmcia - ok
06:05:15.0885 0x0c74 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
06:05:15.0900 0x0c74 pcw - ok
06:05:15.0916 0x0c74 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:05:15.0978 0x0c74 PEAUTH - ok
06:05:16.0041 0x0c74 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:05:16.0072 0x0c74 PerfHost - ok
06:05:16.0134 0x0c74 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
06:05:16.0212 0x0c74 pla - ok
06:05:16.0259 0x0c74 [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:05:16.0306 0x0c74 PlugPlay - ok
06:05:16.0368 0x0c74 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
06:05:16.0384 0x0c74 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
06:05:18.0896 0x0c74 Detect skipped due to KSN trusted
06:05:18.0896 0x0c74 Pml Driver HPZ12 - ok
06:05:18.0911 0x0c74 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:05:18.0942 0x0c74 PNRPAutoReg - ok
06:05:18.0958 0x0c74 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:05:18.0974 0x0c74 PNRPsvc - ok
06:05:19.0005 0x0c74 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:05:19.0052 0x0c74 PolicyAgent - ok
06:05:19.0067 0x0c74 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
06:05:19.0114 0x0c74 Power - ok
06:05:19.0176 0x0c74 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:05:19.0270 0x0c74 PptpMiniport - ok
06:05:19.0286 0x0c74 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
06:05:19.0317 0x0c74 Processor - ok
06:05:19.0332 0x0c74 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
06:05:19.0410 0x0c74 ProfSvc - ok
06:05:19.0426 0x0c74 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
06:05:19.0442 0x0c74 ProtectedStorage - ok
06:05:19.0473 0x0c74 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:05:19.0520 0x0c74 Psched - ok
06:05:19.0582 0x0c74 [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
06:05:19.0598 0x0c74 PST Service - detected UnsignedFile.Multi.Generic ( 1 )
06:05:22.0094 0x0c74 Detect skipped due to KSN trusted
06:05:22.0094 0x0c74 PST Service - ok
06:05:22.0172 0x0c74 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
06:05:22.0218 0x0c74 ql2300 - ok
06:05:22.0234 0x0c74 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
06:05:22.0234 0x0c74 ql40xx - ok
06:05:22.0265 0x0c74 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
06:05:22.0296 0x0c74 QWAVE - ok
06:05:22.0312 0x0c74 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:05:22.0328 0x0c74 QWAVEdrv - ok
06:05:22.0343 0x0c74 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:05:22.0359 0x0c74 RasAcd - ok
06:05:22.0390 0x0c74 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:05:22.0437 0x0c74 RasAgileVpn - ok
06:05:22.0452 0x0c74 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
06:05:22.0484 0x0c74 RasAuto - ok
06:05:22.0515 0x0c74 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:05:22.0562 0x0c74 Rasl2tp - ok
06:05:22.0593 0x0c74 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
06:05:22.0624 0x0c74 RasMan - ok
06:05:22.0655 0x0c74 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:05:22.0686 0x0c74 RasPppoe - ok
06:05:22.0702 0x0c74 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:05:22.0733 0x0c74 RasSstp - ok
06:05:22.0796 0x0c74 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:05:22.0842 0x0c74 rdbss - ok
06:05:22.0858 0x0c74 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:05:22.0874 0x0c74 rdpbus - ok
06:05:22.0889 0x0c74 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:05:22.0905 0x0c74 RDPCDD - ok
06:05:22.0936 0x0c74 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:05:22.0967 0x0c74 RDPENCDD - ok
06:05:22.0983 0x0c74 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:05:23.0014 0x0c74 RDPREFMP - ok
06:05:23.0045 0x0c74 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:05:23.0076 0x0c74 RDPWD - ok
06:05:23.0108 0x0c74 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:05:23.0108 0x0c74 rdyboost - ok
06:05:23.0139 0x0c74 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:05:23.0170 0x0c74 RemoteAccess - ok
06:05:23.0186 0x0c74 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:05:23.0232 0x0c74 RemoteRegistry - ok
06:05:23.0264 0x0c74 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:05:23.0279 0x0c74 RpcEptMapper - ok
06:05:23.0310 0x0c74 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
06:05:23.0326 0x0c74 RpcLocator - ok
06:05:23.0357 0x0c74 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
06:05:23.0388 0x0c74 RpcSs - ok
06:05:23.0420 0x0c74 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:05:23.0466 0x0c74 rspndr - ok
06:05:23.0513 0x0c74 [ 4E821C740A675F6D040BE41D59A62B1D, F09A0247DD21580AEE268FB88371D581B6383FC354B5FBBD147E5338BF7681A4 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
06:05:23.0544 0x0c74 RTHDMIAzAudService - ok
06:05:23.0591 0x0c74 [ 3B01789EE4EAEE97F5EB46B711387D5E, 154D6D409E02AAEA8CC34FA70F71630D67A31F033F65EE854448112C45F164B4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
06:05:23.0638 0x0c74 RTL8167 - ok
06:05:23.0654 0x0c74 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
06:05:23.0669 0x0c74 SamSs - ok
06:05:23.0716 0x0c74 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:05:23.0747 0x0c74 sbp2port - ok
06:05:23.0778 0x0c74 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:05:23.0841 0x0c74 SCardSvr - ok
06:05:23.0888 0x0c74 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:05:23.0966 0x0c74 scfilter - ok
06:05:24.0012 0x0c74 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
06:05:24.0059 0x0c74 Schedule - ok
06:05:24.0106 0x0c74 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
06:05:24.0153 0x0c74 SCPolicySvc - ok
06:05:24.0184 0x0c74 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:05:24.0215 0x0c74 SDRSVC - ok
06:05:24.0231 0x0c74 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:05:24.0309 0x0c74 secdrv - ok
06:05:24.0340 0x0c74 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
06:05:24.0418 0x0c74 seclogon - ok
06:05:24.0434 0x0c74 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
06:05:24.0480 0x0c74 SENS - ok
06:05:24.0496 0x0c74 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:05:24.0512 0x0c74 SensrSvc - ok
06:05:24.0543 0x0c74 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
06:05:24.0558 0x0c74 Serenum - ok
06:05:24.0574 0x0c74 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
06:05:24.0590 0x0c74 Serial - ok
06:05:24.0605 0x0c74 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
06:05:24.0621 0x0c74 sermouse - ok
06:05:24.0668 0x0c74 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
06:05:24.0699 0x0c74 SessionEnv - ok
06:05:24.0730 0x0c74 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:05:24.0777 0x0c74 sffdisk - ok
06:05:24.0808 0x0c74 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:05:24.0824 0x0c74 sffp_mmc - ok
06:05:24.0839 0x0c74 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:05:24.0855 0x0c74 sffp_sd - ok
06:05:24.0870 0x0c74 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:05:24.0886 0x0c74 sfloppy - ok
06:05:24.0917 0x0c74 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:05:24.0964 0x0c74 SharedAccess - ok
06:05:24.0995 0x0c74 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:05:25.0026 0x0c74 ShellHWDetection - ok
06:05:25.0026 0x0c74 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:05:25.0042 0x0c74 SiSRaid2 - ok
06:05:25.0058 0x0c74 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
06:05:25.0073 0x0c74 SiSRaid4 - ok
06:05:25.0089 0x0c74 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:05:25.0120 0x0c74 Smb - ok
06:05:25.0136 0x0c74 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:05:25.0151 0x0c74 SNMPTRAP - ok
06:05:25.0167 0x0c74 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
06:05:25.0182 0x0c74 spldr - ok
06:05:25.0214 0x0c74 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
06:05:25.0245 0x0c74 Spooler - ok
06:05:25.0385 0x0c74 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
06:05:25.0494 0x0c74 sppsvc - ok
06:05:25.0526 0x0c74 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:05:25.0557 0x0c74 sppuinotify - ok
06:05:25.0619 0x0c74 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
06:05:25.0666 0x0c74 srv - ok
06:05:25.0697 0x0c74 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:05:25.0728 0x0c74 srv2 - ok
06:05:25.0744 0x0c74 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:05:25.0760 0x0c74 srvnet - ok
06:05:25.0791 0x0c74 [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
06:05:25.0806 0x0c74 ssadbus - ok
06:05:25.0853 0x0c74 [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
06:05:25.0916 0x0c74 ssadmdfl - ok
06:05:25.0962 0x0c74 [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
06:05:25.0994 0x0c74 ssadmdm - ok
06:05:26.0025 0x0c74 [ D33D1BD3EC0E766211A234F56A12726D, 53EEAA94865554F8422D111D717B548DF553B5B8647D2A45F3718BF4AEEBEC27 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
06:05:26.0087 0x0c74 ssadserd - ok
06:05:26.0103 0x0c74 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:05:26.0165 0x0c74 SSDPSRV - ok
06:05:26.0181 0x0c74 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:05:26.0212 0x0c74 SstpSvc - ok
06:05:26.0228 0x0c74 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
06:05:26.0243 0x0c74 stexstor - ok
06:05:26.0321 0x0c74 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
06:05:26.0368 0x0c74 stisvc - ok
06:05:26.0399 0x0c74 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
06:05:26.0430 0x0c74 swenum - ok
06:05:26.0462 0x0c74 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
06:05:26.0508 0x0c74 swprv - ok
06:05:26.0586 0x0c74 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
06:05:26.0649 0x0c74 SysMain - ok
06:05:26.0664 0x0c74 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:05:26.0711 0x0c74 TabletInputService - ok
06:05:26.0774 0x0c74 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
06:05:26.0852 0x0c74 TapiSrv - ok
06:05:26.0867 0x0c74 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
06:05:26.0898 0x0c74 TBS - ok
06:05:27.0023 0x0c74 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:05:27.0070 0x0c74 Tcpip - ok
06:05:27.0132 0x0c74 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:05:27.0164 0x0c74 TCPIP6 - ok
06:05:27.0210 0x0c74 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:05:27.0226 0x0c74 tcpipreg - ok
06:05:27.0242 0x0c74 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:05:27.0257 0x0c74 TDPIPE - ok
06:05:27.0288 0x0c74 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:05:27.0304 0x0c74 TDTCP - ok
06:05:27.0351 0x0c74 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:05:27.0398 0x0c74 tdx - ok
06:05:27.0444 0x0c74 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
06:05:27.0460 0x0c74 TermDD - ok
06:05:27.0507 0x0c74 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
06:05:27.0585 0x0c74 TermService - ok
06:05:27.0616 0x0c74 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
06:05:27.0632 0x0c74 Themes - ok
06:05:27.0632 0x0c74 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
06:05:27.0663 0x0c74 THREADORDER - ok
06:05:27.0694 0x0c74 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
06:05:27.0741 0x0c74 TrkWks - ok
06:05:27.0803 0x0c74 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:05:27.0897 0x0c74 TrustedInstaller - ok
06:05:27.0912 0x0c74 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:05:27.0928 0x0c74 tssecsrv - ok
06:05:27.0959 0x0c74 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
06:05:27.0975 0x0c74 TsUsbFlt - ok
06:05:28.0006 0x0c74 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:05:28.0053 0x0c74 tunnel - ok
06:05:28.0068 0x0c74 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
06:05:28.0084 0x0c74 uagp35 - ok
06:05:28.0115 0x0c74 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:05:28.0162 0x0c74 udfs - ok
06:05:28.0178 0x0c74 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:05:28.0178 0x0c74 UI0Detect - ok
06:05:28.0193 0x0c74 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:05:28.0209 0x0c74 uliagpkx - ok
06:05:28.0256 0x0c74 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
06:05:28.0302 0x0c74 umbus - ok
06:05:28.0302 0x0c74 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
06:05:28.0334 0x0c74 UmPass - ok
06:05:28.0396 0x0c74 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
06:05:28.0443 0x0c74 upnphost - ok
06:05:28.0490 0x0c74 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
06:05:28.0536 0x0c74 USBAAPL64 - ok
06:05:28.0568 0x0c74 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:05:28.0583 0x0c74 usbccgp - ok
06:05:28.0599 0x0c74 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
06:05:28.0630 0x0c74 usbcir - ok
06:05:28.0661 0x0c74 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:05:28.0692 0x0c74 usbehci - ok
06:05:28.0755 0x0c74 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:05:28.0786 0x0c74 usbhub - ok
06:05:28.0817 0x0c74 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
06:05:28.0848 0x0c74 usbohci - ok
06:05:28.0864 0x0c74 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:05:28.0895 0x0c74 usbprint - ok
06:05:28.0926 0x0c74 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
06:05:28.0989 0x0c74 usbscan - ok
06:05:29.0004 0x0c74 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:05:29.0036 0x0c74 USBSTOR - ok
06:05:29.0067 0x0c74 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
06:05:29.0098 0x0c74 usbuhci - ok
06:05:29.0129 0x0c74 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
06:05:29.0192 0x0c74 UxSms - ok
06:05:29.0207 0x0c74 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
06:05:29.0223 0x0c74 VaultSvc - ok
06:05:29.0238 0x0c74 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
06:05:29.0254 0x0c74 vdrvroot - ok
06:05:29.0316 0x0c74 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
06:05:29.0379 0x0c74 vds - ok
06:05:29.0394 0x0c74 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:05:29.0410 0x0c74 vga - ok
06:05:29.0410 0x0c74 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
06:05:29.0457 0x0c74 VgaSave - ok
06:05:29.0488 0x0c74 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
06:05:29.0504 0x0c74 vhdmp - ok
06:05:29.0535 0x0c74 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
06:05:29.0535 0x0c74 viaide - ok
06:05:29.0550 0x0c74 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:05:29.0566 0x0c74 volmgr - ok
06:05:29.0613 0x0c74 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:05:29.0628 0x0c74 volmgrx - ok
06:05:29.0675 0x0c74 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:05:29.0691 0x0c74 volsnap - ok
06:05:29.0706 0x0c74 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:05:29.0706 0x0c74 vsmraid - ok
06:05:29.0816 0x0c74 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
06:05:29.0894 0x0c74 VSS - ok
06:05:29.0909 0x0c74 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
06:05:29.0925 0x0c74 vwifibus - ok
06:05:29.0956 0x0c74 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
06:05:29.0972 0x0c74 vwififlt - ok
06:05:30.0003 0x0c74 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
06:05:30.0050 0x0c74 W32Time - ok
06:05:30.0065 0x0c74 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:05:30.0081 0x0c74 WacomPen - ok
06:05:30.0112 0x0c74 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:05:30.0143 0x0c74 WANARP - ok
06:05:30.0143 0x0c74 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:05:30.0174 0x0c74 Wanarpv6 - ok
06:05:30.0252 0x0c74 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:05:30.0299 0x0c74 WatAdminSvc - ok
06:05:30.0393 0x0c74 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
06:05:30.0486 0x0c74 wbengine - ok
06:05:30.0502 0x0c74 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:05:30.0518 0x0c74 WbioSrvc - ok
06:05:30.0549 0x0c74 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:05:30.0564 0x0c74 wcncsvc - ok
06:05:30.0596 0x0c74 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:05:30.0658 0x0c74 WcsPlugInService - ok
06:05:30.0674 0x0c74 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:05:30.0689 0x0c74 Wd - ok
06:05:30.0783 0x0c74 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:05:30.0845 0x0c74 Wdf01000 - ok
06:05:30.0861 0x0c74 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:05:30.0923 0x0c74 WdiServiceHost - ok
06:05:30.0923 0x0c74 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:05:30.0939 0x0c74 WdiSystemHost - ok
06:05:30.0986 0x0c74 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
06:05:31.0017 0x0c74 WebClient - ok
06:05:31.0032 0x0c74 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:05:31.0079 0x0c74 Wecsvc - ok
06:05:31.0110 0x0c74 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:05:31.0142 0x0c74 wercplsupport - ok
06:05:31.0173 0x0c74 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
06:05:31.0188 0x0c74 WerSvc - ok
06:05:31.0220 0x0c74 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:05:31.0235 0x0c74 WfpLwf - ok
06:05:31.0251 0x0c74 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:05:31.0266 0x0c74 WIMMount - ok
06:05:31.0282 0x0c74 WinDefend - ok
06:05:31.0298 0x0c74 WinHttpAutoProxySvc - ok
06:05:31.0329 0x0c74 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:05:31.0376 0x0c74 Winmgmt - ok
06:05:31.0485 0x0c74 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
06:05:31.0563 0x0c74 WinRM - ok
06:05:31.0610 0x0c74 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
06:05:31.0641 0x0c74 WinUsb - ok
06:05:31.0688 0x0c74 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
06:05:31.0734 0x0c74 Wlansvc - ok
06:05:31.0766 0x0c74 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
06:05:31.0766 0x0c74 WmiAcpi - ok
06:05:31.0797 0x0c74 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:05:31.0859 0x0c74 wmiApSrv - ok
06:05:31.0890 0x0c74 WMPNetworkSvc - ok
06:05:31.0906 0x0c74 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:05:31.0922 0x0c74 WPCSvc - ok
06:05:31.0953 0x0c74 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:05:31.0968 0x0c74 WPDBusEnum - ok
06:05:31.0984 0x0c74 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:05:32.0031 0x0c74 ws2ifsl - ok
06:05:32.0046 0x0c74 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
06:05:32.0078 0x0c74 wscsvc - ok
06:05:32.0078 0x0c74 WSearch - ok
06:05:32.0156 0x0c74 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
06:05:32.0218 0x0c74 wuauserv - ok
06:05:32.0249 0x0c74 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:05:32.0280 0x0c74 WudfPf - ok
06:05:32.0312 0x0c74 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:05:32.0343 0x0c74 WUDFRd - ok
06:05:32.0358 0x0c74 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:05:32.0374 0x0c74 wudfsvc - ok
06:05:32.0405 0x0c74 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
06:05:32.0436 0x0c74 WwanSvc - ok
06:05:32.0452 0x0c74 ================ Scan global ===============================
06:05:32.0468 0x0c74 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
06:05:32.0499 0x0c74 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
06:05:32.0530 0x0c74 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
06:05:32.0561 0x0c74 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
06:05:32.0592 0x0c74 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
06:05:32.0592 0x0c74 [ Global ] - ok
06:05:32.0592 0x0c74 ================ Scan MBR ==================================
06:05:32.0624 0x0c74 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:05:32.0811 0x0c74 \Device\Harddisk0\DR0 - ok
06:05:32.0811 0x0c74 ================ Scan VBR ==================================
06:05:32.0811 0x0c74 [ A2EEFE83827606B601364086A6BCF0C4 ] \Device\Harddisk0\DR0\Partition1
06:05:32.0826 0x0c74 \Device\Harddisk0\DR0\Partition1 - ok
06:05:32.0826 0x0c74 [ B58634CA3811FA5BEEA458A3D7867AF8 ] \Device\Harddisk0\DR0\Partition2
06:05:32.0826 0x0c74 \Device\Harddisk0\DR0\Partition2 - ok
06:05:32.0826 0x0c74 Waiting for KSN requests completion. In queue: 148
06:05:33.0840 0x0c74 Waiting for KSN requests completion. In queue: 148
06:05:34.0855 0x0c74 Waiting for KSN requests completion. In queue: 148
06:05:35.0993 0x0c74 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2016.330 ), 0x40000 ( disabled : updated )
06:05:35.0993 0x0c74 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2016.330 ), 0x40010 ( disabled )
06:05:36.0009 0x0c74 Win FW state via NFP2: enabled
06:05:38.0599 0x0c74 ============================================================
06:05:38.0599 0x0c74 Scan finished
06:05:38.0599 0x0c74 ============================================================
06:05:38.0614 0x10c4 Detected object count: 0
06:05:38.0614 0x10c4 Actual detected object count: 0
06:11:29.0037 0x0be8 Deinitialize success

#6
pystryker

Posted 22 March 2014 - 08:06 AM

Trusted Helper

Malware Removal
3,912 posts

So sorry I missed that one! Here it is....

No worries

TDSSKiller came back clean and the other logs are looking good. Let's run a scan for remnants and out of date programs. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
Proceed through the setup
- Choose your language
- Accept the License Agreement
- Select Destination Location
- Select Start Menu Folder
- Select Addtional Tasks
- Click Install
- In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
  - Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
  - Keep the check mark beside Update Malwarebytes' Anti-Malware
  - Keep the check mark beside Launch Malwarebytes' Anti-Malware
- Click Finish.
- If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan
Click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Step 2: Scan with ESET Online Scanner

Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ----> Posted Image

Select the option YES, I accept the Terms of Use then click on Start
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
Now click on Finish
Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan

Download Security Check Posted Image

by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

ESET Scan Log

MBAM Log

SecurityCheck Log

Question: How is the computer running?

#7
l3arefoot

Posted 22 March 2014 - 11:39 AM

Member

Topic Starter
Member
40 posts

Hey there!

The computer seems to be running better! Thank You!!!

However I hit the wrong d/l button at the security check site and it installed yahoo toolbar and some pc cleaners among other things. oops, hope this doesn't mess us up. I hate those sneaky toolbar downloads.

Here are the logs....

ESET scan log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

MBAM log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Bears :: BEARS-1B [administrator]

3/22/2014 11:54:12 AM
mbam-log-2014-03-22 (11-54-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216073
Time elapsed: 3 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SecurityCheck log

Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Smart PC Cleaner v3.2
Java 7 Update 51
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
windows defender MpCmdRun.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#8
pystryker

Posted 22 March 2014 - 11:46 AM

Trusted Helper

Malware Removal
3,912 posts

Hey there!

The computer seems to be running better! Thank You!!!

However I hit the wrong d/l button at the security check site and it installed yahoo toolbar and some pc cleaners among other things. oops, hope this doesn't mess us up. I hate those sneaky toolbar downloads.

Hello

Regading that toolbar and other items, we'll get a fresh look at your system and get rid of them. However, the ESET log is incomplete. Please check here: C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt. and post the log there.

But let's get a fresh look with OTL and see what got installed. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
Please make sure the following boxes are checked.
Scan All Users
Use Company-Name WhiteList
Skip Microsoft Files
Use No-Company-Name Whitelist
LOP Check
Purity Check
Please check Use Safelist is checked under Extra Registry.
Click the Run Scan button.

Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
Please post each log in your next reply.

Things I need to see in your next post:

ESET Scanner Log

Fresh OTL Log

Fresh Extras Log

#9
l3arefoot

Posted 22 March 2014 - 04:50 PM

Member

Topic Starter
Member
40 posts

ok...that eset log is thre one posted before. Should I run that scan again to produce a new log? At any rate here is the new otls

OTL logfile created on: 3/22/2014 6:29:49 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bears\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 63.56% Memory free
6.99 Gb Paging File | 5.37 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 379.79 Gb Free Space | 81.56% Space Free | Partition Type: NTFS

Computer Name: BEARS-1B | User Name: Bears | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/22 16:11:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PRC - [2014/03/20 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
PRC - [2014/03/20 18:14:58 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/20 18:14:58 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/20 18:14:50 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/03/06 12:09:44 | 000,146,736 | ---- | M] () -- C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
PRC - [2014/02/14 22:39:16 | 000,424,048 | ---- | M] (Smart PC Cleaner) -- C:\Program Files (x86)\Smart PC Cleaner\SPCSmartScan.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/19 06:09:58 | 000,294,240 | ---- | M] () -- C:\Users\Bears\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
PRC - [2013/12/19 06:09:36 | 000,539,488 | ---- | M] () -- C:\Users\Bears\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
PRC - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 20:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/07/08 11:33:36 | 001,497,120 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/02/14 22:18:56 | 000,079,728 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/22 13:29:07 | 000,541,696 | ---- | M] () -- C:\Users\Bears\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
MOD - [2014/03/06 12:09:44 | 000,146,736 | ---- | M] () -- C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
MOD - [2014/02/27 07:04:55 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/27 07:04:28 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/27 07:03:58 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/27 07:03:58 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/02/27 04:04:55 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\2526b5a3ab48717e858a08c3a4a8000c\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/02/27 04:04:54 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/27 04:04:53 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/02/27 04:04:51 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/27 04:04:50 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/27 04:04:45 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 04:04:41 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/27 04:04:39 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 04:04:38 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/27 04:04:34 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 04:04:34 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/27 04:04:31 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll
MOD - [2014/02/27 04:04:30 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 04:04:29 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 04:04:26 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 04:04:25 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 04:04:20 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/12/19 06:09:58 | 000,294,240 | ---- | M] () -- C:\Users\Bears\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
MOD - [2013/12/19 06:09:36 | 000,539,488 | ---- | M] () -- C:\Users\Bears\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
MOD - [2013/10/21 05:59:48 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2011/04/23 19:50:29 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\wlanapp.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/20 18:14:58 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/20 18:14:50 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/03/11 20:55:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Stopped] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/20 18:15:01 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/03/20 18:15:01 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/03/20 18:15:01 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/03/20 18:15:01 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/03/20 18:15:01 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/03/20 18:15:01 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/03/20 18:15:00 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/03/20 18:14:53 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/03/20 18:14:50 | 000,445,304 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2013/02/07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/02 03:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2014/03/22 18:19:29 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Bears\Desktop
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.genieo...056,IE11,0,6944
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes,DefaultScope = {B33BC37A-4B95-4e66-B65F-25166BB18426}
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes\{1D1F2ABD-00D0-4157-945C-BD15C36D8F98}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes\{4DD13C9C-9BDF-40F5-91C6-49EC77F94086}: "URL" = http://search.genieo...q={searchTerms}
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes\{95D2F487-9B42-4C5F-A654-DCB114840AE4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes\{B33BC37A-4B95-4e66-B65F-25166BB18426}: "URL" = http://search.yahoo....12,20028,0,31,0
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49202;https=127.0.0.1:49202

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 20:14:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 20:14:09 | 000,000,000 | ---D | M]

[2011/05/02 23:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Extensions
[2014/03/22 05:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions

========== Chrome ==========

O1 HOSTS File: ([2014/03/22 05:25:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SaveDailyDeals) - {E16E8A02-5F7D-407E-B1DB-23A301DB5580} - C:\Program Files (x86)\SaveDailyDeals\SaveDailyDeals_x64.dll (SaveDailyDeals)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Bears\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SaveDailyDeals) - {E16E8A02-5F7D-407E-B1DB-23A301DB5580} - C:\Program Files (x86)\SaveDailyDeals\SaveDailyDeals.dll (SaveDailyDeals)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4199163246-788662237-2672092255-1000..\Run: [ContentExplorer] C:\Users\Bears\AppData\Roaming\ContentExplorer\ContentExplorer.exe (ContentExplorer)
O4 - HKU\S-1-5-21-4199163246-788662237-2672092255-1000..\Run: [GenieoSystemTray] C:\Users\Bears\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
O4 - HKU\S-1-5-21-4199163246-788662237-2672092255-1000..\Run: [GenieoUpdaterService] C:\Users\Bears\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
O4 - HKU\S-1-5-21-4199163246-788662237-2672092255-1000..\Run: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..Trusted Domains: genieo.com ([search] http in Trusted sites)
O15 - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/22 16:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/22 16:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/22 14:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2014/03/22 13:39:33 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Genieo
[2014/03/22 13:32:33 | 000,000,000 | ---D | C] -- C:\Users\Bears\Documents\Smart PC Cleaner
[2014/03/22 13:32:31 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Smart PC Cleaner
[2014/03/22 13:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
[2014/03/22 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2014/03/22 13:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
[2014/03/22 13:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Earth Networks
[2014/03/22 13:31:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EC8EAC95-AB39-4699-974D-A45DFE7C2764}
[2014/03/22 13:31:27 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Fighters
[2014/03/22 13:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2014/03/22 13:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2014/03/22 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2014/03/22 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters
[2014/03/22 13:28:29 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/03/22 13:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014/03/22 13:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner
[2014/03/22 13:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Cleaner
[2014/03/22 13:25:09 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Genieo
[2014/03/22 13:22:21 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\InstallX Search Protect for Yahoo
[2014/03/22 13:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2014/03/22 13:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Weather Channel
[2014/03/22 13:22:13 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Local\Downloaded Installations
[2014/03/22 13:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveDailyDeals
[2014/03/22 13:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveDailyDeals
[2014/03/22 13:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/03/22 13:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/03/22 13:20:59 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\ContentExplorer
[2014/03/22 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveDailyDeals Updater
[2014/03/22 13:19:27 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2014/03/22 13:19:26 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Local\ArcadeParlor
[2014/03/22 13:17:11 | 000,911,896 | ---- | C] (SafeInstall, LLC) -- C:\Users\Bears\Desktop\7zip_14371_stn2.exe
[2014/03/22 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/03/22 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Malwarebytes
[2014/03/22 11:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/22 11:52:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/22 11:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/22 11:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/22 11:50:37 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Local\Programs
[2014/03/22 11:44:21 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bears\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/22 05:49:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/22 05:47:14 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Bears\Desktop\JRT.exe
[2014/03/22 05:38:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/22 05:33:36 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\puter fix
[2014/03/22 05:24:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/20 19:36:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
[2014/03/20 18:15:00 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/20 18:14:50 | 000,445,304 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/03/09 08:38:58 | 000,000,000 | ---D | C] -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites_files
[2014/03/02 15:43:45 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\malcom
[2014/02/28 20:32:09 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\school
[2014/02/25 08:13:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[1 C:\Users\Bears\Desktop\*.tmp files -> C:\Users\Bears\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/22 18:27:41 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Bears-Startup.job
[2014/03/22 18:27:18 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/22 18:27:18 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/22 18:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/22 18:25:02 | 001,541,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/22 18:25:02 | 000,419,474 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/22 18:25:02 | 000,006,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/22 18:20:06 | 000,003,284 | ---- | M] () -- C:\Users\Bears\AppData\Roaming\ANIWZCS{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2014/03/22 18:19:57 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2014/03/22 18:19:35 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/22 18:19:35 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Bears-Notification.job
[2014/03/22 18:19:29 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2014/03/22 18:19:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/22 18:19:08 | 2816,647,168 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/22 17:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/22 15:49:50 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\ArcadeParlor.job
[2014/03/22 15:06:07 | 000,000,490 | ---- | M] () -- C:\Users\Bears\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.website
[2014/03/22 13:39:33 | 000,002,209 | ---- | M] () -- C:\Users\Bears\Desktop\Genieo.lnk
[2014/03/22 13:32:00 | 000,001,207 | ---- | M] () -- C:\Users\Bears\Desktop\Driver Genius.lnk
[2014/03/22 13:31:40 | 000,001,895 | ---- | M] () -- C:\Users\Bears\Desktop\WeatherBug®.lnk
[2014/03/22 13:31:21 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
[2014/03/22 13:27:26 | 000,001,093 | ---- | M] () -- C:\Users\Bears\Desktop\Smart PC Cleaner.lnk
[2014/03/22 13:27:11 | 000,987,448 | ---- | M] () -- C:\Users\Bears\Desktop\SecurityCheck.exe
[2014/03/22 13:22:17 | 000,002,771 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Weather.lnk
[2014/03/22 13:17:21 | 000,911,896 | ---- | M] (SafeInstall, LLC) -- C:\Users\Bears\Desktop\7zip_14371_stn2.exe
[2014/03/22 11:52:29 | 000,001,133 | ---- | M] () -- C:\Users\Bears\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/03/22 11:52:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 11:45:11 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bears\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/22 06:03:07 | 004,110,135 | ---- | M] () -- C:\Users\Bears\Desktop\tdsskiller.zip
[2014/03/22 05:47:14 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Bears\Desktop\JRT.exe
[2014/03/22 05:37:28 | 001,950,720 | ---- | M] () -- C:\Users\Bears\Desktop\adwcleaner.exe
[2014/03/22 05:25:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/03/20 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
[2014/03/20 18:15:45 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/03/20 18:15:01 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/20 18:15:01 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/03/20 18:15:01 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/20 18:15:01 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/20 18:15:01 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/03/20 18:15:01 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/20 18:15:01 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/20 18:15:00 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/20 18:15:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/20 18:14:53 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/03/20 18:14:50 | 000,445,304 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/03/14 05:44:26 | 000,308,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/13 20:48:15 | 000,104,968 | ---- | M] () -- C:\Users\Bears\Desktop\d4g_entry_form.pdf
[2014/03/12 21:22:53 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/03/09 08:39:02 | 000,490,695 | ---- | M] () -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites.htm
[2014/03/01 23:49:00 | 000,154,656 | ---- | M] () -- C:\Users\Bears\Documents\2013-03-01 12.11.18.jpg
[1 C:\Users\Bears\Desktop\*.tmp files -> C:\Users\Bears\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/22 13:39:33 | 000,002,209 | ---- | C] () -- C:\Users\Bears\Desktop\Genieo.lnk
[2014/03/22 13:32:00 | 000,001,207 | ---- | C] () -- C:\Users\Bears\Desktop\Driver Genius.lnk
[2014/03/22 13:31:40 | 000,001,895 | ---- | C] () -- C:\Users\Bears\Desktop\WeatherBug®.lnk
[2014/03/22 13:31:27 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-Bears-Notification.job
[2014/03/22 13:31:27 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-Bears-Startup.job
[2014/03/22 13:31:21 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
[2014/03/22 13:27:26 | 000,001,093 | ---- | C] () -- C:\Users\Bears\Desktop\Smart PC Cleaner.lnk
[2014/03/22 13:26:22 | 000,987,448 | ---- | C] () -- C:\Users\Bears\Desktop\SecurityCheck.exe
[2014/03/22 13:22:17 | 000,002,771 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Weather.lnk
[2014/03/22 13:19:26 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\ArcadeParlor.job
[2014/03/22 11:52:29 | 000,001,133 | ---- | C] () -- C:\Users\Bears\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/03/22 11:52:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 06:02:42 | 004,110,135 | ---- | C] () -- C:\Users\Bears\Desktop\tdsskiller.zip
[2014/03/22 05:37:21 | 001,950,720 | ---- | C] () -- C:\Users\Bears\Desktop\adwcleaner.exe
[2014/03/13 20:48:15 | 000,104,968 | ---- | C] () -- C:\Users\Bears\Desktop\d4g_entry_form.pdf
[2014/03/09 08:38:56 | 000,490,695 | ---- | C] () -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites.htm
[2014/03/01 23:49:00 | 000,154,656 | ---- | C] () -- C:\Users\Bears\Documents\2013-03-01 12.11.18.jpg
[2013/06/06 20:41:46 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2012/04/13 18:27:20 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/20 10:54:16 | 001,435,108 | ---- | C] () -- C:\Users\Bears\5500 series.pdf
[2011/04/23 19:53:02 | 000,003,284 | ---- | C] () -- C:\Users\Bears\AppData\Roaming\ANIWZCS{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2011/04/23 19:52:40 | 000,000,280 | ---- | C] () -- C:\Users\Bears\AppData\Roaming\ANICONFIG_{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/21 07:15:12 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\AVAST Software
[2014/03/22 13:21:30 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\ContentExplorer
[2014/03/22 13:31:27 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Fighters
[2013/07/04 07:41:00 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Garmin
[2014/03/22 13:25:10 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Genieo
[2014/03/22 13:22:32 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\InstallX Search Protect for Yahoo
[2014/01/11 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Motorola
[2014/01/11 18:30:19 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Motorola Mobility
[2014/01/25 03:29:32 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Oracle
[2011/04/23 21:35:18 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Sammsoft
[2014/03/22 13:32:31 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Smart PC Cleaner

========== Purity Check ==========

< End of report >

Extras

OTL Extras logfile created on: 3/22/2014 6:29:49 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bears\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 63.56% Memory free
6.99 Gb Paging File | 5.37 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 379.79 Gb Free Space | 81.56% Space Free | Partition Type: NTFS

Computer Name: BEARS-1B | User Name: Bears | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10073EAF-737D-45C6-983A-506A18DA0E2D}" = rport=445 | protocol=6 | dir=out | app=system |
"{1F186247-6710-4251-AFF5-9F14FE31693F}" = lport=138 | protocol=17 | dir=in | app=system |
"{215337BC-F757-43EE-88C7-39E21C99157E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{40F5FF48-97A8-42CB-B3D1-4C3BA2D50080}" = lport=137 | protocol=17 | dir=in | app=system |
"{465D20AD-F59A-4EF8-AE45-9B698F6C3A08}" = rport=139 | protocol=6 | dir=out | app=system |
"{4DFD906C-26F1-4167-A2B2-581BE04B8118}" = rport=137 | protocol=17 | dir=out | app=system |
"{5A4AC8AE-4809-48A2-8427-D970B20B3A4B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BE27EC04-E930-4646-BCCE-4B2229A5E52B}" = lport=139 | protocol=6 | dir=in | app=system |
"{CC3F6D49-BFA2-45D9-B5B3-DBFFE2909261}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF6E2411-6DCB-48BC-BE96-D2BCDAE048A7}" = rport=138 | protocol=17 | dir=out | app=system |
"{DD07EAD3-313F-4319-AE93-9222D51123F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E55CF1E5-6BCB-4D5A-B778-6FFF662D8DC6}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F746877-068B-42F4-B8A0-9014C0DC9EE8}" = protocol=58 | dir=in | [email protected],-28545 |
"{26483267-A6BA-4C09-83A5-C31F676D718E}" = protocol=58 | dir=out | [email protected],-28546 |
"{5CCD9F66-731E-49EE-B0F0-8C7CEDA1BAFE}" = protocol=1 | dir=out | [email protected],-28544 |
"{76C677F9-7F5E-4E30-BCC8-77147F0CFF29}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{F7C08925-E649-46D3-9B23-23A1287DAEB7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{072F9059-ECE9-4EA5-A10A-6971DA14D465}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}" = Motorola Mobile Drivers Installation 6.3.0
"{7648D847-AEBC-4DEF-ADA2-F93314A5F4F2}" = SLOW-PCfighter
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Shop for HP Supplies" = Shop for HP Supplies
"SLOW-PCfighter" = SLOW-PCfighter

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{167158CE-1637-4167-8A1C-C2549EEA966A}" = The Weather Channel App
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EF082D0-2DEF-4D45-98C8-64365D58D240}" = TurboTax 2012 wohiper
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4CA54C97-67B1-4507-9BE0-0ED39C24FA32}" = TurboTax 2012 wpaiper
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B09.1119.01
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"avast" = avast! Internet Security
"ContentExplorer" = ContentExplorer
"Driver Genius_is1" = Driver Genius
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"SaveDailyDeals" = SaveDailyDeals
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.2
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"WeatherBug®" = WeatherBug®
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B74443DB-5A88-4583-860A-F0D06EF399E3}" = ArcadeParlor
"genieo" = Genieo

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2014 6:04:17 AM | Computer Name = Bears-1b | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 3/22/2014 6:04:17 AM | Computer Name = Bears-1b | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 3/22/2014 1:12:56 PM | Computer Name = Bears-1b | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 3/22/2014 3:21:51 PM | Computer Name = Bears-1b | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521,
time stamp: 0x53114399 Faulting module name: SaveDailyDeals.dll, version: 1.0.0.1,
time stamp: 0x5320664f Exception code: 0xc0000005 Fault offset: 0x00013541 Faulting
process id: 0x2dc8 Faulting application start time: 0x01cf4603f944fbac Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\SaveDailyDeals\SaveDailyDeals.dll Report Id: 383341f9-b1f7-11e3-8b38-1c6f6546eb49

Error - 3/22/2014 3:22:11 PM | Computer Name = Bears-1b | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521,
time stamp: 0x53114399 Faulting module name: SaveDailyDeals.dll, version: 1.0.0.1,
time stamp: 0x5320664f Exception code: 0xc0000005 Fault offset: 0x00013541 Faulting
process id: 0x3b98 Faulting application start time: 0x01cf460405dec5e5 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\SaveDailyDeals\SaveDailyDeals.dll Report Id: 44109dd5-b1f7-11e3-8b38-1c6f6546eb49

Error - 3/22/2014 5:30:06 PM | Computer Name = Bears-1b | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 3/22/2014 6:15:33 PM | Computer Name = Bears-1b | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 3/22/2014 6:15:33 PM | Computer Name = Bears-1b | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 3/22/2014 6:24:59 PM | Computer Name = Bears-1b | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 3/22/2014 6:24:59 PM | Computer Name = Bears-1b | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ System Events ]
Error - 3/22/2014 5:58:42 AM | Computer Name = Bears-1b | Source = DCOM | ID = 10010
Description =

Error - 3/22/2014 3:23:12 PM | Computer Name = Bears-1b | Source = DCOM | ID = 10016
Description =

Error - 3/22/2014 3:58:58 PM | Computer Name = Bears-1b | Source = DCOM | ID = 10016
Description =

Error - 3/22/2014 4:32:22 PM | Computer Name = Bears-1b | Source = DCOM | ID = 10016
Description =

Error - 3/22/2014 6:09:58 PM | Computer Name = Bears-1b | Source = DCOM | ID = 10010
Description =

Error - 3/22/2014 6:10:07 PM | Computer Name = Bears-1b | Source = DCOM | ID = 10010
Description =

Error - 3/22/2014 6:18:29 PM | Computer Name = Bears-1b | Source = DCOM | ID = 10010
Description =

Error - 3/22/2014 6:19:59 PM | Computer Name = Bears-1b | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Garmin
Core Update Service service to connect.

Error - 3/22/2014 6:19:59 PM | Computer Name = Bears-1b | Source = Service Control Manager | ID = 7000
Description = The Garmin Core Update Service service failed to start due to the
following error: %%1053

< End of report >

#10
pystryker

Posted 22 March 2014 - 06:34 PM

Trusted Helper

Malware Removal
3,912 posts

ok...that eset log is thre one posted before. Should I run that scan again to produce a new log? At any rate here is the new otls

Hello

Let's get rid of the new adware and junk and then we'll run ESET again down the road a ways. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Program Uninstalls

Please uninstall the following programs from your machine:

SLOW-PCfighter
EasySaver B9.1214.1
MarketResearch
ContentExplorer
Driver Genius
SaveDailyDeals
Smart Pc Cleaner v3.2
Yahoo! Toolbar

Step 2: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.genieo...056,IE11,0,6944
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..\SearchScopes\{4DD13C9C-9BDF-40F5-91C6-49EC77F94086}: "URL" = http://search.genieo...q={searchTerms}
O2:64bit: - BHO: (SaveDailyDeals) - {E16E8A02-5F7D-407E-B1DB-23A301DB5580} - C:\Program Files (x86)\SaveDailyDeals\SaveDailyDeals_x64.dll (SaveDailyDeals)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Bears\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
O2 - BHO: (SaveDailyDeals) - {E16E8A02-5F7D-407E-B1DB-23A301DB5580} - C:\Program Files (x86)\SaveDailyDeals\SaveDailyDeals.dll (SaveDailyDeals)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKU\S-1-5-21-4199163246-788662237-2672092255-1000..\Run: [ContentExplorer] C:\Users\Bears\AppData\Roaming\ContentExplorer\ContentExplorer.exe (ContentExplorer)
O4 - HKU\S-1-5-21-4199163246-788662237-2672092255-1000..\Run: [GenieoSystemTray] C:\Users\Bears\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
O4 - HKU\S-1-5-21-4199163246-788662237-2672092255-1000..\Run: [GenieoUpdaterService] C:\Users\Bears\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O15 - HKU\S-1-5-21-4199163246-788662237-2672092255-1000\..Trusted Domains: genieo.com ([search] http in Trusted sites)
[2014/03/22 14:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2014/03/22 13:39:33 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Genieo
[2014/03/22 13:32:33 | 000,000,000 | ---D | C] -- C:\Users\Bears\Documents\Smart PC Cleaner
[2014/03/22 13:32:31 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Smart PC Cleaner
[2014/03/22 13:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
[2014/03/22 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2014/03/22 13:31:27 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Fighters
[2014/03/22 13:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2014/03/22 13:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2014/03/22 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2014/03/22 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters
[2014/03/22 13:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner
[2014/03/22 13:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Cleaner
[2014/03/22 13:25:09 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Genieo
[2014/03/22 13:22:21 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\InstallX Search Protect for Yahoo
[2014/03/22 13:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveDailyDeals
[2014/03/22 13:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveDailyDeals
[2014/03/22 13:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/03/22 13:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/03/22 13:20:59 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\ContentExplorer
[2014/03/22 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaveDailyDeals Updater
[2014/03/22 13:19:27 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2014/03/22 13:19:26 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Local\ArcadeParlor
[2014/03/22 15:49:50 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\ArcadeParlor.job
[2014/03/22 13:39:33 | 000,002,209 | ---- | M] () -- C:\Users\Bears\Desktop\Genieo.lnk
[2014/03/22 13:32:00 | 000,001,207 | ---- | M] () -- C:\Users\Bears\Desktop\Driver Genius.lnk
[2014/03/22 13:31:21 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
[2014/03/22 13:27:26 | 000,001,093 | ---- | M] () -- C:\Users\Bears\Desktop\Smart PC Cleaner.lnk
[2014/03/22 13:21:30 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\ContentExplorer
[2014/03/22 13:31:27 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Fighters
[2014/03/22 13:25:10 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Genieo
[2014/03/22 13:22:32 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\InstallX Search Protect for Yahoo
[2014/03/22 13:32:31 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Smart PC Cleaner

:Files
C:\Program Files (x86)\Smart PC Cleaner
C:\Users\Bears\AppData\Roaming\Genieo
C:\Program Files (x86)\Fighters
C:\Program Files (x86)\Driver-Soft
C:\Program Files (x86)\Yahoo!

:Commands
[emptytemp]

Click the Run Fix button at the top of the OTL control panel.
Let the program run until it's finished and then reboot the computer.
Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.

Step 3: AdwCleaner

Posted Image

Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
Close any open windows or browsers.
Pause your Anti-Virus program if it is running.
Once it starts, click on the Scan button.
Let the scan complete itself. This may take a few minutes.
Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

This report is also saved at C:\AdwCleaner[R0].txt

Step 4: Junkware Removal Tool

Start Junkware Removal Tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 5: OTL Quick Scan

Start OTL and this time click the Quick Scan button
OTL will scan your system and produce one log when finished.
Please post that log in your next reply.

Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

#11
l3arefoot

Posted 22 March 2014 - 08:04 PM

Member

Topic Starter
Member
40 posts

Hi. I'm afraid I closed the otl fix log window without saving it. What should I do? Sorry

#12
pystryker

Posted 22 March 2014 - 08:14 PM

Trusted Helper

Malware Removal
3,912 posts

Hi. I'm afraid I closed the otl fix log window without saving it. What should I do? Sorry

No worries

You can find a copy of it here: C:\_OTL\MovedFiles

#13
l3arefoot

Posted 22 March 2014 - 08:21 PM

Member

Topic Starter
Member
40 posts

sweet. I'm on it oh wise one! :thumbsup:

#14
l3arefoot

Posted 22 March 2014 - 09:10 PM

Member

Topic Starter
Member
40 posts

Hello! Here are the latest logs...

OTL fix

OTL logfile created on: 3/22/2014 10:53:01 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bears\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 68.25% Memory free
6.99 Gb Paging File | 5.71 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 379.72 Gb Free Space | 81.54% Space Free | Partition Type: NTFS

Computer Name: BEARS-1B | User Name: Bears | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/20 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
PRC - [2014/03/20 18:14:58 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/20 18:14:58 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/20 18:14:50 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 20:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/21 05:59:48 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2011/04/23 19:50:29 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\wlanapp.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/20 18:14:58 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/20 18:14:50 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/03/11 20:55:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/20 18:15:01 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/03/20 18:15:01 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/03/20 18:15:01 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/03/20 18:15:01 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/03/20 18:15:01 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/03/20 18:15:01 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/03/20 18:15:00 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/03/20 18:14:53 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/03/20 18:14:50 | 000,445,304 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2013/02/07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/02 03:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2014/03/22 21:37:04 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Bears\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A EA 16 8B 35 46 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {B33BC37A-4B95-4e66-B65F-25166BB18426}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{1D1F2ABD-00D0-4157-945C-BD15C36D8F98}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{95D2F487-9B42-4C5F-A654-DCB114840AE4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B33BC37A-4B95-4e66-B65F-25166BB18426}: "URL" = http://search.yahoo....12,20028,0,31,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;192.168.*.*

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 20:14:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 20:14:09 | 000,000,000 | ---D | M]

[2011/05/02 23:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Extensions
[2014/03/22 05:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2014/03/22 05:25:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/22 21:21:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Garmin
[2014/03/22 16:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/22 16:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/22 13:22:13 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Local\Downloaded Installations
[2014/03/22 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/03/22 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Malwarebytes
[2014/03/22 11:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/22 11:52:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/22 11:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/22 11:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/22 11:50:37 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Local\Programs
[2014/03/22 11:44:21 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bears\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/22 05:49:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/22 05:47:14 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Bears\Desktop\JRT.exe
[2014/03/22 05:38:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/22 05:24:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/20 19:36:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
[2014/03/20 18:15:00 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/20 18:14:50 | 000,445,304 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/03/09 08:38:58 | 000,000,000 | ---D | C] -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites_files
[2014/03/02 15:43:45 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\malcom
[2014/02/28 20:32:09 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\school
[2014/02/25 08:13:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[1 C:\Users\Bears\Desktop\*.tmp files -> C:\Users\Bears\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/22 22:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/22 22:37:42 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/22 22:37:42 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/22 22:37:31 | 001,591,050 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/22 22:37:31 | 000,436,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/22 22:37:31 | 000,006,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/22 22:30:35 | 000,003,284 | ---- | M] () -- C:\Users\Bears\AppData\Roaming\ANIWZCS{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2014/03/22 22:30:25 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2014/03/22 22:30:09 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2014/03/22 22:30:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/22 22:30:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/22 22:29:53 | 2816,647,168 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/22 22:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/22 15:06:07 | 000,000,490 | ---- | M] () -- C:\Users\Bears\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.website
[2014/03/22 13:27:11 | 000,987,448 | ---- | M] () -- C:\Users\Bears\Desktop\SecurityCheck.exe
[2014/03/22 11:52:29 | 000,001,133 | ---- | M] () -- C:\Users\Bears\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/03/22 11:52:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 11:45:11 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bears\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/22 06:03:07 | 004,110,135 | ---- | M] () -- C:\Users\Bears\Desktop\tdsskiller.zip
[2014/03/22 05:47:14 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Bears\Desktop\JRT.exe
[2014/03/22 05:37:28 | 001,950,720 | ---- | M] () -- C:\Users\Bears\Desktop\adwcleaner.exe
[2014/03/22 05:25:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/03/20 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
[2014/03/20 18:15:45 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/03/20 18:15:01 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/20 18:15:01 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/03/20 18:15:01 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/20 18:15:01 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/20 18:15:01 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/03/20 18:15:01 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/20 18:15:01 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/20 18:15:00 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/20 18:15:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/20 18:14:53 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/03/20 18:14:50 | 000,445,304 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/03/14 05:44:26 | 000,308,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/13 20:48:15 | 000,104,968 | ---- | M] () -- C:\Users\Bears\Desktop\d4g_entry_form.pdf
[2014/03/12 21:22:53 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/03/09 08:39:02 | 000,490,695 | ---- | M] () -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites.htm
[2014/03/01 23:49:00 | 000,154,656 | ---- | M] () -- C:\Users\Bears\Documents\2013-03-01 12.11.18.jpg
[1 C:\Users\Bears\Desktop\*.tmp files -> C:\Users\Bears\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/22 13:26:22 | 000,987,448 | ---- | C] () -- C:\Users\Bears\Desktop\SecurityCheck.exe
[2014/03/22 11:52:29 | 000,001,133 | ---- | C] () -- C:\Users\Bears\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/03/22 11:52:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 06:02:42 | 004,110,135 | ---- | C] () -- C:\Users\Bears\Desktop\tdsskiller.zip
[2014/03/22 05:37:21 | 001,950,720 | ---- | C] () -- C:\Users\Bears\Desktop\adwcleaner.exe
[2014/03/13 20:48:15 | 000,104,968 | ---- | C] () -- C:\Users\Bears\Desktop\d4g_entry_form.pdf
[2014/03/09 08:38:56 | 000,490,695 | ---- | C] () -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites.htm
[2014/03/01 23:49:00 | 000,154,656 | ---- | C] () -- C:\Users\Bears\Documents\2013-03-01 12.11.18.jpg
[2013/06/06 20:41:46 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2012/04/13 18:27:20 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/20 10:54:16 | 001,435,108 | ---- | C] () -- C:\Users\Bears\5500 series.pdf
[2011/04/23 19:53:02 | 000,003,284 | ---- | C] () -- C:\Users\Bears\AppData\Roaming\ANIWZCS{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2011/04/23 19:52:40 | 000,000,280 | ---- | C] () -- C:\Users\Bears\AppData\Roaming\ANICONFIG_{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/21 07:15:12 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\AVAST Software
[2013/07/04 07:41:00 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Garmin
[2014/01/11 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Motorola
[2014/01/11 18:30:19 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Motorola Mobility
[2014/01/25 03:29:32 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Oracle
[2011/04/23 21:35:18 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Sammsoft

========== Purity Check ==========

< End of report >

AdwCleaner

# AdwCleaner v3.022 - Report created 22/03/2014 at 22:29:05
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bears - BEARS-1B
# Running from : C:\Users\Bears\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v

[ File : C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3636 octets] - [22/03/2014 05:40:15]
AdwCleaner[R1].txt - [1476 octets] - [22/03/2014 22:25:00]
AdwCleaner[S0].txt - [3589 octets] - [22/03/2014 05:42:21]
AdwCleaner[S1].txt - [1413 octets] - [22/03/2014 22:29:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1473 octets] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bears on Sat 03/22/2014 at 22:31:57.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/22/2014 at 22:37:25.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL scan

OTL logfile created on: 3/22/2014 10:53:01 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bears\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 68.25% Memory free
6.99 Gb Paging File | 5.71 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 379.72 Gb Free Space | 81.54% Space Free | Partition Type: NTFS

Computer Name: BEARS-1B | User Name: Bears | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/20 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
PRC - [2014/03/20 18:14:58 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/20 18:14:58 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/20 18:14:50 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 20:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/21 05:59:48 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2011/04/23 19:50:29 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\wlanapp.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/20 18:14:58 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/20 18:14:50 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/03/11 20:55:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/15 10:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/20 18:15:01 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/03/20 18:15:01 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/03/20 18:15:01 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/03/20 18:15:01 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/03/20 18:15:01 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/03/20 18:15:01 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/03/20 18:15:00 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/03/20 18:14:53 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/03/20 18:14:50 | 000,445,304 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2013/02/07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/02 03:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2014/03/22 21:37:04 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Bears\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A EA 16 8B 35 46 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {B33BC37A-4B95-4e66-B65F-25166BB18426}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{1D1F2ABD-00D0-4157-945C-BD15C36D8F98}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{95D2F487-9B42-4C5F-A654-DCB114840AE4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B33BC37A-4B95-4e66-B65F-25166BB18426}: "URL" = http://search.yahoo....12,20028,0,31,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;192.168.*.*

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 20:14:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 20:14:09 | 000,000,000 | ---D | M]

[2011/05/02 23:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Extensions
[2014/03/22 05:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2014/03/22 05:25:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/22 21:21:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Garmin
[2014/03/22 16:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/22 16:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/22 13:22:13 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Local\Downloaded Installations
[2014/03/22 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/03/22 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Roaming\Malwarebytes
[2014/03/22 11:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/22 11:52:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/22 11:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/22 11:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/22 11:50:37 | 000,000,000 | ---D | C] -- C:\Users\Bears\AppData\Local\Programs
[2014/03/22 11:44:21 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bears\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/22 05:49:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/22 05:47:14 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Bears\Desktop\JRT.exe
[2014/03/22 05:38:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/22 05:24:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/20 19:36:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
[2014/03/20 18:15:00 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/20 18:14:50 | 000,445,304 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/03/09 08:38:58 | 000,000,000 | ---D | C] -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites_files
[2014/03/02 15:43:45 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\malcom
[2014/02/28 20:32:09 | 000,000,000 | ---D | C] -- C:\Users\Bears\Desktop\school
[2014/02/25 08:13:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[1 C:\Users\Bears\Desktop\*.tmp files -> C:\Users\Bears\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/22 22:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/22 22:37:42 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/22 22:37:42 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/22 22:37:31 | 001,591,050 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/22 22:37:31 | 000,436,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/22 22:37:31 | 000,006,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/22 22:30:35 | 000,003,284 | ---- | M] () -- C:\Users\Bears\AppData\Roaming\ANIWZCS{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2014/03/22 22:30:25 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2014/03/22 22:30:09 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2014/03/22 22:30:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/22 22:30:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/22 22:29:53 | 2816,647,168 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/22 22:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/22 15:06:07 | 000,000,490 | ---- | M] () -- C:\Users\Bears\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.website
[2014/03/22 13:27:11 | 000,987,448 | ---- | M] () -- C:\Users\Bears\Desktop\SecurityCheck.exe
[2014/03/22 11:52:29 | 000,001,133 | ---- | M] () -- C:\Users\Bears\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/03/22 11:52:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 11:45:11 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bears\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/22 06:03:07 | 004,110,135 | ---- | M] () -- C:\Users\Bears\Desktop\tdsskiller.zip
[2014/03/22 05:47:14 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Bears\Desktop\JRT.exe
[2014/03/22 05:37:28 | 001,950,720 | ---- | M] () -- C:\Users\Bears\Desktop\adwcleaner.exe
[2014/03/22 05:25:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/03/20 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bears\Desktop\OTL.exe
[2014/03/20 18:15:45 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/03/20 18:15:01 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/20 18:15:01 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/03/20 18:15:01 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/20 18:15:01 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/20 18:15:01 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/03/20 18:15:01 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/20 18:15:01 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/20 18:15:00 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/20 18:15:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/20 18:14:53 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/03/20 18:14:50 | 000,445,304 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/03/14 05:44:26 | 000,308,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/13 20:48:15 | 000,104,968 | ---- | M] () -- C:\Users\Bears\Desktop\d4g_entry_form.pdf
[2014/03/12 21:22:53 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/03/09 08:39:02 | 000,490,695 | ---- | M] () -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites.htm
[2014/03/01 23:49:00 | 000,154,656 | ---- | M] () -- C:\Users\Bears\Documents\2013-03-01 12.11.18.jpg
[1 C:\Users\Bears\Desktop\*.tmp files -> C:\Users\Bears\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/22 13:26:22 | 000,987,448 | ---- | C] () -- C:\Users\Bears\Desktop\SecurityCheck.exe
[2014/03/22 11:52:29 | 000,001,133 | ---- | C] () -- C:\Users\Bears\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/03/22 11:52:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/22 06:02:42 | 004,110,135 | ---- | C] () -- C:\Users\Bears\Desktop\tdsskiller.zip
[2014/03/22 05:37:21 | 001,950,720 | ---- | C] () -- C:\Users\Bears\Desktop\adwcleaner.exe
[2014/03/13 20:48:15 | 000,104,968 | ---- | C] () -- C:\Users\Bears\Desktop\d4g_entry_form.pdf
[2014/03/09 08:38:56 | 000,490,695 | ---- | C] () -- C:\Users\Bears\Documents\22 Books You Should Read Now, Based On Your Childhood Favorites.htm
[2014/03/01 23:49:00 | 000,154,656 | ---- | C] () -- C:\Users\Bears\Documents\2013-03-01 12.11.18.jpg
[2013/06/06 20:41:46 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2012/04/13 18:27:20 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/20 10:54:16 | 001,435,108 | ---- | C] () -- C:\Users\Bears\5500 series.pdf
[2011/04/23 19:53:02 | 000,003,284 | ---- | C] () -- C:\Users\Bears\AppData\Roaming\ANIWZCS{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}
[2011/04/23 19:52:40 | 000,000,280 | ---- | C] () -- C:\Users\Bears\AppData\Roaming\ANICONFIG_{353E09C1-F7B6-45F4-B4C0-A51AE84B7495}.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/21 07:15:12 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\AVAST Software
[2013/07/04 07:41:00 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Garmin
[2014/01/11 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Motorola
[2014/01/11 18:30:19 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Motorola Mobility
[2014/01/25 03:29:32 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Oracle
[2011/04/23 21:35:18 | 000,000,000 | ---D | M] -- C:\Users\Bears\AppData\Roaming\Sammsoft

========== Purity Check ==========

< End of report >

#15
pystryker

Posted 22 March 2014 - 09:56 PM

Trusted Helper

Malware Removal
3,912 posts

Hello

You've posted the OTL quick scan log twice, but not the fix log. However, the AdwCleaner and Junkware Removal tool scans show that the OTL fix did it's job as they didn't find much left at all and I don't see anything in the quick scan log.

Ok, let's sweep for remnants with Malwarebytes and ESET. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes

Please open the program.
Click on the Update tab then click Check for Updates
If an update is found, it will download and install the latest version.
Once the program has loaded, check the following settings:
- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
On the Scanner tab, check Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Select the option YES, I accept the Terms of Use then click on Start
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
Now click on Finish
Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.