Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware infection

Malware & sluggis performance

  • Please log in to reply

#1
Mrs_Roboto

Mrs_Roboto

    Member

  • Member
  • PipPip
  • 37 posts

Hello and thank you in advance for your help.  

 

I am working on my mothers computer and I believe that she has some malware.  For the most part she is playing "free" word games and puzzles that she downloads from various places. Here computer extremely sluggish and often non responsive.  I have run Spybot Search and Destroy and MalwareBytes.  Both programs caught and cleaned up several issues but the computer is still performing rather poorly. I am hoping that you may be able to help.

 

Thank you.

 

OTL logfile created on: 1/10/2015 8:45:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rich\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 40.19% Memory free
3.75 Gb Paging File | 1.66 Gb Available in Paging File | 44.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 106.89 Gb Free Space | 74.08% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.83 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 277.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: STEVE-PC | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/10 08:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
PRC - [2014/12/12 10:21:24 | 005,489,944 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/12/10 04:11:35 | 000,855,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe
PRC - [2014/12/05 18:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/03 20:36:41 | 000,202,600 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2014/11/03 20:36:32 | 000,375,144 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2014/10/31 11:11:38 | 004,779,264 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 11:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 11:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 18:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/05/20 15:27:24 | 000,119,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/26 13:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/04/10 23:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/20 19:23:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
PRC - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/10/17 10:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/07/05 20:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/05 18:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 18:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/10/15 02:23:10 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/15 02:23:04 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 02:22:53 | 001,871,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\97bbbd410c21d79e55ed5519faab853d\System.Deployment.ni.dll
MOD - [2014/10/15 02:22:53 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 02:22:48 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\51d4d139f9b740978450f2aa473f6f13\System.Security.ni.dll
MOD - [2014/10/15 02:22:45 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 02:22:44 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 02:22:38 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 02:22:36 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/10/15 02:06:42 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\a7bd32e88ebbcfc66f59ac0945861adf\dfsvc.ni.exe
MOD - [2014/09/10 02:43:56 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/02/26 03:03:37 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2008/08/30 03:59:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/03/02 10:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2014/12/10 04:11:39 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/03 20:36:41 | 000,202,600 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/11/03 20:36:32 | 000,375,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 11:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/04/13 08:49:00 | 000,101,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2015/01/10 08:21:36 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/11/21 06:14:16 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/11/03 20:36:34 | 000,086,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2014/07/17 17:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/05/30 10:07:27 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/10/26 14:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 06:17:15 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/08/30 05:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/10/30 11:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 CB 60 E9 AA 2B D0 01  [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CA36D1E6-2D97-45A8-9F49-8CAD8101A09F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{CA36D1E6-2D97-45A8-9F49-8CAD8101A09F}: "URL" = https://search.yahoo...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@ei.DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBossEI\Installr\1.bin\NPv4EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@ei.WeatherBlink.com/Plugin: C:\Program Files\WeatherBlinkEI\Installr\1.bin\NPgcEISB.dll (WeatherBlink)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DailyBibleGuide\bar\1.bin
 
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/06/03 14:29:08 | 000,604,003 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  am1.activemeter.com #[server down?]
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  cms.ad2click.nl
O1 - Hosts: 16164 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {0631bff0-6846-48ca-982d-d62d7f376e97} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2a942ab7-2073-49bc-a7e1-77e93835889a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2A942AB7-2073-49BC-A7E1-77E93835889A} - No CLSID value found.
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (MSN Games – Matchmaking)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jigsaw%20Puzzle%202%20Mix/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.co....cab?10,0,910,0 (DigWebHelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F17937B-E293-4C38-9CFB-1682302F61D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E18E4F40-05F5-4E1C-8DCE-C1EFA89EA173}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/10 08:44:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
[2015/01/10 08:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/10 08:32:41 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Deployment
[2015/01/10 08:32:41 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Apps
[2015/01/09 23:55:41 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozyHome
[2015/01/09 23:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\MozyHome
[2015/01/09 21:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/01/09 21:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/01/09 20:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
[2015/01/09 20:28:14 | 001,061,888 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe
[2015/01/09 20:28:14 | 000,475,648 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr
[2015/01/09 20:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.3.1
[2015/01/08 20:05:28 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/01/08 20:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/08 20:03:46 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015/01/08 20:03:46 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015/01/08 20:03:46 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015/01/08 20:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/01/08 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\Rich\Documents\ProcAlyzer Dumps
[2015/01/08 18:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2015/01/08 18:53:55 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2015/01/08 18:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2015/01/08 18:36:57 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\TuneUp Software
[2015/01/08 18:33:06 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\MFAData
[2015/01/01 18:06:07 | 000,000,000 | ---D | C] -- C:\Users\Rich\AppData\Local\Avg2015
[2014/12/29 17:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jigsaw Puzzle Platinum 2
[2014/12/29 17:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Jigsaw Puzzle Platinum 2
[2014/12/24 22:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/10 08:48:56 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/01/10 08:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Desktop\OTL.exe
[2015/01/10 08:42:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/10 08:40:07 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/10 08:38:09 | 000,001,999 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/10 08:36:47 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/10 08:21:28 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2015/01/10 08:20:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/10 08:20:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/10 08:20:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/10 08:20:16 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/10 08:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/09 23:58:25 | 000,004,800 | ---- | M] () -- C:\Windows\mozy.blk
[2015/01/09 23:58:24 | 000,008,298 | ---- | M] () -- C:\Windows\mozy.flt
[2015/01/09 23:55:41 | 000,000,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2015/01/09 23:19:05 | 004,806,328 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/01/09 23:19:03 | 001,567,368 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/01/09 21:09:01 | 000,365,862 | ---- | M] () -- C:\Users\Rich\Documents\cc_20150109_210827.reg
[2015/01/09 17:29:24 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2015/01/09 17:29:24 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2015/01/07 10:29:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2015/01/01 18:05:10 | 000,000,947 | ---- | M] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
========== Files Created - No Company Name ==========
 
[2015/01/10 08:36:47 | 000,001,999 | ---- | C] () -- C:\Users\Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/10 08:36:47 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/10 08:34:24 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/10 08:34:20 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/09 23:55:41 | 000,000,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2015/01/09 21:08:31 | 000,365,862 | ---- | C] () -- C:\Users\Rich\Documents\cc_20150109_210827.reg
[2015/01/08 18:54:38 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2015/01/08 18:54:37 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2015/01/08 18:54:32 | 000,000,644 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2015/01/08 18:54:09 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2015/01/01 18:01:54 | 1878,515,712 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/14 14:52:25 | 000,011,324 | -HS- | C] () -- C:\ProgramData\3fnj0083gkusx12liwje8ko07cgt6w38w4i63ghdjfpl507
[2009/02/10 13:40:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008/03/19 06:09:04 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\Acer GameZone Console
[2015/01/08 18:36:57 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:9D7DCAE4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2B9724CF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:17639624
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DF8984AC
 
< End of report >
 
 
 
 

OTL Extras logfile created on: 1/10/2015 8:45:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rich\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 40.19% Memory free
3.75 Gb Paging File | 1.66 Gb Available in Paging File | 44.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 106.89 Gb Free Space | 74.08% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.83 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 277.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: STEVE-PC | User Name: Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8266:TCP" = 8266:TCP:*:Enabled:Remote Assistance Local
"4087:TCP" = 4087:TCP:*:Enabled:Remote Assistance Remote
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{123D72EE-38D2-4545-B7A2-0B4711CF0175}" = lport=138 | protocol=17 | dir=in | app=system | 
"{19F284A3-387B-40B0-AAFB-FC94BF9D6E55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1AF4D5F3-B881-4619-BA7A-E87AA74C9EC8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1C97F8DE-ECFB-4AA0-93F9-F9CF496A63DA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2FC53D11-A4C1-4C51-B0CF-CDBD23A6B03A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3CA6DAC3-0DEB-4A7D-93EE-03237F8CB96E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{622FB560-B189-4623-8C99-E7856950056C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{85A98C6D-6184-47B7-8679-A1AEFF4606D2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9642C854-CD94-4228-9862-D94103908397}" = lport=137 | protocol=17 | dir=in | app=system | 
"{97D3A3B5-6C43-4A13-B60A-265FBC378D16}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{99D59549-1222-4905-A422-FA6D92A21A14}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{D168FA47-3CFB-49FB-ADAE-42CB3F039CB7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D68C406A-4383-4186-A2EF-4B321B76A5F1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D8AB8B1F-202F-4092-88DF-F58AC89C3464}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DDB2928E-1846-4C14-9E94-62DC86710E7D}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093DF7DB-4358-456C-9812-97D551FFE92E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0ADE27F2-8D7A-40C5-8141-275D35EFD47D}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{1A19CFA4-A4B5-44B3-9C1C-9D8EDC8182FD}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{2F0D1915-AD71-49AA-B1C2-16DD2FC73D6F}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{2F119B2C-C6F3-4B79-A4A8-9B7ED8A14995}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{430601B9-7687-40CC-953B-29076DB4C0D0}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{46C7F134-C389-42A4-BA31-C4E39306E03C}" = protocol=58 | dir=in | [email protected],-28545 | 
"{47EFC949-5CC2-438A-A4B4-710BB3A6BF64}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{52DABF9D-2E89-43C7-9F20-90B55920F110}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{55A8D584-05BB-4889-A42D-50C736E7023E}" = protocol=1 | dir=out | [email protected],-28544 | 
"{65CEC6A7-D03A-44FD-9E21-DBC754AF9AFD}" = dir=in | app=%systemroot%\system32\svchost.exe | 
"{77DC02AE-61E9-4E73-997D-367A2D262B6E}" = protocol=1 | dir=in | [email protected],-28543 | 
"{78739E2B-FCA9-4244-B646-34BD4BBFF5EB}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
"{83C3F493-D21B-42DC-B3D0-D1AD71552C07}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
"{86F4452F-E040-43CF-A179-608F605796BE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{87208C5E-6390-4A0A-8A0E-25729BE042A9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{905294F6-6247-44C8-A106-D02B32123EA6}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{99B83050-0AD1-41FE-96D2-F1EE075ED7DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A099755A-1FDD-4ED6-AC39-1073EEDF77EE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{A6688B51-F7E0-4E31-B04E-C7EE342C41B7}" = protocol=58 | dir=out | [email protected],-28546 | 
"{BE1135C7-184B-470F-8CEA-6558E12C0151}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{D6260F0C-5F9E-4C1E-A633-8B48BF58F938}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D973ADD6-4794-46E4-99AE-3A6B19AEA36F}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
"{E1F71F6D-EA1A-4004-A4D7-273C5C26D59E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{E37A1A99-5BD9-4526-88AB-2DA0C137EAE6}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{E7B5C69E-3F6D-4BD7-9888-7514C30FD6E7}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{F348BA4B-7F72-4076-9A2B-0E53FEB20E6D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{FC8EBBBB-4F0C-4122-B8B1-257E79A41DA9}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0478A597-5B05-5671-B594-27427A642AE5}" = CCC Help Chinese Traditional
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0856323C-4103-4658-C5A8-FB16ED3079F5}" = Catalyst Control Center Localization Greek
"{08AD32A8-D704-4FC8-DB04-CA90A373D9C3}" = Catalyst Control Center Localization Portuguese
"{0A23CBF1-CCB0-B411-6A7A-A177E376BF70}" = Catalyst Control Center Localization Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E92F644-6E11-8FE3-1BFC-5DB09A79F9B3}" = CCC Help Japanese
"{0ECD1EB9-CBB5-09BA-5947-74CBDA3011FC}" = CCC Help Spanish
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{12EDCFD1-E000-F4F2-A3E6-A6C15D0F8A63}" = Catalyst Control Center Graphics Previews Vista
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BDBEDD-5264-29E1-1BFB-6F64FD943596}" = CCC Help Czech
"{1AFA55D1-EA04-9E87-4537-929E66B60D69}" = CCC Help Russian
"{1C028265-E8D7-751F-246F-9FD52CD237A8}" = Catalyst Control Center Localization Hungarian
"{1CCB52B9-FB58-0729-5C26-E8F8B3162043}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FA97774-2351-8DF4-7853-BEB20C726DFB}" = Catalyst Control Center Localization Russian
"{1FB9A0D0-DC5C-B75A-36EE-414706846CC2}" = Catalyst Control Center Localization Italian
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20308457-CE7C-85A9-1B8F-6C521B2B4CCF}" = CCC Help Hungarian
"{213ABE23-10B9-F45F-DC87-63DACAD40C0D}" = Skins
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{24C7254F-C2D5-22FC-7C7C-F17E4894530E}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{28FD3796-5271-EF11-DA27-2939ACA62515}" = CCC Help Greek
"{29456613-49DE-D48C-10E6-06AD36EEE3D7}" = CCC Help Norwegian
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{31C4615C-45C3-776C-AE54-9CE4B76E9DD1}" = CCC Help Korean
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C1AC91-2D4A-59C1-6875-B3692D1E0365}" = Catalyst Control Center Localization Chinese Standard
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4708942C-76A1-ECC8-5B3D-0D412D68DF24}" = Catalyst Control Center Localization Dutch
"{47247CC1-1221-9449-B4EF-8C9F6D02C1A0}" = CCC Help Swedish
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E084313-093F-5947-CEB9-DE41FD24EF1B}" = Catalyst Control Center Localization Czech
"{52F4AC33-36D4-78D2-E694-7AAC07CD6C5A}" = Catalyst Control Center Graphics Light
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{59FD9D9B-29F9-7572-C2B1-30B65AB2BC29}" = Catalyst Control Center Localization Japanese
"{5D976966-B187-E4D5-5AF1-23C54556E173}" = CCC Help German
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AD90C4B-89D3-5961-F13F-835E73DA1082}" = ccc-utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110313550}" = Jigsaw 365
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}" = Wheel of Fortune 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{856D0363-1C0A-1562-46E7-A9ECABC8DF78}" = CCC Help Polish
"{88AE47C9-A9D2-E89D-C165-573D8015336D}" = MozyHome
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8CCFDB06-9B09-12D7-F1D4-1E22AC7583E0}" = Catalyst Control Center Localization Finnish
"{8D982E57-BF86-BEE7-3944-BD346EFE6A24}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FAE8DE8-A63C-F5DE-D9F7-E011BBD44C32}" = CCC Help Turkish
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0D21ABE-D004-5F89-4485-1BF4C7B3D66A}" = Catalyst Control Center Graphics Full Existing
"{A37978CF-6E03-238A-6571-7EA53B8FAE1B}" = Catalyst Control Center Localization Norwegian
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A687B4D9-0047-468F-ABCC-2783FA23768A}" = PE585QA-32
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A830CA28-932E-6081-EEAA-31A6173DCA23}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A980B2A8-661F-35CD-4C3C-8EECE2F5F5D1}" = Catalyst Control Center Localization Korean
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF04309C-7CFC-C0F4-8A75-5135AF07FD1A}" = ccc-core-static
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B20A9F0F-9504-A107-E381-E956CE96EE86}" = Catalyst Control Center Localization Chinese Traditional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3BCCEC8-58B0-4B2A-0B25-2DF887F06E55}" = CCC Help Danish
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B5CCC9F7-3D21-B444-7EB4-235C1E0AC551}" = CCC Help Dutch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC24FA40-8A7A-42FF-0B9A-5FB02E2A5536}" = CCC Help Thai
"{C49624DD-C504-4279-B9E0-65A2EB6E1619}" = PG583_32_inf
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CCA08326-B1CA-A2A7-10A1-EA1978847514}" = Catalyst Control Center Localization German
"{CDD3ACE0-7C01-10C8-495D-831EB9375095}" = Catalyst Control Center Localization Thai
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D6093905-1B7B-D236-2054-CC0B3E08B413}" = ATI Catalyst Install Manager
"{D7BFE046-4862-AF73-0FB9-E3723BDFDE40}" = CCC Help French
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBED8673-81E5-7763-F3E5-887E43F2E428}" = CCC Help English
"{DC9A7C58-A8A8-0B6D-F1FA-6A35DE82A8E7}" = CCC Help Chinese Standard
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3FECA8-82DD-B597-80EB-6236918FFABB}" = Catalyst Control Center Localization Polish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E16BEE5B-82E8-574E-786F-B21DC03E7091}" = Catalyst Control Center Localization Spanish
"{E32DF02F-0C8F-DE2F-9E76-4EA3960D7083}" = Catalyst Control Center Localization Turkish
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8302B10-2762-1C24-596C-ED5FFBA1E041}" = Catalyst Control Center Localization French
"{E940B035-8220-4C6B-C064-D6E4424553FC}" = Catalyst Control Center Graphics Full New
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEA4C854-4B15-2FD3-BDE8-9654EC55AB72}" = Catalyst Control Center Localization Swedish
"94838B7B13A76BE9FC61DA8A3B7C3F0BB00FFCF1" = Windows Driver Package - Conexant (cxpl_mhd) Media  (11/07/2007 6.0.104.0038)
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"D7EC1A6C98F357A7E4C53FF66325D99F66B1F590" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media  (12/14/2007 6.1.32.42)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"Jigs@w Puzzle 2 Mix" = Jigs@w Puzzle 2 Mix
"Jigsaw Puzzle Platinum 2" = Jigsaw Puzzle Platinum 2
"Linksys Wireless Manager" = Linksys Wireless Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/24/2012 8:53:59 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
 
Error - 4/24/2012 8:55:20 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
 
Error - 4/24/2012 8:56:40 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
 
Error - 4/24/2012 8:58:00 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
 
Error - 4/24/2012 8:59:21 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
 
Error - 4/24/2012 9:00:41 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
 
Error - 4/24/2012 9:02:02 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
 
Error - 4/24/2012 9:03:22 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
 
Error - 4/24/2012 9:04:42 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
 
Error - 4/24/2012 9:06:03 PM | Computer Name = Steve-PC | Source = LogMeIn | ID = 113
Description = Startup of the HTTP Listener subsystem failed with error code 0x0000277a.
 
[ Media Center Events ]
Error - 6/11/2009 8:28:14 PM | Computer Name = Steve-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 9/11/2009 7:31:24 PM | Computer Name = Steve-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 10/11/2009 11:22:26 PM | Computer Name = Steve-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 1/1/2012 2:28:46 PM | Computer Name = Steve-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
[ System Events ]
Error - 1/8/2015 10:10:55 PM | Computer Name = Steve-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 1/9/2015 8:20:44 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 1/10/2015 12:21:10 AM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 1/10/2015 12:21:10 AM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 1/10/2015 1:47:08 AM | Computer Name = Steve-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
 but none of the cipher suites supported by the client application are supported
 by the server. The SSL connection request has failed.
 
Error - 1/10/2015 2:10:47 AM | Computer Name = Steve-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:04:07 PM on 1/9/2015 was unexpected.
 
Error - 1/10/2015 2:40:13 AM | Computer Name = Steve-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.191.1847.0     Update Source: %%859     Update Stage:
 %%854     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803
 
User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.11302.0
 
Error
 code: 0x80070643     Error description: Fatal error during installation. 
 
Error - 1/10/2015 2:43:27 AM | Computer Name = Steve-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 1/10/2015 3:02:24 AM | Computer Name = Steve-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:00:35 AM on 1/10/2015 was unexpected.
 
Error - 1/10/2015 9:17:59 AM | Computer Name = Steve-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:16:11 AM on 1/10/2015 was unexpected.
 
 
< End of report >
 

Edited by Mrs_Roboto, 10 January 2015 - 10:13 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.  Uninstall Speccy.
     
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     

    • 0

    #3
    Mrs_Roboto

    Mrs_Roboto

      Member

    • Topic Starter
    • Member
    • PipPip
    • 37 posts

    Here you go.  Thank you for your help.

     

     

    # AdwCleaner v4.107 - Report created 10/01/2015 at 16:02:32
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-03.1 [Live]
    # Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
    # Username : Rich - STEVE-PC
    # Running from : C:\Users\Rich\Desktop\AdwCleaner.exe
    # Option : Scan
     
    ***** [ Services ] *****
     
    Service Found : Skype C2C Service
     
    ***** [ Files / Folders ] *****
     
    Folder Found : C:\Program Files\GamesBar
    Folder Found : C:\Program Files\gamingwonderlandei
    Folder Found : C:\Program Files\WeatherBlinkEI
    Folder Found : C:\ProgramData\AVG Security Toolbar
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\GamesBarSetup
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@ei.WeatherBlink.com/Plugin
    Key Found : HKLM\SOFTWARE\WeatherBlinkEI
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v9.0.8112.16599
     
     
    -\\ Google Chrome v39.0.2171.95
     
    [C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
     
    *************************
     
    AdwCleaner[R0].txt - [3192 octets] - [10/01/2015 16:02:32]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3252 octets] ##########
     
     
     
    # AdwCleaner v4.107 - Report created 10/01/2015 at 16:05:55
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-03.1 [Live]
    # Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
    # Username : Rich - STEVE-PC
    # Running from : C:\Users\Rich\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
    [x] Not Deleted : Skype C2C Service
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\Program Files\GamesBar
    Folder Deleted : C:\Program Files\WeatherBlinkEI
    Folder Deleted : C:\Program Files\gamingwonderlandei
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.WeatherBlink.com/Plugin
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
    Key Deleted : HKLM\SOFTWARE\GamesBarSetup
    Key Deleted : HKLM\SOFTWARE\WeatherBlinkEI
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v9.0.8112.16599
     
     
    -\\ Google Chrome v39.0.2171.95
     
    [C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
     
    *************************
     
    AdwCleaner[R0].txt - [3332 octets] - [10/01/2015 16:02:32]
    AdwCleaner[S0].txt - [3309 octets] - [10/01/2015 16:05:55]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3369 octets] ##########
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows Vista ™ Home Premium x86
    Ran by Rich on Sat 01/10/2015 at 16:18:46.84
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0631BFF0-6846-48CA-982D-D62D7F376E97}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEEA7FA9-D1F4-49A2-9B1F-6FB7A2D9BC2A}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0631bff0-6846-48ca-982d-d62d7f376e97}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0631bff0-6846-48ca-982d-d62d7f376e97}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a}
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\Users\Rich\appdata\locallow\alot"
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 01/10/2015 at 16:22:41.14
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
    Ran by Rich (administrator) on STEVE-PC on 10-01-2015 16:26:32
    Running from C:\Users\Rich\Desktop
    Loaded Profile: Rich (Available profiles: eljeffries & Rich & Guest)
    Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    () C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    (Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\LifeExp.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
    (Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [eRecoveryService] => [X]
    HKLM\...\Run: [NWEReboot] => [X]
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2011-01-11] (LogMeIn, Inc.)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-05] (Realtek Semiconductor)
    HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/w...REczSE8tSVU5MkQ"&"inst=NzctNjYwNDczMDQ3LUZMMTArMS1ERFQrNjM5NTQtTFNEKzItREQxMEYrMS1TVDEwR (the data entry has 176 more characters).
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
    ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
    ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
    BootExecute: autocheck autochk * sdnclean.exe
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    URLSearchHook: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
    URLSearchHook: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 - (No Name) - {f15ff29f-85a1-43cd-9674-e5ba40016c97} -  No File
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = 
    SearchScopes: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = 
    SearchScopes: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    SearchScopes: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> {CA36D1E6-2D97-45A8-9F49-8CAD8101A09F} URL = https://search.yahoo...p={SearchTerms}
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    Toolbar: HKLM - No Name - {2a942ab7-2073-49bc-a7e1-77e93835889a} -  No File
    Toolbar: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> No Name - {2A942AB7-2073-49BC-A7E1-77E93835889A} -  No File
    DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum%202/Images/stg_drm.ocx
    DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....NPUplden-us.cab
    DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab
    DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
    DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab
    DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab
    DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jigsaw%20Puzzle%202%20Mix/Images/armhelper.ocx
    DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab
    DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.co....cab?10,0,910,0
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF Plugin: @DailyBibleGuide.com/Plugin -> C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
    FF Plugin: @ei.DictionaryBoss.com/Plugin -> C:\Program Files\DictionaryBossEI\Installr\1.bin\NPv4EISB.dll No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-02]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\DailyBibleGuide\bar\1.bin
     
    Chrome: 
    =======
    CHR Profile: C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-10]
    CHR Extension: (Google Docs) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-10]
    CHR Extension: (Google Drive) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-10]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-10]
    CHR Extension: (YouTube) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-10]
    CHR Extension: (Google Search) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-10]
    CHR Extension: (Google Sheets) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-10]
    CHR Extension: (Google Wallet) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-10]
    CHR Extension: (Gmail) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-10]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink) [File not signed]
    R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] () [File not signed]
    R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-03-04] (Egis Incorporated)
    R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
    R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
    S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [File not signed]
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54528 2014-10-31] (Mozy, Inc.)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
    R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] () [File not signed]
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
    R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-10] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
    S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
    R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [57032 2014-10-31] (Mozy, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-19] (NewTech Infosystems, Inc.) [File not signed]
    R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.)
    R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.)
    R2 tvicport; C:\Windows\system32\drivers\tvicport.sys [14544 2007-11-06] (EnTech Taiwan) [File not signed]
    S3 WUSB54GCv3; C:\Windows\System32\DRIVERS\WUSB54GCv3.sys [645120 2008-12-04] (Ralink Technology Corp.)
    R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2007-11-06] (Zeal SoftStudio) [File not signed]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 LMIRfsClientNP; No ImagePath
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-10 16:26 - 2015-01-10 16:27 - 00019709 _____ () C:\Users\Rich\Desktop\FRST.txt
    2015-01-10 16:26 - 2015-01-10 16:26 - 00000088 _____ () C:\Users\Rich\Desktop\Malware infection - Virus, Spyware, Malware Removal.url
    2015-01-10 16:25 - 2015-01-10 16:26 - 00000000 ____D () C:\FRST
    2015-01-10 16:25 - 2015-01-10 16:24 - 01115648 _____ (Farbar) C:\Users\Rich\Desktop\FRST.exe
    2015-01-10 16:24 - 2015-01-10 16:24 - 01115648 _____ (Farbar) C:\Users\Rich\Downloads\FRST.exe
    2015-01-10 16:22 - 2015-01-10 16:22 - 00001922 _____ () C:\Users\Rich\Desktop\JRT.txt
    2015-01-10 16:17 - 2015-01-10 16:17 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-10 16:16 - 2015-01-10 16:16 - 01707939 _____ (Thisisu) C:\Users\Rich\Downloads\JRT.exe
    2015-01-10 16:16 - 2015-01-10 16:16 - 01707939 _____ (Thisisu) C:\Users\Rich\Desktop\JRT.exe
    2015-01-10 16:12 - 2015-01-10 16:12 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-10 16:12 - 2015-01-10 16:12 - 00000000 _____ () C:\Windows\setupact.log
    2015-01-10 16:02 - 2015-01-10 16:05 - 00000000 ____D () C:\AdwCleaner
    2015-01-10 15:56 - 2015-01-10 15:56 - 02191360 _____ () C:\Users\Rich\Downloads\AdwCleaner.exe
    2015-01-10 15:56 - 2015-01-10 15:56 - 02191360 _____ () C:\Users\Rich\Desktop\AdwCleaner.exe
    2015-01-10 11:55 - 2015-01-10 11:55 - 119839445 _____ () C:\Windows\MEMORY.DMP
    2015-01-10 11:55 - 2015-01-10 11:55 - 00200288 _____ () C:\Windows\Minidump\Mini011015-01.dmp
    2015-01-10 08:58 - 2015-01-10 08:58 - 00069414 _____ () C:\Users\Rich\Desktop\Extras First.Txt
    2015-01-10 08:56 - 2015-01-10 08:56 - 00076708 _____ () C:\Users\Rich\Desktop\OTL First.Txt
    2015-01-10 08:44 - 2015-01-10 08:43 - 00602112 _____ (OldTimer Tools) C:\Users\Rich\Desktop\OTL.exe
    2015-01-10 08:43 - 2015-01-10 08:43 - 00602112 _____ (OldTimer Tools) C:\Users\Rich\Downloads\OTL.exe
    2015-01-10 08:36 - 2015-01-10 08:36 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-10 08:36 - 2015-01-10 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-10 08:34 - 2015-01-10 16:13 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-10 08:34 - 2015-01-10 15:39 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-10 08:32 - 2015-01-10 08:33 - 00000000 ____D () C:\Users\Rich\AppData\Local\Deployment
    2015-01-10 08:32 - 2015-01-10 08:32 - 00000000 ____D () C:\Users\Rich\AppData\Local\Apps\2.0
    2015-01-09 23:55 - 2015-01-09 23:55 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozyHome
    2015-01-09 23:55 - 2015-01-09 23:55 - 00000000 ____D () C:\Program Files\MozyHome
    2015-01-09 23:55 - 2014-10-31 11:10 - 00057032 _____ (Mozy, Inc.) C:\Windows\system32\Drivers\mozy.sys
    2015-01-09 23:20 - 2015-01-09 23:20 - 13290048 _____ (Mozy, Inc.) C:\Users\Rich\Downloads\mozy-2_28_0_421-63613.exe
    2015-01-09 23:06 - 2015-01-10 16:11 - 00016936 _____ () C:\Windows\PFRO.log
    2015-01-09 21:08 - 2015-01-09 21:09 - 00365862 _____ () C:\Users\Rich\Documents\cc_20150109_210827.reg
    2015-01-09 21:05 - 2015-01-09 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-01-09 21:04 - 2015-01-09 21:05 - 00000000 ____D () C:\Program Files\CCleaner
    2015-01-09 20:28 - 2015-01-10 02:52 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
    2015-01-09 20:28 - 2015-01-09 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
    2015-01-09 20:28 - 2010-05-21 12:11 - 01061888 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.exe
    2015-01-09 20:28 - 2010-05-21 12:11 - 00475648 _____ (J.C. Kessels) C:\Windows\system32\MyDefragScreenSaver_v4.3.1.scr
    2015-01-08 20:05 - 2015-01-10 16:13 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-08 20:04 - 2015-01-08 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-08 20:03 - 2015-01-08 20:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-01-08 20:03 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-08 20:03 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-08 20:03 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-08 19:58 - 2015-01-08 19:58 - 00000000 ____D () C:\Users\Rich\Documents\ProcAlyzer Dumps
    2015-01-08 18:54 - 2015-01-10 16:13 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    2015-01-08 18:54 - 2015-01-09 17:29 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2015-01-08 18:54 - 2015-01-09 17:29 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    2015-01-08 18:54 - 2015-01-08 18:54 - 00001974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-01-08 18:54 - 2015-01-08 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-01-08 18:53 - 2015-01-08 18:57 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2015-01-08 18:53 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
    2015-01-08 18:36 - 2015-01-08 18:36 - 00000000 ____D () C:\Users\Rich\AppData\Roaming\TuneUp Software
    2015-01-08 18:33 - 2015-01-08 18:33 - 00000000 ____D () C:\Users\Rich\AppData\Local\MFAData
    2015-01-01 18:06 - 2015-01-01 18:06 - 00000000 ____D () C:\Users\Rich\AppData\Local\Avg2015
    2014-12-29 17:45 - 2014-12-29 17:45 - 00000896 _____ () C:\Users\Guest\Desktop\Jigsaw Puzzle Platinum 2.lnk
    2014-12-29 17:45 - 2014-12-29 17:45 - 00000896 _____ () C:\Users\eljeffries\Desktop\Jigsaw Puzzle Platinum 2.lnk
    2014-12-29 17:45 - 2014-12-29 17:45 - 00000000 ____D () C:\Users\eljeffries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jigsaw Puzzle Platinum 2
    2014-12-29 17:45 - 2014-12-29 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jigsaw Puzzle Platinum 2
    2014-12-29 17:45 - 2014-12-29 17:45 - 00000000 ____D () C:\Program Files\Jigsaw Puzzle Platinum 2
    2014-12-24 19:41 - 2014-12-24 19:41 - 00000000 ____D () C:\Users\eljeffries\AppData\Roaming\TuneUp Software
    2014-12-24 19:35 - 2014-12-24 19:35 - 00000000 ____D () C:\Users\eljeffries\AppData\Local\MFAData
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-10 16:25 - 2008-04-23 19:16 - 01152092 _____ () C:\Windows\WindowsUpdate.log
    2015-01-10 16:11 - 2014-01-28 20:36 - 00000885 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2015-01-10 16:11 - 2014-01-28 20:36 - 00000869 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2015-01-10 16:11 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-10 16:11 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-10 16:11 - 2006-11-02 05:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-10 16:10 - 2006-11-02 06:01 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-10 15:11 - 2012-05-01 08:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-10 11:55 - 2009-10-16 10:54 - 00000000 ____D () C:\Windows\Minidump
    2015-01-10 08:37 - 2012-06-02 16:33 - 00000000 ____D () C:\Users\Rich\AppData\Local\Google
    2015-01-10 08:35 - 2009-02-10 13:36 - 00000000 ____D () C:\Program Files\Google
    2015-01-10 00:03 - 2011-07-17 11:32 - 00000000 ____D () C:\ProgramData\LogMeIn
    2015-01-09 23:58 - 2014-10-31 11:11 - 00008298 _____ () C:\Windows\mozy.flt
    2015-01-09 23:58 - 2014-10-31 11:11 - 00004800 _____ () C:\Windows\mozy.blk
    2015-01-09 23:19 - 2006-11-02 03:33 - 00006588 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-09 22:47 - 2013-12-28 13:31 - 00000000 ____D () C:\Users\eljeffries\AppData\Roaming\Skype
    2015-01-09 21:07 - 2008-03-19 05:25 - 00000000 ____D () C:\Windows\Panther
    2015-01-09 20:59 - 2009-02-10 13:36 - 00000000 ____D () C:\ProgramData\Google
    2015-01-09 20:59 - 2008-03-19 06:21 - 00000000 ____D () C:\Program Files\Yahoo!
    2015-01-09 17:29 - 2012-06-03 13:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
    2015-01-09 17:28 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\registration
    2015-01-08 20:03 - 2011-06-23 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-08 19:58 - 2012-06-03 13:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-01-08 18:42 - 2011-06-23 19:43 - 00000000 ____D () C:\Program Files\AVG
    2015-01-08 18:42 - 2011-06-23 19:40 - 00000000 ____D () C:\ProgramData\MFAData
    2015-01-08 18:20 - 2009-03-17 09:11 - 00000000 ____D () C:\Program Files\McAfee
    2015-01-08 18:20 - 2008-03-19 05:43 - 00000000 ____D () C:\ProgramData\McAfee
    2015-01-07 10:29 - 2008-11-19 10:30 - 00000400 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
    2015-01-01 18:05 - 2012-06-02 16:32 - 00000953 _____ () C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-12-31 04:13 - 2009-10-02 20:17 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-12-29 23:11 - 2008-10-19 23:07 - 00000000 __SHD () C:\Users\eljeffries\AppData\Roaming\.#
    2014-12-29 23:05 - 2008-12-10 11:21 - 00000000 ____D () C:\ProgramData\TEMP
    2014-12-29 17:46 - 2010-09-18 14:23 - 00000000 ____D () C:\Users\eljeffries\AppData\Roaming\SpinTop
    2014-12-29 17:45 - 2010-09-18 14:23 - 00000168 _____ () C:\Users\eljeffries\Desktop\More SpinTop Games.url
    2014-12-29 17:45 - 2010-09-18 14:23 - 00000000 ____D () C:\ProgramData\SpinTop
    2014-12-24 21:45 - 2009-04-28 09:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-14 03:02 - 2010-06-10 02:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
     
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-1700449099-1892461700-749610029-1001\$c8eef6c4ade0beb3453ac63829a4dcc2
     
    Some content of TEMP:
    ====================
    C:\Users\eljeffries\AppData\Local\Temp\0117321332616861mcinst.exe
    C:\Users\eljeffries\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\eljeffries\AppData\Local\Temp\nsisdt.dll
    C:\Users\eljeffries\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Guest\AppData\Local\Temp\msgA7F1.exe
    C:\Users\Rich\AppData\Local\Temp\Quarantine.exe
    C:\Users\Rich\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-10 16:26
     
    ==================== End Of Log ============================
     
     
     
    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 94.62 0 K 24 K 0
    dwm.exe 3.08 42,248 K 39,060 K 3208 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    procexp.exe 2.31 25,568 K 36,008 K 1140 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    svchost.exe < 0.01 18,148 K 9,104 K 1200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    SDWSCSvc.exe < 0.01 6,112 K 2,040 K 3136 Windows Security Center integration. Safer-Networking Ltd. (Verified) Safer Networking Ltd.
    mbamservice.exe < 0.01 221,296 K 79,124 K 2160 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
    System < 0.01 0 K 19,192 K 4
    mbam.exe < 0.01 31,424 K 15,932 K 4012 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
    SDFSSvc.exe < 0.01 34,016 K 5,168 K 2288 Spybot-S&D 2 Scanner Service Safer-Networking Ltd. (Verified) Safer Networking Ltd.
    nmsrvc.exe < 0.01 9,412 K 5,608 K 2936 Pure Networks Platform Service Cisco Systems, Inc. (Verified) Cisco-Linksys LLC
    SDTray.exe < 0.01 14,188 K 5,764 K 4084 Spybot - Search & Destroy tray access Safer-Networking Ltd. (Verified) Safer Networking Ltd.
    explorer.exe < 0.01 51,972 K 49,072 K 5076 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    LogMeIn.exe < 0.01 18,968 K 5,372 K 2820 LogMeIn LogMeIn, Inc. (Verified) LogMeIn
    svchost.exe < 0.01 112,344 K 54,500 K 1264 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    MsMpEng.exe < 0.01 238,956 K 7,336 K 1020 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
    csrss.exe < 0.01 2,996 K 10,152 K 652 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    services.exe < 0.01 2,756 K 4,272 K 684 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
    iexplore.exe < 0.01 45,136 K 70,120 K 3148 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
    SDUpdSvc.exe < 0.01 9,436 K 1,044 K 2432 Spybot-S&D 2 Background update service Safer-Networking Ltd. (Verified) Safer Networking Ltd.
    LogMeInSystray.exe < 0.01 3,536 K 2,396 K 3924 LogMeIn Desktop Application LogMeIn, Inc. (Verified) LogMeIn
    chrome.exe < 0.01 59,740 K 81,672 K 5976 Google Chrome Google Inc. (Verified) Google Inc
    mozystat.exe < 0.01 10,708 K 4,136 K 5000 MozyHome Status Application Mozy, Inc. (Verified) EMC Corporation
    lsass.exe < 0.01 3,496 K 4,660 K 696 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe < 0.01 9,620 K 4,312 K 3084 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    c2c_service.exe < 0.01 3,392 K 736 K 2476 Skype C2C Service Skype Technologies S.A. (Verified) Skype Technologies SA
    svchost.exe < 0.01 6,872 K 4,400 K 1424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    CLMSServer.exe < 0.01 6,792 K 792 K 1164 CLMSServer CyberLink (Certificate expired) CyberLink
    CCleaner.exe < 0.01 11,552 K 2,728 K 5164 CCleaner Piriform Ltd (Verified) Piriform Ltd
    csrss.exe < 0.01 1,936 K 2,260 K 580 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 3,588 K 3,840 K 980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    iexplore.exe < 0.01 16,228 K 27,096 K 276 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
    SearchIndexer.exe < 0.01 40,724 K 13,880 K 2592 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    chrome.exe < 0.01 56,348 K 63,312 K 4608 Google Chrome Google Inc. (Verified) Google Inc
    svchost.exe < 0.01 3,264 K 3,784 K 912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    mozybackup.exe < 0.01 4,324 K 444 K 4456 MozyHome Service bootstrapper Mozy, Inc. (Verified) EMC Corporation
    sidebar.exe < 0.01 22,204 K 18,548 K 688 Windows Sidebar Microsoft Corporation (Verified) Microsoft Windows
    capuserv.exe < 0.01 14,468 K 1,144 K 2756 Service (No signature was present in the subject)
    WmiPrvSE.exe < 0.01 43,080 K 47,300 K 3896 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    MemCheck.exe < 0.01 16,776 K 1,624 K 1340 MemCheck.Service (No signature was present in the subject)
    eRecoveryService.exe < 0.01 14,532 K 1,264 K 2644 eRecoveryService Acer Inc. (No signature was present in the subject) Acer Inc.
    svchost.exe < 0.01 72,968 K 66,040 K 1252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    spoolsv.exe < 0.01 6,576 K 4,432 K 1856 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    LMIGuardianSvc.exe < 0.01 2,524 K 2,388 K 1624 LMIGuardianSvc LogMeIn, Inc. (Verified) LogMeIn
    Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
    WUDFHost.exe 2,736 K 324 K 2852 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 11,816 K 11,892 K 3104 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WLIDSVCM.EXE 884 K 276 K 2672 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
    WLIDSVC.EXE 6,556 K 784 K 2556 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
    winlogon.exe 2,100 K 600 K 784 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
    wininit.exe 1,236 K 352 K 640 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe 2,004 K 1,964 K 2216 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe 1,456 K 1,060 K 5024 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 21,200 K 11,396 K 1588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 14,744 K 6,356 K 1880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 4,368 K 752 K 2500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,972 K 620 K 2248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 2,288 K 1,776 K 1372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 584 K 568 K 2540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,612 K 2,088 K 5620 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    smss.exe 288 K 168 K 440 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
    sm56hlpr.exe 1,696 K 1,292 K 2304 SM56 Modem Helper Motorola Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    SLsvc.exe 6,140 K 1,272 K 1388 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
    RtHDVCpl.exe 8,660 K 1,340 K 3988 HD Audio Control Panel Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
    RichVideo.exe 1,184 K 472 K 2268 RichVideo Module (No signature was present in the subject) 
    ramaint.exe 2,144 K 700 K 2068 LogMeIn Maintenance Service LogMeIn, Inc. (Verified) LogMeIn
    notepad.exe 3,276 K 6,816 K 1120 Notepad Microsoft Corporation (Verified) Microsoft Windows
    notepad.exe 1,276 K 560 K 5048 Notepad Microsoft Corporation (Verified) Microsoft Windows
    notepad.exe 1,556 K 5,008 K 5352 Notepad Microsoft Corporation (Verified) Microsoft Windows
    notepad.exe 1,460 K 4,868 K 364 Notepad Microsoft Corporation (Verified) Microsoft Windows
    notepad.exe 1,412 K 1,548 K 5652 Notepad Microsoft Corporation (Verified) Microsoft Windows
    msseces.exe 5,684 K 1,112 K 3952 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
    MSCamS32.exe 7,248 K 672 K 2180 MsCamSvc.exe Microsoft Corporation (Verified) Microsoft Corporation
    mozybackup.exe 18,260 K 3,064 K 4104 MozyHome Service bootstrapper Mozy, Inc. (Verified) EMC Corporation
    mbamscheduler.exe 4,008 K 3,544 K 2092 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
    LSSrvc.exe 1,028 K 288 K 1984 Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
    lsm.exe 2,024 K 1,656 K 708 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
    LifeExp.exe 7,440 K 1,028 K 3960 LifeExp.exe Microsoft Corporation (Verified) Microsoft Corporation
    eDSService.exe 1,360 K 428 K 1676 Acer eDataSecurity Management Service Egis Incorporated (Verified) EGIS TECHNOLOGY INC.
    audiodg.exe 15,516 K 9,084 K 1348 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
    Ati2evxx.exe 2,960 K 1,012 K 1600 ATI External Event Utility EXE Module ATI Technologies Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    Ati2evxx.exe 1,076 K 360 K 1176 ATI External Event Utility EXE Module ATI Technologies Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    ACService.exe 1,148 K 320 K 920 ArcSoft Connect Service ArcSoft Inc. (Verified) ArcSoft
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2015
    Ran by Rich at 2015-01-10 16:27:35
    Running from C:\Users\Rich\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Acer Arcade Live Main Page (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1331 - Acer Inc.)
    Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Inc.)
    Acer DV Magician (HKLM\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.0920 - Acer Inc.)
    Acer DVDivine (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1109 - Acer Inc.)
    Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4360 - Egis Inc.)
    Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
    Acer ePerformance Management (HKLM\...\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}) (Version: 2.5.4002 - Acer Inc.)
    Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
    Acer GameZone Console DTV 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)
    Acer HomeMedia (HKLM\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.4.1331 - Acer Inc.)
    Acer HomeMedia Connect (HKLM\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4931 - Acer Inc.)
    Acer HomeMedia Trial Creator (HKLM\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.4.1331 - Acer Inc.)
    Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
    Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.20070419 - Acer Inc.)
    Acer SlideShow DVD (HKLM\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1109 - Acer Inc.)
    Acer VideoMagician (HKLM\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.1017 - Acer Inc.)
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader 8.1.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.5 - Adobe Systems Incorporated)
    Agatha Christie Death on the Nile (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version:  - Oberon Media)
    Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
    ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
    ArcSoft Print Creations (HKLM\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.6.255.207 - ArcSoft)
    ATI Catalyst Install Manager (HKLM\...\{D6093905-1B7B-D236-2054-CC0B3E08B413}) (Version: 3.0.642.0 - ATI Technologies, Inc.)
    Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version:  - Oberon Media)
    Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version:  - Oberon Media)
    Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version:  - Oberon Media)
    Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version:  - Oberon Media)
    Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version:  - Oberon Media)
    Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
    Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
    Canon MP470 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series) (Version:  - )
    Canon MP470 series User Registration (HKLM\...\Canon MP470 series User Registration) (Version:  - )
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
    Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
    Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
    ccc-core-static (Version: 2007.0815.2142.36937 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
    Chicken Invaders 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)
    Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version:  - Oberon Media)
    ESSBrwr (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSCDBK (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESScore (Version: 7.01.0000.0012 - EASTMAN KODAK Company) Hidden
    ESSgui (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESSini (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESSPCD (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
    ESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    essvatgt (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Flip Words 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version:  - Oberon Media)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Java™ 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
    Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version:  - Oberon Media)
    Jigs@w Puzzle 2 Mix (HKLM\...\Jigs@w Puzzle 2 Mix) (Version:  - Spintop Media, Inc)
    Jigsaw 365 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110313550}) (Version:  - Oberon Media)
    Jigsaw Puzzle Platinum 2 (HKLM\...\Jigsaw Puzzle Platinum 2) (Version:  - Spintop Media, Inc)
    Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KB408682 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}_814) (Version:  - Adobe Systems Incorporated)
    kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
    Kick N Rush (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version:  - Oberon Media)
    Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
    LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
    Linksys Wireless Manager (HKLM\...\Linksys Wireless Manager) (Version: 4.9.9047.0 - Linksys, LLC)
    LogMeIn (HKLM\...\{57573545-74EB-46D2-B362-AA05364E4ED8}) (Version: 4.1.1868 - LogMeIn, Inc.)
    Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)
    Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version:  - Oberon Media)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MCE Software Encoder 1.1 (HKLM\...\{7655E113-C306-11D9-A373-0050BAE317E1}) (Version: 1.1.0.1918 - CyberLink Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
    MozyHome (HKLM\...\{88AE47C9-A9D2-E89D-C165-573D8015336D}) (Version: 2.28.0.421 - Mozy, Inc.)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
    Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version:  - Oberon Media)
    Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)
    netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
    NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
    NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
    NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
    OfotoXMI (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PE585QA-32 (HKLM\...\{A687B4D9-0047-468F-ABCC-2783FA23768A}) (Version: 6.0.0038 - YUAN)
    PG583_32_inf (HKLM\...\{C49624DD-C504-4279-B9E0-65A2EB6E1619}) (Version: 6.01.0042 - YUAN)
    PIXMA Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
    Pure Networks Platform (Version: 11.1.9044.0 - Pure Networks) Hidden
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
    Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    SFR (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
    SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    skin0001 (Version: 7.01.0000.0003 - EASTMAN KODAK Company) Hidden
    Skins (Version: 2007.0815.2142.36937 - ATI) Hidden
    SKINXSDK (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    staticcr (Version: 7.01.0000.0005 - EASTMAN KODAK Company) Hidden
    tooltips (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version:  - Oberon Media)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VPRINTOL (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Wheel of Fortune 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}) (Version:  - Oberon Media)
    Windows Driver Package - Conexant (cxpl_mhd) Media  (11/07/2007 6.0.104.0038) (HKLM\...\94838B7B13A76BE9FC61DA8A3B7C3F0BB00FFCF1) (Version: 11/07/2007 6.0.104.0038 - Conexant)
    Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media  (12/14/2007 6.1.32.42) (HKLM\...\D7EC1A6C98F357A7E4C53FF66325D99F66B1F590) (Version: 12/14/2007 6.1.32.42 - YUAN High-Tech Development Co. Ltd.)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    WIRELESS (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    10-01-2015 07:06:33 Scheduled Checkpoint
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2006-11-02 03:23 - 2012-06-03 14:29 - 00604003 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1  localhost
    127.0.0.1  fr.a2dfp.net
    127.0.0.1  m.fr.a2dfp.net
    127.0.0.1  ad.a8.net
    127.0.0.1  asy.a8ww.net
    127.0.0.1  abcstats.com
    127.0.0.1  a.abv.bg
    127.0.0.1  adserver.abv.bg
    127.0.0.1  adv.abv.bg
    127.0.0.1  bimg.abv.bg
    127.0.0.1  ca.abv.bg
    127.0.0.1  www2.a-counter.kiev.ua
    127.0.0.1  track.acclaimnetwork.com
    127.0.0.1  accuserveadsystem.com
    127.0.0.1  www.accuserveadsystem.com
    127.0.0.1  achmedia.com
    127.0.0.1  aconti.net
    127.0.0.1  secure.aconti.net
    127.0.0.1  www.aconti.net #[Dialer.Aconti]
    127.0.0.1  am1.activemeter.com #[server down?]
    127.0.0.1  www.activemeter.com #[Tracking.Cookie]
    127.0.0.1  ads.activepower.net
    127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
    127.0.0.1  cms.ad2click.nl
    127.0.0.1  ad2games.com
    127.0.0.1  ads.ad2games.com
    127.0.0.1  content.ad20.net
    127.0.0.1  core.ad20.net
    127.0.0.1  banner.ad.nu
     
    There are 1000 more lines.
     
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {1328CF23-6C5F-4EFC-8DAF-3D583F4F6D70} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16
    Task: {21047333-0575-43E0-B5E5-E5645581BDB7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-10] (Google Inc.)
    Task: {5E44FA8E-7558-4135-AA62-4EA9581E9B44} - System32\Tasks\{6242E11F-2772-4FD2-BF79-0C1DDAA7FBA0} => Iexplore.exe http://ui.skype.com/...051280a55e2db88
    Task: {6D8DE713-C680-4D48-969E-31CABF1CFBE4} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
    Task: {7A152A98-CE06-4738-94A2-15517D14FE71} - System32\Tasks\{6B6682C3-87E3-44C9-BF99-BFA03A5BD885} => pcalua.exe -a E:\vsh_10021_enus.exe -d E:\
    Task: {90D28CE5-7EF4-4EF5-858B-7D56112289B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {911C9F95-2F97-4EA7-ABF2-5868E56C93D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
    Task: {9D6A4796-61BE-4945-8DE8-B94E863816FD} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {9E878BC9-FF41-45C1-B2BF-7736C7404380} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {A2398B49-3D9D-45F5-82E0-8CC7C5966732} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-10] (Google Inc.)
    Task: {AB9504C2-7C95-48A6-9AB7-7F657383F381} - System32\Tasks\{9DF93ADC-822F-44BB-9C68-53BF8A8C0232} => pcalua.exe -a E:\SETUP.EXE -d E:\
    Task: {ACB6C32A-F5DC-49C5-A793-48CF73DA9C34} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
    Task: {E25AFFA9-1A39-4F83-933E-251DC51353FA} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\EasyShare Registration Task.job => Ä°Ú9£K¬‰r¶
    F^<
     sÝ€À €!ß
    ;Ö!C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16Steve0Ø
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2008-03-19 06:06 - 2008-01-25 18:49 - 00098304 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
    2008-03-19 06:06 - 2008-01-25 18:49 - 00260096 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll
    2008-03-19 06:01 - 2007-10-17 10:38 - 00028672 _____ () C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    2008-03-19 06:01 - 2007-10-17 09:55 - 00016384 _____ () C:\Acer\Empowering Technology\ePerformance\MemCheck.Interface.dll
    2008-03-19 06:01 - 2007-10-17 10:37 - 00040960 _____ () C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
    2008-03-19 06:04 - 2006-07-19 11:36 - 00262247 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2015-01-08 18:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-01-08 18:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2015-01-08 18:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-01-08 18:53 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2015-01-08 18:53 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2008-04-23 19:29 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
    2008-04-23 19:29 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
    2008-04-23 19:29 - 2007-06-28 18:15 - 00081920 _____ () C:\Acer\Empowering Technology\eRecovery\INT15.dll
    2008-03-19 06:02 - 2007-12-19 18:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    2008-03-19 06:02 - 2007-12-19 18:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
    2008-03-19 06:02 - 2007-12-19 18:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
    2008-03-19 05:24 - 2008-08-30 03:59 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
    2007-03-02 10:44 - 2007-03-02 10:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\TEMP:17639624
    AlternateDataStreams: C:\ProgramData\TEMP:2B9724CF
    AlternateDataStreams: C:\ProgramData\TEMP:9D7DCAE4
    AlternateDataStreams: C:\ProgramData\TEMP:DF8984AC
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^eljeffries^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files\Acer Assist\launcher.exe
    MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Acer\Empowering Technology\SysMonitor.exe
    MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files\Acer Registration\ACE1.exe" /startup
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: Apanel => C:\ACERSW\config\NewSetApanel.cmd
    MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
    MSCONFIG\startupreg: eDataSecurity Loader => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    MSCONFIG\startupreg: Linksys Wireless Manager => "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: nmctxth => "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    MSCONFIG\startupreg: nxflesku => C:\Users\eljeffries\AppData\Local\myuvfombt\yluxyaetssd.exe
    MSCONFIG\startupreg: PCMMediaSharing => C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
    MSCONFIG\startupreg: Setresolution => C:\ACERSW\config\1440x900.cmd
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: Skytel => Skytel.exe
    MSCONFIG\startupreg: SMSERIAL => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1700449099-1892461700-749610029-500 - Administrator - Disabled)
    eljeffries (S-1-5-21-1700449099-1892461700-749610029-1001 - Administrator - Enabled) => C:\Users\eljeffries
    Guest (S-1-5-21-1700449099-1892461700-749610029-501 - Limited - Enabled) => C:\Users\Guest
    Rich (S-1-5-21-1700449099-1892461700-749610029-1002 - Administrator - Enabled) => C:\Users\Rich
     
    ==================== Faulty Device Manager Devices =============
     
    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/10/2015 04:23:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1010) (User: )
    Description: 80004005
     
     
    System errors:
    =============
     
    Microsoft Office Sessions:
    =========================
     
    CodeIntegrity Errors:
    ===================================
      Date: 2015-01-10 16:27:26.690
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-01-10 16:27:25.879
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-01-10 16:27:25.099
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-01-10 16:27:24.334
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-01-10 16:27:23.367
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-01-10 16:27:22.571
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-01-10 16:27:21.776
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-01-10 16:27:20.996
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-01-10 16:26:51.122
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-01-10 16:26:50.357
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD Athlon™ X2 Dual Core Processor BE-2350
    Percentage of memory in use: 46%
    Total physical RAM: 1790.77 MB
    Available physical RAM: 963.05 MB
    Total Pagefile: 3842.07 MB
    Available Pagefile: 2094.86 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1902.67 MB
     
    ==================== Drives ================================
     
    Drive c: (ACER) (Fixed) (Total:144.29 GB) (Free:106.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:143.83 GB) NTFS
    Drive e: (WHEEL) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: D9FED53C)
    Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
    Partition 2: (Active) - (Size=144.3 GB) - (Type=06)
    Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================

    Edited by Mrs_Roboto, 10 January 2015 - 06:27 PM.

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP
    Did you forget the speccy log?  To attach you have to click on More Reply Options then Choose file, Open then Attach file.
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    Download the attached fixlist.txt to the same location as FRST
     
    FRST claims you may have zero access infection so let's run Combofix and tdsskiller:
     

     
    ComboFix
     
    :!: It must be saved to your desktop, do not run it from your browser:!:
     
    :!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
     
    :!: Turn off your screen saver so you can see what is going on
     
    Download and Save this file --  to your Desktop -- from either of these two sources:
     
    Rightclick on ComboFix and select Run As Administrator to start the program.  
     
     
     
        * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
        
        
        * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
     
    Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
    You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
    If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
    If you get an error about a registry value when you try to run a program, then just reboot to clear it.
     
    Save it to your desktop then run it by right clicking and Run As Admin.  (note the .exe is what you want but they seem to have a problem - when you check the box to agree to their conditions the Download button goes grey.  When you uncheck it turns green and allows you to download.)
     
     
    If TDSSKiller alerts you that the system needs to reboot, please consent.
     
    Run TDSSKiller again but this time:
    before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
    In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
    When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
     
     
    We'd better run aswMBR too tho it's going to take a while:
     

    Download aswMBR.exe  to your desktop.
    Right click aswMBR.exe and Run as Administrator
    uncheck trace disk IO calls
    Click the "Scan" button to start scan (Accept the Avast Engine)
    On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
    If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply.
     
     

    • 0

    #5
    Mrs_Roboto

    Mrs_Roboto

      Member

    • Topic Starter
    • Member
    • PipPip
    • 37 posts

    I thought that I attached the file.  Here it is.  Thank you for your help.

    Attached Files


    • 0

    #6
    Mrs_Roboto

    Mrs_Roboto

      Member

    • Topic Starter
    • Member
    • PipPip
    • 37 posts

    I am un able to run the ComboFix tool.  My computer crashes about 3 minutes into the process.  I am also unable to run in Safe Mode as well.  I posted the FRST logs and I have not tried to run the other tools as I am not sure if I is OK to run thinks out of the requested order. 

     

    Thank you for your help.

     

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-01-2015
    Ran by Rich at 2015-01-10 21:59:14 Run:2
    Running from C:\Users\Rich\Desktop
    Loaded Profile: Rich (Available profiles: eljeffries & Rich & Guest)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKLM\...\Run: [eRecoveryService] => [X]
    HKLM\...\Run: [NWEReboot] => [X]
    HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/w...QxMEYrMS1TVDEwR (the data entry has 176 more characters).
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    URLSearchHook: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
    URLSearchHook: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 - (No Name) - {f15ff29f-85a1-43cd-9674-e5ba40016c97} -  No File
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL =
    SearchScopes: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL =
    SearchScopes: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    Toolbar: HKLM - No Name - {2a942ab7-2073-49bc-a7e1-77e93835889a} -  No File
    Toolbar: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-1700449099-1892461700-749610029-1002 -> No Name - {2A942AB7-2073-49BC-A7E1-77E93835889A} -  No File
    FF Plugin: @DailyBibleGuide.com/Plugin -> C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll No File
    FF Plugin: @ei.DictionaryBoss.com/Plugin -> C:\Program Files\DictionaryBossEI\Installr\1.bin\NPv4EISB.dll No File
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\DailyBibleGuide\bar\1.bin
    S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
    S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 LMIRfsClientNP; No ImagePath
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    2015-01-08 18:20 - 2009-03-17 09:11 - 00000000 ____D () C:\Program Files\McAfee
    2015-01-08 18:20 - 2008-03-19 05:43 - 00000000 ____D () C:\ProgramData\McAfee
    C:\$Recycle.Bin\S-1-5-21-1700449099-1892461700-749610029-1001\$c8eef6c4ade0beb3453ac63829a4dcc2
    C:\$Recycle.Bin\S-1-5-21-1700449099-1892461700-749610029-1001
    Task: {1328CF23-6C5F-4EFC-8DAF-3D583F4F6D70} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16
    Task: C:\Windows\Tasks\EasyShare Registration Task.job => Ä°Ú9£K¬‰r¶
    F^<
     sÝ€À €!ß
    ;Ö!C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16Steve0Ø

    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService => Value not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot => Value not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/w...QxMEYrMS1TVDEwR (the data entry has 176 more characters). => Value not found.
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => Key not found.
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value not found.
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f15ff29f-85a1-43cd-9674-e5ba40016c97} => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67} => Key not found.
    HKCR\CLSID\{34e26447-bf30-4c78-a5b9-61dfa8a55e67} => Key not found.
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key not found.
    HKCR\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key not found.
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2a942ab7-2073-49bc-a7e1-77e93835889a} => Value not found.
    HKCR\CLSID\{2a942ab7-2073-49bc-a7e1-77e93835889a} => Key not found.
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
    HKU\S-1-5-21-1700449099-1892461700-749610029-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2A942AB7-2073-49BC-A7E1-77E93835889A} => Value not found.
    HKCR\CLSID\{2A942AB7-2073-49BC-A7E1-77E93835889A} => Key not found.
    HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin => Key not found.
    HKLM\Software\MozillaPlugins\@ei.DictionaryBoss.com/Plugin => Key not found.
    HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
    mferkdk => Service not found.
    mfesmfk => Service not found.
    IpInIp => Service not found.
    LMIRfsClientNP => Service not found.
    NwlnkFlt => Service not found.
    NwlnkFwd => Service not found.
    "C:\Program Files\McAfee" => File/Directory not found.
    "C:\ProgramData\McAfee" => File/Directory not found.
    "C:\$Recycle.Bin\S-1-5-21-1700449099-1892461700-749610029-1001\$c8eef6c4ade0beb3453ac63829a4dcc2" => File/Directory not found.
    "C:\$Recycle.Bin\S-1-5-21-1700449099-1892461700-749610029-1001" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1328CF23-6C5F-4EFC-8DAF-3D583F4F6D70} => Key not found.
    C:\Windows\System32\Tasks\EasyShare Registration Task not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyShare Registration Task => Key not found.
    C:\Windows\Tasks\EasyShare Registration Task.job not found.
    F^< => Error: No automatic fix found for this entry.
    sÝ€À €!ß => Error: No automatic fix found for this entry.
    ;Ö!C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16Steve0Ø => Error: No automatic fix found for this entry.

    ==== End of Fixlog 21:59:15 ====

     

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2015
    Ran by Rich at 2015-01-10 22:04:22
    Running from C:\Users\Rich\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Arcade Live Main Page (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1331 - Acer Inc.)
    Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Inc.)
    Acer DV Magician (HKLM\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.0920 - Acer Inc.)
    Acer DVDivine (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1109 - Acer Inc.)
    Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4360 - Egis Inc.)
    Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
    Acer ePerformance Management (HKLM\...\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}) (Version: 2.5.4002 - Acer Inc.)
    Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
    Acer GameZone Console DTV 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)
    Acer HomeMedia (HKLM\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.4.1331 - Acer Inc.)
    Acer HomeMedia Connect (HKLM\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4931 - Acer Inc.)
    Acer HomeMedia Trial Creator (HKLM\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.4.1331 - Acer Inc.)
    Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
    Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.20070419 - Acer Inc.)
    Acer SlideShow DVD (HKLM\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1109 - Acer Inc.)
    Acer VideoMagician (HKLM\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.1017 - Acer Inc.)
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader 8.1.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.5 - Adobe Systems Incorporated)
    Agatha Christie Death on the Nile (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version:  - Oberon Media)
    Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
    ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
    ArcSoft Print Creations (HKLM\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.6.255.207 - ArcSoft)
    ATI Catalyst Install Manager (HKLM\...\{D6093905-1B7B-D236-2054-CC0B3E08B413}) (Version: 3.0.642.0 - ATI Technologies, Inc.)
    Azada (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version:  - Oberon Media)
    Backspin Billiards (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version:  - Oberon Media)
    Big Kahuna Reef (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version:  - Oberon Media)
    Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bookworm Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version:  - Oberon Media)
    Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version:  - Oberon Media)
    Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
    Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
    Canon MP470 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series) (Version:  - )
    Canon MP470 series User Registration (HKLM\...\Canon MP470 series User Registration) (Version:  - )
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
    Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
    Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
    ccc-core-static (Version: 2007.0815.2142.36937 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
    Chicken Invaders 3 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)
    Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash Flo on the Go (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version:  - Oberon Media)
    ESSBrwr (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSCDBK (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESScore (Version: 7.01.0000.0012 - EASTMAN KODAK Company) Hidden
    ESSgui (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESSini (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
    ESSPCD (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
    ESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    essvatgt (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Flip Words 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version:  - Oberon Media)
    Java™ 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
    Jewel Quest Solitaire (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version:  - Oberon Media)
    Jigs@w Puzzle 2 Mix (HKLM\...\Jigs@w Puzzle 2 Mix) (Version:  - Spintop Media, Inc)
    Jigsaw 365 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110313550}) (Version:  - Oberon Media)
    Jigsaw Puzzle Platinum 2 (HKLM\...\Jigsaw Puzzle Platinum 2) (Version:  - Spintop Media, Inc)
    Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KB408682 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}_814) (Version:  - Adobe Systems Incorporated)
    kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
    Kick N Rush (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version:  - Oberon Media)
    Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
    LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
    Linksys Wireless Manager (HKLM\...\Linksys Wireless Manager) (Version: 4.9.9047.0 - Linksys, LLC)
    LogMeIn (HKLM\...\{57573545-74EB-46D2-B362-AA05364E4ED8}) (Version: 4.1.1868 - LogMeIn, Inc.)
    Mahjong Escape Ancient China (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)
    Mahjongg Artifacts (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version:  - Oberon Media)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MCE Software Encoder 1.1 (HKLM\...\{7655E113-C306-11D9-A373-0050BAE317E1}) (Version: 1.1.0.1918 - CyberLink Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
    MozyHome (HKLM\...\{88AE47C9-A9D2-E89D-C165-573D8015336D}) (Version: 2.28.0.421 - Mozy, Inc.)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
    Mystery Case Files - Huntsville (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version:  - Oberon Media)
    Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)
    netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
    NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
    NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
    NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
    OfotoXMI (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PE585QA-32 (HKLM\...\{A687B4D9-0047-468F-ABCC-2783FA23768A}) (Version: 6.0.0038 - YUAN)
    PG583_32_inf (HKLM\...\{C49624DD-C504-4279-B9E0-65A2EB6E1619}) (Version: 6.01.0042 - YUAN)
    PIXMA Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
    Pure Networks Platform (Version: 11.1.9044.0 - Pure Networks) Hidden
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
    Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    SFR (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
    SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    skin0001 (Version: 7.01.0000.0003 - EASTMAN KODAK Company) Hidden
    Skins (Version: 2007.0815.2142.36937 - ATI) Hidden
    SKINXSDK (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    staticcr (Version: 7.01.0000.0005 - EASTMAN KODAK Company) Hidden
    tooltips (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Turbo Pizza (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version:  - Oberon Media)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VPRINTOL (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Wheel of Fortune 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}) (Version:  - Oberon Media)
    Windows Driver Package - Conexant (cxpl_mhd) Media  (11/07/2007 6.0.104.0038) (HKLM\...\94838B7B13A76BE9FC61DA8A3B7C3F0BB00FFCF1) (Version: 11/07/2007 6.0.104.0038 - Conexant)
    Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media  (12/14/2007 6.1.32.42) (HKLM\...\D7EC1A6C98F357A7E4C53FF66325D99F66B1F590) (Version: 12/14/2007 6.1.32.42 - YUAN High-Tech Development Co. Ltd.)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    WIRELESS (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points  =========================

    10-01-2015 07:06:33 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 03:23 - 2012-06-03 14:29 - 00604003 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1  localhost
    127.0.0.1  fr.a2dfp.net
    127.0.0.1  m.fr.a2dfp.net
    127.0.0.1  ad.a8.net
    127.0.0.1  asy.a8ww.net
    127.0.0.1  abcstats.com
    127.0.0.1  a.abv.bg
    127.0.0.1  adserver.abv.bg
    127.0.0.1  adv.abv.bg
    127.0.0.1  bimg.abv.bg
    127.0.0.1  ca.abv.bg
    127.0.0.1  www2.a-counter.kiev.ua
    127.0.0.1  track.acclaimnetwork.com
    127.0.0.1  accuserveadsystem.com
    127.0.0.1  www.accuserveadsystem.com
    127.0.0.1  achmedia.com
    127.0.0.1  aconti.net
    127.0.0.1  secure.aconti.net
    127.0.0.1  www.aconti.net #[Dialer.Aconti]
    127.0.0.1  am1.activemeter.com #[server down?]
    127.0.0.1  www.activemeter.com #[Tracking.Cookie]
    127.0.0.1  ads.activepower.net
    127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
    127.0.0.1  cms.ad2click.nl
    127.0.0.1  ad2games.com
    127.0.0.1  ads.ad2games.com
    127.0.0.1  content.ad20.net
    127.0.0.1  core.ad20.net
    127.0.0.1  banner.ad.nu

    There are 1000 more lines.

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {5E44FA8E-7558-4135-AA62-4EA9581E9B44} - System32\Tasks\{6242E11F-2772-4FD2-BF79-0C1DDAA7FBA0} => Iexplore.exe http://ui.skype.com/...051280a55e2db88
    Task: {6D8DE713-C680-4D48-969E-31CABF1CFBE4} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
    Task: {7A152A98-CE06-4738-94A2-15517D14FE71} - System32\Tasks\{6B6682C3-87E3-44C9-BF99-BFA03A5BD885} => pcalua.exe -a E:\vsh_10021_enus.exe -d E:\
    Task: {90D28CE5-7EF4-4EF5-858B-7D56112289B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {911C9F95-2F97-4EA7-ABF2-5868E56C93D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
    Task: {9D6A4796-61BE-4945-8DE8-B94E863816FD} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {9E878BC9-FF41-45C1-B2BF-7736C7404380} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {AB9504C2-7C95-48A6-9AB7-7F657383F381} - System32\Tasks\{9DF93ADC-822F-44BB-9C68-53BF8A8C0232} => pcalua.exe -a E:\SETUP.EXE -d E:\
    Task: {ACB6C32A-F5DC-49C5-A793-48CF73DA9C34} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
    Task: {E25AFFA9-1A39-4F83-933E-251DC51353FA} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

    ==================== Loaded Modules (whitelisted) =============

    2008-03-19 05:24 - 2008-08-30 03:59 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
    2015-01-08 18:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-01-08 18:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2007-03-02 10:44 - 2007-03-02 10:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
    2008-03-19 06:06 - 2008-01-25 18:49 - 00098304 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
    2008-03-19 06:06 - 2008-01-25 18:49 - 00260096 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll
    2008-03-19 06:01 - 2007-10-17 10:38 - 00028672 _____ () C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    2008-03-19 06:01 - 2007-10-17 09:55 - 00016384 _____ () C:\Acer\Empowering Technology\ePerformance\MemCheck.Interface.dll
    2008-03-19 06:01 - 2007-10-17 10:37 - 00040960 _____ () C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
    2008-03-19 06:04 - 2006-07-19 11:36 - 00262247 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2008-04-23 19:29 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
    2008-04-23 19:29 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
    2008-04-23 19:29 - 2007-06-28 18:15 - 00081920 _____ () C:\Acer\Empowering Technology\eRecovery\INT15.dll
    2008-03-19 06:02 - 2007-12-19 18:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    2008-03-19 06:02 - 2007-12-19 18:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
    2008-03-19 06:02 - 2007-12-19 18:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
    2015-01-08 18:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:17639624
    AlternateDataStreams: C:\ProgramData\TEMP:2B9724CF
    AlternateDataStreams: C:\ProgramData\TEMP:9D7DCAE4
    AlternateDataStreams: C:\ProgramData\TEMP:DF8984AC

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk => C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^eljeffries^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files\Acer Assist\launcher.exe
    MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Acer\Empowering Technology\SysMonitor.exe
    MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files\Acer Registration\ACE1.exe" /startup
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: Apanel => C:\ACERSW\config\NewSetApanel.cmd
    MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
    MSCONFIG\startupreg: eDataSecurity Loader => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    MSCONFIG\startupreg: Linksys Wireless Manager => "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: nmctxth => "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    MSCONFIG\startupreg: nxflesku => C:\Users\eljeffries\AppData\Local\myuvfombt\yluxyaetssd.exe
    MSCONFIG\startupreg: PCMMediaSharing => C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
    MSCONFIG\startupreg: Setresolution => C:\ACERSW\config\1440x900.cmd
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: Skytel => Skytel.exe
    MSCONFIG\startupreg: SMSERIAL => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1700449099-1892461700-749610029-500 - Administrator - Disabled)
    eljeffries (S-1-5-21-1700449099-1892461700-749610029-1001 - Administrator - Enabled) => C:\Users\eljeffries
    Guest (S-1-5-21-1700449099-1892461700-749610029-501 - Limited - Enabled) => C:\Users\Guest
    Rich (S-1-5-21-1700449099-1892461700-749610029-1002 - Administrator - Enabled) => C:\Users\Rich

    ==================== Faulty Device Manager Devices =============

    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/10/2015 09:54:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/10/2015 09:51:21 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (01/10/2015 09:50:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/10/2015 09:07:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/10/2015 06:18:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/10/2015 06:15:02 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (01/10/2015 06:09:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/10/2015 06:06:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/10/2015 04:57:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/10/2015 04:56:26 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: PolicyAgentC:\Windows\System32\ipsecsvc.dll4

    System errors:
    =============
    Error: (01/10/2015 09:45:37 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:43:50 PM on 1/10/2015 was unexpected.

    Error: (01/10/2015 09:37:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Skype C2C Service1

    Error: (01/10/2015 09:06:58 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
    Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

     Signatures Attempted: %24

     Error Code: 0x80070002

     Error description: The system cannot find the file specified.

     Signature version: 0.0.0.0;0.0.0.0

     Engine version: %600

    Error: (01/10/2015 06:15:39 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: Windows Update

    Error: (01/10/2015 06:06:07 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:35:11 PM on 1/10/2015 was unexpected.

    Error: (01/10/2015 06:05:52 PM) (Source: volmgr) (EventID: 49) (User: )
    Description: Configuring the Page file for crash dump failed. Make sure there is a page
    file on the boot partition and that is large enough to contain all physical
    memory.

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
      Date: 2015-01-10 22:04:00.385
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2015-01-10 22:03:59.605
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2015-01-10 22:03:58.794
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2015-01-10 22:03:57.811
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2015-01-10 21:54:07.668
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

      Date: 2015-01-10 21:49:28.839
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2015-01-10 21:49:28.090
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2015-01-10 21:49:27.310
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2015-01-10 21:49:26.296
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

      Date: 2015-01-10 21:49:26.140
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: AMD Athlon™ X2 Dual Core Processor BE-2350
    Percentage of memory in use: 47%
    Total physical RAM: 1790.77 MB
    Available physical RAM: 942.54 MB
    Total Pagefile: 3838.07 MB
    Available Pagefile: 2118.66 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1921.76 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:144.29 GB) (Free:106.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:143.83 GB) NTFS
    Drive e: (WHEEL) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: D9FED53C)
    Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
    Partition 2: (Active) - (Size=144.3 GB) - (Type=06)
    Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    Go ahead and run the other programs if they will run.


    • 0

    #8
    Mrs_Roboto

    Mrs_Roboto

      Member

    • Topic Starter
    • Member
    • PipPip
    • 37 posts

    Sorry for the break.  Here are the requested logs.

     

    14:16:36.0662 0x0a4c  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
    14:16:41.0264 0x0a4c  ============================================================
    14:16:41.0264 0x0a4c  Current date / time: 2015/01/11 14:16:41.0264
    14:16:41.0264 0x0a4c  SystemInfo:
    14:16:41.0264 0x0a4c 
    14:16:41.0264 0x0a4c  OS Version: 6.0.6002 ServicePack: 2.0
    14:16:41.0264 0x0a4c  Product type: Workstation
    14:16:41.0264 0x0a4c  ComputerName: STEVE-PC
    14:16:41.0264 0x0a4c  UserName: Rich
    14:16:41.0264 0x0a4c  Windows directory: C:\Windows
    14:16:41.0264 0x0a4c  System windows directory: C:\Windows
    14:16:41.0264 0x0a4c  Processor architecture: Intel x86
    14:16:41.0264 0x0a4c  Number of processors: 2
    14:16:41.0264 0x0a4c  Page size: 0x1000
    14:16:41.0264 0x0a4c  Boot type: Normal boot
    14:16:41.0264 0x0a4c  ============================================================
    14:16:43.0074 0x0a4c  KLMD registered as C:\Windows\system32\drivers\42519909.sys
    14:16:43.0167 0x0a4c  System UUID: {2252DDE0-84FF-B9A4-9337-89BE61BE0FEF}
    14:16:43.0713 0x0a4c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    14:16:43.0823 0x0a4c  ============================================================
    14:16:43.0823 0x0a4c  \Device\Harddisk0\DR0:
    14:16:43.0854 0x0a4c  MBR partitions:
    14:16:43.0854 0x0a4c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x12096800
    14:16:43.0854 0x0a4c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1341B800, BlocksNum 0x12012800
    14:16:43.0854 0x0a4c  ============================================================
    14:16:43.0932 0x0a4c  C: <-> \Device\Harddisk0\DR0\Partition1
    14:16:43.0994 0x0a4c  D: <-> \Device\Harddisk0\DR0\Partition2
    14:16:43.0994 0x0a4c  ============================================================
    14:16:43.0994 0x0a4c  Initialize success
    14:16:43.0994 0x0a4c  ============================================================
    14:16:46.0412 0x1694  ============================================================
    14:16:46.0412 0x1694  Scan started
    14:16:46.0412 0x1694  Mode: Manual;
    14:16:46.0412 0x1694  ============================================================
    14:16:46.0412 0x1694  KSN ping started
    14:16:49.0298 0x1694  KSN ping finished: true
    14:16:51.0326 0x1694  ================ Scan system memory ========================
    14:16:51.0326 0x1694  System memory - ok
    14:16:51.0326 0x1694  ================ Scan services =============================
    14:16:51.0498 0x1694  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    14:16:51.0529 0x1694  ACDaemon - ok
    14:16:51.0623 0x1694  [ 517D30057C726C797764BFD70A55D82A, F1F48EF16DB9F7B5C6F8D0C595DE2E4ABD26FAF19372C1AA598F6988709D2170 ] Acer HomeMedia Connect Service C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    14:16:51.0638 0x1694  Acer HomeMedia Connect Service - ok
    14:16:51.0685 0x1694  [ E91F2444DF54E725DDBBDDB7FBCE71F5, 28895DF44A4E7D959ACBBAA6AFC4B70515D87D40F5F74EB296BB2D5FFC5C2765 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    14:16:51.0701 0x1694  AcerMemUsageCheckService - ok
    14:16:51.0857 0x1694  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
    14:16:51.0857 0x1694  ACPI - ok
    14:16:51.0950 0x1694  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    14:16:51.0950 0x1694  AdobeFlashPlayerUpdateSvc - ok
    14:16:51.0997 0x1694  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
    14:16:51.0997 0x1694  adp94xx - ok
    14:16:52.0028 0x1694  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
    14:16:52.0044 0x1694  adpahci - ok
    14:16:52.0044 0x1694  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
    14:16:52.0044 0x1694  adpu160m - ok
    14:16:52.0059 0x1694  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
    14:16:52.0075 0x1694  adpu320 - ok
    14:16:52.0122 0x1694  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
    14:16:52.0122 0x1694  AeLookupSvc - ok
    14:16:52.0169 0x1694  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
    14:16:52.0184 0x1694  AFD - ok
    14:16:52.0200 0x1694  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
    14:16:52.0200 0x1694  agp440 - ok
    14:16:52.0215 0x1694  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
    14:16:52.0215 0x1694  aic78xx - ok
    14:16:52.0231 0x1694  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
    14:16:52.0231 0x1694  ALG - ok
    14:16:52.0247 0x1694  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
    14:16:52.0247 0x1694  aliide - ok
    14:16:52.0262 0x1694  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
    14:16:52.0262 0x1694  amdagp - ok
    14:16:52.0278 0x1694  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
    14:16:52.0278 0x1694  amdide - ok
    14:16:52.0293 0x1694  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
    14:16:52.0293 0x1694  AmdK7 - ok
    14:16:52.0325 0x1694  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
    14:16:52.0325 0x1694  AmdK8 - ok
    14:16:52.0356 0x1694  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
    14:16:52.0356 0x1694  Appinfo - ok
    14:16:52.0371 0x1694  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
    14:16:52.0371 0x1694  arc - ok
    14:16:52.0387 0x1694  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
    14:16:52.0387 0x1694  arcsas - ok
    14:16:52.0481 0x1694  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    14:16:52.0559 0x1694  aspnet_state - ok
    14:16:52.0590 0x1694  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
    14:16:52.0590 0x1694  AsyncMac - ok
    14:16:52.0621 0x1694  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
    14:16:52.0621 0x1694  atapi - ok
    14:16:52.0683 0x1694  [ 8EB7658B655713347C0127526E8F7941, D8EB639798291445EDF5D3790DA75754910CC137713C26E88E429BBE65C6EFE9 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
    14:16:52.0730 0x1694  Ati External Event Utility - ok
    14:16:52.0949 0x1694  [ 3F785FE4B890EBC17E1F4DF684DA060D, 7A1C3C8C8D9434453BC0FC960965B564F2B32A50C1340303FFEF7027F41134D6 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
    14:16:53.0042 0x1694  atikmdag - ok
    14:16:53.0105 0x1694  [ A356E45E8432432C06981EA63A1E0FE8, 98F3BE1023678173B1F2E5788E03F012BD31FE204EABBD7C19AF34620CCEB423 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
    14:16:53.0105 0x1694  AtiPcie - ok
    14:16:53.0151 0x1694  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    14:16:53.0167 0x1694  AudioEndpointBuilder - ok
    14:16:53.0183 0x1694  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
    14:16:53.0198 0x1694  Audiosrv - ok
    14:16:53.0214 0x1694  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
    14:16:53.0214 0x1694  Beep - ok
    14:16:53.0261 0x1694  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
    14:16:53.0261 0x1694  BFE - ok
    14:16:53.0323 0x1694  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
    14:16:53.0354 0x1694  BITS - ok
    14:16:53.0370 0x1694  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
    14:16:53.0370 0x1694  blbdrive - ok
    14:16:53.0401 0x1694  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
    14:16:53.0401 0x1694  bowser - ok
    14:16:53.0432 0x1694  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
    14:16:53.0432 0x1694  BrFiltLo - ok
    14:16:53.0448 0x1694  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
    14:16:53.0448 0x1694  BrFiltUp - ok
    14:16:53.0495 0x1694  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
    14:16:53.0526 0x1694  Browser - ok
    14:16:53.0557 0x1694  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
    14:16:53.0557 0x1694  Brserid - ok
    14:16:53.0573 0x1694  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
    14:16:53.0573 0x1694  BrSerWdm - ok
    14:16:53.0573 0x1694  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
    14:16:53.0573 0x1694  BrUsbMdm - ok
    14:16:53.0604 0x1694  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
    14:16:53.0604 0x1694  BrUsbSer - ok
    14:16:53.0619 0x1694  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
    14:16:53.0635 0x1694  BTHMODEM - ok
    14:16:53.0822 0x1694  catchme - ok
    14:16:53.0838 0x1694  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
    14:16:53.0838 0x1694  cdfs - ok
    14:16:53.0900 0x1694  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
    14:16:53.0900 0x1694  cdrom - ok
    14:16:53.0963 0x1694  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
    14:16:53.0963 0x1694  CertPropSvc - ok
    14:16:54.0009 0x1694  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
    14:16:54.0009 0x1694  circlass - ok
    14:16:54.0041 0x1694  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
    14:16:54.0041 0x1694  CLFS - ok
    14:16:54.0431 0x1694  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:16:54.0431 0x1694  clr_optimization_v2.0.50727_32 - ok
    14:16:54.0493 0x1694  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:16:54.0540 0x1694  clr_optimization_v4.0.30319_32 - ok
    14:16:54.0571 0x1694  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
    14:16:54.0571 0x1694  cmdide - ok
    14:16:54.0571 0x1694  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
    14:16:54.0571 0x1694  Compbatt - ok
    14:16:54.0587 0x1694  COMSysApp - ok
    14:16:54.0618 0x1694  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
    14:16:54.0618 0x1694  crcdisk - ok
    14:16:54.0665 0x1694  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
    14:16:54.0665 0x1694  Crusoe - ok
    14:16:54.0727 0x1694  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
    14:16:54.0743 0x1694  CryptSvc - ok
    14:16:54.0805 0x1694  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
    14:16:54.0883 0x1694  DcomLaunch - ok
    14:16:54.0914 0x1694  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
    14:16:54.0914 0x1694  DfsC - ok
    14:16:55.0023 0x1694  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
    14:16:55.0070 0x1694  DFSR - ok
    14:16:55.0179 0x1694  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
    14:16:55.0195 0x1694  Dhcp - ok
    14:16:55.0226 0x1694  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
    14:16:55.0242 0x1694  disk - ok
    14:16:55.0273 0x1694  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
    14:16:55.0273 0x1694  Dnscache - ok
    14:16:55.0320 0x1694  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
    14:16:55.0335 0x1694  dot3svc - ok
    14:16:55.0367 0x1694  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
    14:16:55.0382 0x1694  DPS - ok
    14:16:55.0398 0x1694  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
    14:16:55.0398 0x1694  drmkaud - ok
    14:16:55.0663 0x1694  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
    14:16:55.0679 0x1694  DXGKrnl - ok
    14:16:55.0710 0x1694  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
    14:16:55.0710 0x1694  E1G60 - ok
    14:16:55.0772 0x1694  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
    14:16:55.0803 0x1694  EapHost - ok
    14:16:55.0866 0x1694  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
    14:16:55.0866 0x1694  Ecache - ok
    14:16:56.0100 0x1694  [ B7DC2580425225C320CEDA78DE55A3D0, 93D05D3743416442ED1378FE8A6F107F74B963781A61A36DF072E05228B2F030 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    14:16:56.0131 0x1694  eDataSecurity Service - ok
    14:16:56.0209 0x1694  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
    14:16:56.0209 0x1694  ehRecvr - ok
    14:16:56.0240 0x1694  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
    14:16:56.0240 0x1694  ehSched - ok
    14:16:56.0271 0x1694  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
    14:16:56.0287 0x1694  ehstart - ok
    14:16:56.0349 0x1694  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
    14:16:56.0365 0x1694  elxstor - ok
    14:16:56.0427 0x1694  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
    14:16:56.0459 0x1694  EMDMgmt - ok
    14:16:56.0537 0x1694  [ 59FCCAF915BA89DD98CADF08DA91AFEE, 1286481DF42EBBE13C0FC18ABA514393544CDA17420E71518EF87ADD82D224CB ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    14:16:56.0537 0x1694  eRecoveryService - ok
    14:16:56.0568 0x1694  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
    14:16:56.0568 0x1694  ErrDev - ok
    14:16:56.0630 0x1694  [ A9745687A57CDD71237915859ABA8DAC, DE21C397EBC822622B61189EC6CCF720C76AB6A249188987A10086252A9F26FD ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    14:16:56.0630 0x1694  eSettingsService - ok
    14:16:56.0724 0x1694  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
    14:16:56.0739 0x1694  EventSystem - ok
    14:16:56.0771 0x1694  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
    14:16:56.0786 0x1694  exfat - ok
    14:16:56.0817 0x1694  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
    14:16:56.0817 0x1694  fastfat - ok
    14:16:56.0849 0x1694  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
    14:16:56.0849 0x1694  fdc - ok
    14:16:56.0895 0x1694  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
    14:16:56.0911 0x1694  fdPHost - ok
    14:16:56.0942 0x1694  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
    14:16:56.0942 0x1694  FDResPub - ok
    14:16:56.0973 0x1694  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
    14:16:56.0973 0x1694  FileInfo - ok
    14:16:56.0989 0x1694  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
    14:16:56.0989 0x1694  Filetrace - ok
    14:16:57.0005 0x1694  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
    14:16:57.0005 0x1694  flpydisk - ok
    14:16:57.0036 0x1694  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
    14:16:57.0051 0x1694  FltMgr - ok
    14:16:57.0114 0x1694  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
    14:16:57.0129 0x1694  FontCache - ok
    14:16:57.0207 0x1694  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    14:16:57.0207 0x1694  FontCache3.0.0.0 - ok
    14:16:57.0254 0x1694  [ D909075FA72C090F27AA926C32CB4612, F8610C20C4DD499D5B4ACEBD7107E52E25B6449AEED58D1A203F7D654B55C4DF ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
    14:16:57.0254 0x1694  fssfltr - ok
    14:16:57.0566 0x1694  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    14:16:57.0613 0x1694  fsssvc - ok
    14:16:57.0644 0x1694  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
    14:16:57.0644 0x1694  Fs_Rec - ok
    14:16:57.0675 0x1694  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
    14:16:57.0675 0x1694  gagp30kx - ok
    14:16:57.0785 0x1694  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
    14:16:57.0800 0x1694  gpsvc - ok
    14:16:57.0831 0x1694  [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
    14:16:57.0831 0x1694  hamachi - ok
    14:16:57.0878 0x1694  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    14:16:57.0878 0x1694  HdAudAddService - ok
    14:16:58.0019 0x1694  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:16:58.0034 0x1694  HDAudBus - ok
    14:16:58.0050 0x1694  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
    14:16:58.0050 0x1694  HidBth - ok
    14:16:58.0065 0x1694  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
    14:16:58.0065 0x1694  HidIr - ok
    14:16:58.0143 0x1694  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
    14:16:58.0159 0x1694  hidserv - ok
    14:16:58.0190 0x1694  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
    14:16:58.0190 0x1694  HidUsb - ok
    14:16:58.0221 0x1694  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
    14:16:58.0221 0x1694  hkmsvc - ok
    14:16:58.0253 0x1694  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
    14:16:58.0253 0x1694  HpCISSs - ok
    14:16:58.0346 0x1694  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
    14:16:58.0362 0x1694  HTTP - ok
    14:16:58.0393 0x1694  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
    14:16:58.0393 0x1694  i2omp - ok
    14:16:58.0440 0x1694  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
    14:16:58.0440 0x1694  i8042prt - ok
    14:16:58.0471 0x1694  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
    14:16:58.0471 0x1694  iaStorV - ok
    14:16:58.0565 0x1694  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    14:16:58.0611 0x1694  idsvc - ok
    14:16:58.0627 0x1694  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
    14:16:58.0627 0x1694  iirsp - ok
    14:16:58.0721 0x1694  [ 51516252DBBFED36F70B341DBA263167, 69F19C877AA64ABE9ADDE21CD9E3DE5E5F2E924A59217D3F0A558CF38CF1EDFD ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    14:16:58.0721 0x1694  IJPLMSVC - ok
    14:16:58.0767 0x1694  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
    14:16:58.0814 0x1694  IKEEXT - ok
    14:16:58.0845 0x1694  [ C6E5276C00EBDEB096BB5EF4B797D1B6, 2620D2F7B5242E9DD0217FB4E0CBACF1DB8AB1B92187AD2847904948E1ABFEC1 ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys
    14:16:58.0845 0x1694  int15 - ok
    14:16:58.0970 0x1694  [ 6F62BAFE6150F3952F877051C65786FE, 331E16BF61AC77592CCB02237C807E1B1E7253EB7EF70FC4EBACEFACB72903A3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    14:16:59.0017 0x1694  IntcAzAudAddService - ok
    14:16:59.0079 0x1694  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
    14:16:59.0079 0x1694  intelide - ok
    14:16:59.0126 0x1694  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
    14:16:59.0126 0x1694  intelppm - ok
    14:16:59.0157 0x1694  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
    14:16:59.0173 0x1694  IPBusEnum - ok
    14:16:59.0173 0x1694  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:16:59.0189 0x1694  IpFilterDriver - ok
    14:16:59.0204 0x1694  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
    14:16:59.0220 0x1694  iphlpsvc - ok
    14:16:59.0235 0x1694  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
    14:16:59.0235 0x1694  IPMIDRV - ok
    14:16:59.0251 0x1694  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
    14:16:59.0251 0x1694  IPNAT - ok
    14:16:59.0267 0x1694  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
    14:16:59.0267 0x1694  IRENUM - ok
    14:16:59.0282 0x1694  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
    14:16:59.0282 0x1694  isapnp - ok
    14:16:59.0313 0x1694  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
    14:16:59.0329 0x1694  iScsiPrt - ok
    14:16:59.0345 0x1694  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
    14:16:59.0345 0x1694  iteatapi - ok
    14:16:59.0391 0x1694  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
    14:16:59.0391 0x1694  iteraid - ok
    14:16:59.0407 0x1694  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
    14:16:59.0407 0x1694  kbdclass - ok
    14:16:59.0423 0x1694  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
    14:16:59.0423 0x1694  kbdhid - ok
    14:16:59.0469 0x1694  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
    14:16:59.0485 0x1694  KeyIso - ok
    14:16:59.0532 0x1694  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
    14:16:59.0547 0x1694  KSecDD - ok
    14:16:59.0610 0x1694  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
    14:16:59.0625 0x1694  KtmRm - ok
    14:16:59.0657 0x1694  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
    14:16:59.0672 0x1694  LanmanServer - ok
    14:16:59.0703 0x1694  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    14:16:59.0719 0x1694  LanmanWorkstation - ok
    14:16:59.0750 0x1694  [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    14:16:59.0766 0x1694  LightScribeService - ok
    14:16:59.0797 0x1694  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
    14:16:59.0797 0x1694  lltdio - ok
    14:16:59.0891 0x1694  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
    14:16:59.0891 0x1694  lltdsvc - ok
    14:16:59.0906 0x1694  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
    14:16:59.0906 0x1694  lmhosts - ok
    14:16:59.0953 0x1694  [ DBF6C03E56A6FF572346B28A88F2363B, E31369F3B87D469E17C2500758E96DCBBC0A66377FA8E960147C8FEBD1FF48EC ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    14:16:59.0953 0x1694  LMIGuardianSvc - ok
    14:17:00.0000 0x1694  [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049, CFB86B860FF4F856DA75EB132E06B77C71DC5D994799C08EDC01F2CA8B47AB44 ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
    14:17:00.0000 0x1694  LMIInfo - ok
    14:17:00.0015 0x1694  [ 757558D9171BC5303CE0CDA8E610C56D, FA26871AC68BEBD039883C6A7EDDE3831586FE03F4156A235149BA1F5E4AFE80 ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
    14:17:00.0031 0x1694  LMIMaint - ok
    14:17:00.0062 0x1694  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
    14:17:00.0062 0x1694  lmimirr - ok
    14:17:00.0109 0x1694  [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
    14:17:00.0109 0x1694  LMIRfsDriver - ok
    14:17:00.0140 0x1694  [ 432618FA75B61059D2C57D6A7E55147A, 0E7D771AE9F98667A68C8C07A664D70B71B78EC08D7FEA92AD979E1E049EC0B1 ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
    14:17:00.0156 0x1694  LogMeIn - ok
    14:17:00.0171 0x1694  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
    14:17:00.0187 0x1694  LSI_FC - ok
    14:17:00.0203 0x1694  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
    14:17:00.0203 0x1694  LSI_SAS - ok
    14:17:00.0218 0x1694  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
    14:17:00.0218 0x1694  LSI_SCSI - ok
    14:17:00.0296 0x1694  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
    14:17:00.0296 0x1694  luafv - ok
    14:17:00.0343 0x1694  [ A3F4391DFDF2F9E9FE4EAD193265A5AD, A60A1A345622F4758181FB0B6EE784B0B718105FEE7B0F6FEDE5AD59FE448EE1 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
    14:17:00.0343 0x1694  MBAMProtector - ok
    14:17:00.0452 0x1694  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    14:17:00.0499 0x1694  MBAMScheduler - ok
    14:17:00.0593 0x1694  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    14:17:00.0608 0x1694  MBAMService - ok
    14:17:00.0655 0x1694  [ 6D2DB74A8CF2DDFE372FFF9C73E8F0EF, D18E800D46932795FD0169B5F9A2AAED5684977D0D78B2D1178C9906491CEC7A ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
    14:17:00.0671 0x1694  MBAMWebAccessControl - ok
    14:17:00.0717 0x1694  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
    14:17:00.0733 0x1694  Mcx2Svc - ok
    14:17:00.0764 0x1694  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
    14:17:00.0764 0x1694  megasas - ok
    14:17:00.0795 0x1694  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
    14:17:00.0811 0x1694  MegaSR - ok
    14:17:00.0858 0x1694  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
    14:17:00.0873 0x1694  MMCSS - ok
    14:17:00.0905 0x1694  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
    14:17:00.0905 0x1694  Modem - ok
    14:17:00.0936 0x1694  [ CBB59C41F19EFEA1A000793E08070A62, 4C3C01210DF9D00C05FA14FF5CEFB60C444CAEBFF3F49409EDE434D63F19B9F2 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
    14:17:00.0936 0x1694  MODEMCSA - ok
    14:17:00.0983 0x1694  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
    14:17:00.0983 0x1694  monitor - ok
    14:17:00.0998 0x1694  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
    14:17:00.0998 0x1694  mouclass - ok
    14:17:01.0045 0x1694  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
    14:17:01.0045 0x1694  mouhid - ok
    14:17:01.0154 0x1694  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
    14:17:01.0154 0x1694  MountMgr - ok
    14:17:01.0326 0x1694  [ 3D023264B410CE7BE0A90F118865250B, F358F044A49DE2142AE4BC4F89D634C6ADC36AED8C2F33D85144109732F828F3 ] mozybackup      C:\Program Files\MozyHome\mozybackup.exe
    14:17:01.0326 0x1694  mozybackup - ok
    14:17:01.0482 0x1694  [ 65FC0B9B66BC0C4960F89C29EAC669B7, 9ED24088133756B02EAA2ECB54FBE6C06AD239C6F22AA2DB5C7216517BEABDE4 ] mozyFilter      C:\Windows\system32\DRIVERS\mozy.sys
    14:17:01.0482 0x1694  mozyFilter - ok
    14:17:01.0544 0x1694  [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
    14:17:01.0544 0x1694  MpFilter - ok
    14:17:01.0575 0x1694  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
    14:17:01.0591 0x1694  mpio - ok
    14:17:01.0685 0x1694  MpKslba947a5a - ok
    14:17:01.0700 0x1694  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
    14:17:01.0700 0x1694  mpsdrv - ok
    14:17:01.0778 0x1694  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
    14:17:01.0809 0x1694  MpsSvc - ok
    14:17:01.0825 0x1694  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
    14:17:01.0825 0x1694  Mraid35x - ok
    14:17:01.0841 0x1694  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
    14:17:01.0856 0x1694  MRxDAV - ok
    14:17:01.0872 0x1694  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:17:01.0872 0x1694  mrxsmb - ok
    14:17:01.0919 0x1694  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:17:01.0919 0x1694  mrxsmb10 - ok
    14:17:01.0934 0x1694  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:17:01.0934 0x1694  mrxsmb20 - ok
    14:17:01.0950 0x1694  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
    14:17:01.0950 0x1694  msahci - ok
    14:17:02.0012 0x1694  [ D98350792A7CE82E7459A7C36481BEDA, 7A7634F78ECF4E26F83C49A52806F2DD84158DFC0A33EDC3C87B38B3846129F2 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    14:17:02.0028 0x1694  MSCamSvc - ok
    14:17:02.0043 0x1694  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
    14:17:02.0043 0x1694  msdsm - ok
    14:17:02.0043 0x1694  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
    14:17:02.0059 0x1694  MSDTC - ok
    14:17:02.0075 0x1694  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
    14:17:02.0106 0x1694  Msfs - ok
    14:17:02.0137 0x1694  [ 5119FFC2A6B51089CDB0EFDC75808C97, 4027EB46F4E85991CCC5A77062C18361FDFBE764A69901C3EFAEEA602B011B21 ] MSHUSBVideo     C:\Windows\system32\Drivers\nx6000.sys
    14:17:02.0137 0x1694  MSHUSBVideo - ok
    14:17:02.0153 0x1694  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
    14:17:02.0153 0x1694  msisadrv - ok
    14:17:02.0199 0x1694  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
    14:17:02.0199 0x1694  MSiSCSI - ok
    14:17:02.0215 0x1694  msiserver - ok
    14:17:02.0215 0x1694  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
    14:17:02.0215 0x1694  MSKSSRV - ok
    14:17:02.0277 0x1694  [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
    14:17:02.0277 0x1694  MsMpSvc - ok
    14:17:02.0293 0x1694  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
    14:17:02.0293 0x1694  MSPCLOCK - ok
    14:17:02.0309 0x1694  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
    14:17:02.0309 0x1694  MSPQM - ok
    14:17:02.0371 0x1694  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
    14:17:02.0402 0x1694  MsRPC - ok
    14:17:02.0418 0x1694  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
    14:17:02.0418 0x1694  mssmbios - ok
    14:17:02.0449 0x1694  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
    14:17:02.0449 0x1694  MSTEE - ok
    14:17:02.0480 0x1694  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
    14:17:02.0480 0x1694  Mup - ok
    14:17:02.0589 0x1694  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
    14:17:02.0605 0x1694  napagent - ok
    14:17:02.0636 0x1694  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
    14:17:02.0636 0x1694  NativeWifiP - ok
    14:17:02.0699 0x1694  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
    14:17:02.0714 0x1694  NDIS - ok
    14:17:02.0745 0x1694  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
    14:17:02.0745 0x1694  NdisTapi - ok
    14:17:02.0761 0x1694  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
    14:17:02.0761 0x1694  Ndisuio - ok
    14:17:02.0792 0x1694  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
    14:17:02.0792 0x1694  NdisWan - ok
    14:17:02.0808 0x1694  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
    14:17:02.0823 0x1694  NDProxy - ok
    14:17:02.0839 0x1694  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
    14:17:02.0839 0x1694  NetBIOS - ok
    14:17:02.0870 0x1694  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
    14:17:02.0886 0x1694  netbt - ok
    14:17:02.0901 0x1694  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
    14:17:02.0901 0x1694  Netlogon - ok
    14:17:02.0964 0x1694  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
    14:17:02.0979 0x1694  Netman - ok
    14:17:03.0011 0x1694  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    14:17:03.0026 0x1694  NetMsmqActivator - ok
    14:17:03.0042 0x1694  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    14:17:03.0042 0x1694  NetPipeActivator - ok
    14:17:03.0073 0x1694  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
    14:17:03.0089 0x1694  netprofm - ok
    14:17:03.0135 0x1694  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    14:17:03.0135 0x1694  NetTcpActivator - ok
    14:17:03.0151 0x1694  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    14:17:03.0151 0x1694  NetTcpPortSharing - ok
    14:17:03.0167 0x1694  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
    14:17:03.0167 0x1694  nfrd960 - ok
    14:17:03.0229 0x1694  [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    14:17:03.0245 0x1694  NisDrv - ok
    14:17:03.0307 0x1694  [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
    14:17:03.0323 0x1694  NisSrv - ok
    14:17:03.0354 0x1694  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
    14:17:03.0369 0x1694  NlaSvc - ok
    14:17:03.0463 0x1694  [ CD2FE9C33CFD0FE0AF124E05907E5C3D, B7F880EB08F86B87DAE70A42389C768B539C8D70C11E98F1D7816636F6B6403C ] nmservice       C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    14:17:03.0479 0x1694  nmservice - ok
    14:17:03.0525 0x1694  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
    14:17:03.0557 0x1694  Npfs - ok
    14:17:03.0588 0x1694  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
    14:17:03.0588 0x1694  nsi - ok
    14:17:03.0619 0x1694  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
    14:17:03.0619 0x1694  nsiproxy - ok
    14:17:03.0697 0x1694  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
    14:17:03.0759 0x1694  Ntfs - ok
    14:17:03.0791 0x1694  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D, 52135D41983A9E9E1DCA250A63017076AE22AA06D77CCF2E5EF41154F958584A ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
    14:17:03.0806 0x1694  NTIDrvr - ok
    14:17:03.0837 0x1694  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
    14:17:03.0837 0x1694  ntrigdigi - ok
    14:17:03.0853 0x1694  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
    14:17:03.0853 0x1694  Null - ok
    14:17:03.0869 0x1694  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
    14:17:03.0869 0x1694  nvraid - ok
    14:17:03.0884 0x1694  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
    14:17:03.0900 0x1694  nvstor - ok
    14:17:03.0931 0x1694  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
    14:17:03.0947 0x1694  nv_agp - ok
    14:17:04.0040 0x1694  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    14:17:04.0071 0x1694  odserv - ok
    14:17:04.0103 0x1694  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
    14:17:04.0103 0x1694  ohci1394 - ok
    14:17:04.0149 0x1694  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    14:17:04.0149 0x1694  ose - ok
    14:17:04.0196 0x1694  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
    14:17:04.0227 0x1694  p2pimsvc - ok
    14:17:04.0259 0x1694  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
    14:17:04.0274 0x1694  p2psvc - ok
    14:17:04.0305 0x1694  [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
    14:17:04.0321 0x1694  Parport - ok
    14:17:04.0352 0x1694  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
    14:17:04.0352 0x1694  partmgr - ok
    14:17:04.0368 0x1694  [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
    14:17:04.0368 0x1694  Parvdm - ok
    14:17:04.0399 0x1694  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
    14:17:04.0399 0x1694  PcaSvc - ok
    14:17:04.0415 0x1694  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
    14:17:04.0415 0x1694  pci - ok
    14:17:04.0430 0x1694  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
    14:17:04.0446 0x1694  pciide - ok
    14:17:04.0461 0x1694  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
    14:17:04.0461 0x1694  pcmcia - ok
    14:17:04.0524 0x1694  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
    14:17:04.0555 0x1694  PEAUTH - ok
    14:17:04.0633 0x1694  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
    14:17:04.0695 0x1694  pla - ok
    14:17:04.0742 0x1694  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
    14:17:04.0742 0x1694  PlugPlay - ok
    14:17:04.0789 0x1694  [ 63200893C9D5934A7504D20F68276CC7, CAAAC17C86E4272EF96C87968B71FCCD17CADDC3C480AE13C0232D65468AA3BA ] pnarp           C:\Windows\system32\DRIVERS\pnarp.sys
    14:17:04.0789 0x1694  pnarp - ok
    14:17:04.0836 0x1694  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
    14:17:04.0851 0x1694  PNRPAutoReg - ok
    14:17:04.0976 0x1694  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
    14:17:04.0992 0x1694  PNRPsvc - ok
    14:17:05.0117 0x1694  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
    14:17:05.0132 0x1694  PolicyAgent - ok
    14:17:05.0179 0x1694  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
    14:17:05.0179 0x1694  PptpMiniport - ok
    14:17:05.0226 0x1694  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
    14:17:05.0226 0x1694  Processor - ok
    14:17:05.0257 0x1694  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
    14:17:05.0257 0x1694  ProfSvc - ok
    14:17:05.0273 0x1694  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
    14:17:05.0288 0x1694  ProtectedStorage - ok
    14:17:05.0319 0x1694  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
    14:17:05.0319 0x1694  PSched - ok
    14:17:05.0351 0x1694  [ AB94285FF6C6BC5433407D8D182A4BB4, FEEED76008F5FFE3E55791B4EF96FF5D7A81151E406AFF0C353343CABFBA4038 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
    14:17:05.0351 0x1694  PSDFilter - ok
    14:17:05.0366 0x1694  [ 2AAF9A5D7A63D26BFAEA853C5F2292BC, EF5CB105F487F3AECC83C743D77CE4CCFD8D4DFD342DE696B89250A65C654307 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
    14:17:05.0366 0x1694  PSDNServ - ok
    14:17:05.0382 0x1694  [ 0EB8CEC99855BEAE5B0D02C2302619EF, E708FCAEA004D61AA107A392F637CF564F25634BC483134FC79032D0E17F5FEF ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
    14:17:05.0382 0x1694  psdvdisk - ok
    14:17:05.0413 0x1694  [ 748BCAB4EFF5959ED347C05A1C1A0AF8, 9DEB4AF1BBDE9818C73C95603B110AAC7AEF5FCF56FFEA9B85BFD1735C8CAB28 ] purendis        C:\Windows\system32\DRIVERS\purendis.sys
    14:17:05.0413 0x1694  purendis - ok
    14:17:05.0475 0x1694  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
    14:17:05.0507 0x1694  ql2300 - ok
    14:17:05.0538 0x1694  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
    14:17:05.0553 0x1694  ql40xx - ok
    14:17:05.0585 0x1694  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
    14:17:05.0600 0x1694  QWAVE - ok
    14:17:05.0616 0x1694  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
    14:17:05.0631 0x1694  QWAVEdrv - ok
    14:17:05.0647 0x1694  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
    14:17:05.0647 0x1694  RasAcd - ok
    14:17:05.0663 0x1694  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
    14:17:05.0663 0x1694  RasAuto - ok
    14:17:05.0678 0x1694  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:17:05.0678 0x1694  Rasl2tp - ok
    14:17:05.0709 0x1694  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
    14:17:05.0725 0x1694  RasMan - ok
    14:17:05.0741 0x1694  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
    14:17:05.0756 0x1694  RasPppoe - ok
    14:17:05.0756 0x1694  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
    14:17:05.0756 0x1694  RasSstp - ok
    14:17:05.0787 0x1694  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
    14:17:05.0803 0x1694  rdbss - ok
    14:17:05.0819 0x1694  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:17:05.0819 0x1694  RDPCDD - ok
    14:17:05.0834 0x1694  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
    14:17:05.0850 0x1694  rdpdr - ok
    14:17:05.0865 0x1694  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
    14:17:05.0865 0x1694  RDPENCDD - ok
    14:17:05.0912 0x1694  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
    14:17:05.0928 0x1694  RDPWD - ok
    14:17:05.0975 0x1694  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
    14:17:05.0990 0x1694  RemoteAccess - ok
    14:17:06.0021 0x1694  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
    14:17:06.0021 0x1694  RemoteRegistry - ok
    14:17:06.0053 0x1694  [ C1C132455200AD4704142442C89D0FA4, 2A2F9484CB818DBB783552B128B5E5AFB544FA488C0EE7A60C322111F16FCD16 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    14:17:06.0068 0x1694  RichVideo - ok
    14:17:06.0131 0x1694  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
    14:17:06.0146 0x1694  RpcLocator - ok
    14:17:06.0287 0x1694  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
    14:17:06.0302 0x1694  RpcSs - ok
    14:17:06.0318 0x1694  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
    14:17:06.0318 0x1694  rspndr - ok
    14:17:06.0333 0x1694  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
    14:17:06.0333 0x1694  SamSs - ok
    14:17:06.0365 0x1694  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
    14:17:06.0380 0x1694  sbp2port - ok
    14:17:06.0411 0x1694  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
    14:17:06.0411 0x1694  SCardSvr - ok
    14:17:06.0474 0x1694  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
    14:17:06.0489 0x1694  Schedule - ok
    14:17:06.0583 0x1694  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
    14:17:06.0599 0x1694  SCPolicySvc - ok
    14:17:06.0645 0x1694  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
    14:17:06.0677 0x1694  SDRSVC - ok
    14:17:06.0817 0x1694  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    14:17:06.0879 0x1694  SDScannerService - ok
    14:17:07.0067 0x1694  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    14:17:07.0113 0x1694  SDUpdateService - ok
    14:17:07.0191 0x1694  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    14:17:07.0191 0x1694  SDWSCService - ok
    14:17:07.0207 0x1694  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
    14:17:07.0207 0x1694  secdrv - ok
    14:17:07.0238 0x1694  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
    14:17:07.0238 0x1694  seclogon - ok
    14:17:07.0254 0x1694  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
    14:17:07.0269 0x1694  SENS - ok
    14:17:07.0269 0x1694  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
    14:17:07.0285 0x1694  Serenum - ok
    14:17:07.0301 0x1694  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
    14:17:07.0301 0x1694  Serial - ok
    14:17:07.0332 0x1694  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
    14:17:07.0347 0x1694  sermouse - ok
    14:17:07.0363 0x1694  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
    14:17:07.0363 0x1694  SessionEnv - ok
    14:17:07.0394 0x1694  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
    14:17:07.0394 0x1694  sffdisk - ok
    14:17:07.0410 0x1694  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
    14:17:07.0410 0x1694  sffp_mmc - ok
    14:17:07.0425 0x1694  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
    14:17:07.0425 0x1694  sffp_sd - ok
    14:17:07.0425 0x1694  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
    14:17:07.0441 0x1694  sfloppy - ok
    14:17:07.0472 0x1694  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
    14:17:07.0472 0x1694  SharedAccess - ok
    14:17:07.0519 0x1694  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    14:17:07.0535 0x1694  ShellHWDetection - ok
    14:17:07.0535 0x1694  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
    14:17:07.0535 0x1694  sisagp - ok
    14:17:07.0550 0x1694  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
    14:17:07.0566 0x1694  SiSRaid2 - ok
    14:17:07.0566 0x1694  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
    14:17:07.0566 0x1694  SiSRaid4 - ok
    14:17:07.0878 0x1694  [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    14:17:07.0956 0x1694  Skype C2C Service - ok
    14:17:08.0143 0x1694  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
    14:17:08.0330 0x1694  slsvc - ok
    14:17:08.0377 0x1694  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
    14:17:08.0377 0x1694  SLUINotify - ok
    14:17:08.0408 0x1694  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
    14:17:08.0408 0x1694  Smb - ok
    14:17:08.0705 0x1694  [ 859E3ADC59D1C89A66AA6492C14D379E, 392F0AC179294F8416B2937EE149DE9C1062A757F6686B4AF3F3984A68D2929D ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
    14:17:08.0767 0x1694  smserial - ok
    14:17:08.0798 0x1694  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
    14:17:08.0798 0x1694  SNMPTRAP - ok
    14:17:08.0814 0x1694  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
    14:17:08.0814 0x1694  spldr - ok
    14:17:08.0845 0x1694  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
    14:17:08.0861 0x1694  Spooler - ok
    14:17:08.0907 0x1694  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
    14:17:08.0907 0x1694  srv - ok
    14:17:08.0985 0x1694  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
    14:17:08.0985 0x1694  srv2 - ok
    14:17:09.0032 0x1694  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
    14:17:09.0032 0x1694  srvnet - ok
    14:17:09.0048 0x1694  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
    14:17:09.0063 0x1694  SSDPSRV - ok
    14:17:09.0095 0x1694  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
    14:17:09.0095 0x1694  SstpSvc - ok
    14:17:09.0157 0x1694  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
    14:17:09.0173 0x1694  stisvc - ok
    14:17:09.0266 0x1694  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
    14:17:09.0297 0x1694  swenum - ok
    14:17:09.0344 0x1694  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
    14:17:09.0360 0x1694  swprv - ok
    14:17:09.0375 0x1694  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
    14:17:09.0375 0x1694  Symc8xx - ok
    14:17:09.0391 0x1694  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
    14:17:09.0391 0x1694  Sym_hi - ok
    14:17:09.0407 0x1694  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
    14:17:09.0407 0x1694  Sym_u3 - ok
    14:17:09.0453 0x1694  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
    14:17:09.0485 0x1694  SysMain - ok
    14:17:09.0500 0x1694  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
    14:17:09.0500 0x1694  TabletInputService - ok
    14:17:09.0531 0x1694  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
    14:17:09.0547 0x1694  TapiSrv - ok
    14:17:09.0563 0x1694  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
    14:17:09.0563 0x1694  TBS - ok
    14:17:09.0641 0x1694  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
    14:17:09.0656 0x1694  Tcpip - ok
    14:17:09.0953 0x1694  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
    14:17:09.0984 0x1694  Tcpip6 - ok
    14:17:10.0046 0x1694  [ 95389980F70FC4990A4395A0B8BBE1D6, FB5CBC85733A4EC4FB9F210A5D4E5989F6A3F2995D895F5B41163CDFC04DB82C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
    14:17:10.0046 0x1694  tcpipreg - ok
    14:17:10.0062 0x1694  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
    14:17:10.0077 0x1694  TDPIPE - ok
    14:17:10.0093 0x1694  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
    14:17:10.0093 0x1694  TDTCP - ok
    14:17:10.0124 0x1694  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
    14:17:10.0140 0x1694  tdx - ok
    14:17:10.0171 0x1694  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
    14:17:10.0171 0x1694  TermDD - ok
    14:17:10.0218 0x1694  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
    14:17:10.0249 0x1694  TermService - ok
    14:17:10.0280 0x1694  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
    14:17:10.0280 0x1694  Themes - ok
    14:17:10.0311 0x1694  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
    14:17:10.0311 0x1694  THREADORDER - ok
    14:17:10.0343 0x1694  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
    14:17:10.0343 0x1694  TrkWks - ok
    14:17:10.0389 0x1694  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    14:17:10.0389 0x1694  TrustedInstaller - ok
    14:17:10.0467 0x1694  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:17:10.0467 0x1694  tssecsrv - ok
    14:17:10.0530 0x1694  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
    14:17:10.0530 0x1694  tunmp - ok
    14:17:10.0577 0x1694  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
    14:17:10.0592 0x1694  tunnel - ok
    14:17:10.0623 0x1694  [ 97DD70FECA64FB4F63DE7BB7E66A80B1, 3C045B227C1D3AC7DE68D666CE51A0BB18226683AE40AACCBF4CE74152C33CAC ] tvicport        C:\Windows\system32\drivers\tvicport.sys
    14:17:10.0623 0x1694  tvicport - ok
    14:17:10.0670 0x1694  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
    14:17:10.0686 0x1694  uagp35 - ok
    14:17:10.0733 0x1694  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
    14:17:10.0748 0x1694  udfs - ok
    14:17:10.0873 0x1694  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
    14:17:10.0889 0x1694  UI0Detect - ok
    14:17:10.0920 0x1694  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
    14:17:10.0920 0x1694  uliagpkx - ok
    14:17:10.0935 0x1694  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
    14:17:10.0951 0x1694  uliahci - ok
    14:17:10.0967 0x1694  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
    14:17:10.0967 0x1694  UlSata - ok
    14:17:10.0982 0x1694  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
    14:17:10.0982 0x1694  ulsata2 - ok
    14:17:10.0998 0x1694  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
    14:17:10.0998 0x1694  umbus - ok
    14:17:11.0029 0x1694  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
    14:17:11.0029 0x1694  upnphost - ok
    14:17:11.0060 0x1694  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
    14:17:11.0060 0x1694  usbaudio - ok
    14:17:11.0091 0x1694  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
    14:17:11.0091 0x1694  usbccgp - ok
    14:17:11.0107 0x1694  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
    14:17:11.0107 0x1694  usbcir - ok
    14:17:11.0138 0x1694  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
    14:17:11.0138 0x1694  usbehci - ok
    14:17:11.0154 0x1694  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
    14:17:11.0169 0x1694  usbhub - ok
    14:17:11.0201 0x1694  [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
    14:17:11.0201 0x1694  usbohci - ok
    14:17:11.0232 0x1694  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
    14:17:11.0247 0x1694  usbprint - ok
    14:17:11.0279 0x1694  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
    14:17:11.0279 0x1694  usbscan - ok
    14:17:11.0310 0x1694  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:17:11.0310 0x1694  USBSTOR - ok
    14:17:11.0325 0x1694  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
    14:17:11.0325 0x1694  usbuhci - ok
    14:17:11.0357 0x1694  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
    14:17:11.0357 0x1694  usbvideo - ok
    14:17:11.0388 0x1694  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
    14:17:11.0388 0x1694  UxSms - ok
    14:17:11.0435 0x1694  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
    14:17:11.0450 0x1694  vds - ok
    14:17:11.0481 0x1694  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
    14:17:11.0481 0x1694  vga - ok
    14:17:11.0497 0x1694  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
    14:17:11.0497 0x1694  VgaSave - ok
    14:17:11.0497 0x1694  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
    14:17:11.0513 0x1694  viaagp - ok
    14:17:11.0528 0x1694  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
    14:17:11.0528 0x1694  ViaC7 - ok
    14:17:11.0544 0x1694  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
    14:17:11.0544 0x1694  viaide - ok
    14:17:11.0559 0x1694  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
    14:17:11.0559 0x1694  volmgr - ok
    14:17:11.0575 0x1694  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
    14:17:11.0591 0x1694  volmgrx - ok
    14:17:11.0622 0x1694  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
    14:17:11.0637 0x1694  volsnap - ok
    14:17:11.0653 0x1694  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
    14:17:11.0653 0x1694  vsmraid - ok
    14:17:11.0715 0x1694  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
    14:17:11.0747 0x1694  VSS - ok
    14:17:11.0840 0x1694  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
    14:17:11.0871 0x1694  W32Time - ok
    14:17:11.0871 0x1694  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
    14:17:11.0887 0x1694  WacomPen - ok
    14:17:11.0903 0x1694  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
    14:17:11.0903 0x1694  Wanarp - ok
    14:17:11.0918 0x1694  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
    14:17:11.0918 0x1694  Wanarpv6 - ok
    14:17:11.0934 0x1694  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
    14:17:11.0949 0x1694  wcncsvc - ok
    14:17:11.0981 0x1694  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    14:17:11.0996 0x1694  WcsPlugInService - ok
    14:17:12.0027 0x1694  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
    14:17:12.0027 0x1694  Wd - ok
    14:17:12.0074 0x1694  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
    14:17:12.0105 0x1694  Wdf01000 - ok
    14:17:12.0121 0x1694  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
    14:17:12.0121 0x1694  WdiServiceHost - ok
    14:17:12.0137 0x1694  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
    14:17:12.0137 0x1694  WdiSystemHost - ok
    14:17:12.0152 0x1694  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
    14:17:12.0168 0x1694  WebClient - ok
    14:17:12.0199 0x1694  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
    14:17:12.0215 0x1694  Wecsvc - ok
    14:17:12.0230 0x1694  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
    14:17:12.0230 0x1694  wercplsupport - ok
    14:17:12.0246 0x1694  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
    14:17:12.0261 0x1694  WerSvc - ok
    14:17:12.0402 0x1694  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
    14:17:12.0449 0x1694  WinDefend - ok
    14:17:12.0464 0x1694  WinHttpAutoProxySvc - ok
    14:17:12.0901 0x1694  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
    14:17:12.0963 0x1694  Winmgmt - ok
    14:17:13.0026 0x1694  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
    14:17:13.0119 0x1694  WinRM - ok
    14:17:13.0244 0x1694  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
    14:17:13.0275 0x1694  Wlansvc - ok
    14:17:13.0603 0x1694  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    14:17:13.0634 0x1694  wlidsvc - ok
    14:17:13.0665 0x1694  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
    14:17:13.0681 0x1694  WmiAcpi - ok
    14:17:13.0712 0x1694  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
    14:17:13.0712 0x1694  wmiApSrv - ok
    14:17:13.0993 0x1694  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
    14:17:14.0024 0x1694  WMPNetworkSvc - ok
    14:17:14.0055 0x1694  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
    14:17:14.0071 0x1694  WPCSvc - ok
    14:17:14.0102 0x1694  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
    14:17:14.0102 0x1694  WPDBusEnum - ok
    14:17:14.0149 0x1694  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
    14:17:14.0149 0x1694  WpdUsb - ok
    14:17:14.0321 0x1694  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    14:17:14.0367 0x1694  WPFFontCache_v0400 - ok
    14:17:14.0383 0x1694  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
    14:17:14.0399 0x1694  ws2ifsl - ok
    14:17:14.0445 0x1694  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
    14:17:14.0445 0x1694  wscsvc - ok
    14:17:14.0461 0x1694  WSearch - ok
    14:17:14.0664 0x1694  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
    14:17:14.0726 0x1694  wuauserv - ok
    14:17:14.0773 0x1694  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
    14:17:14.0773 0x1694  WudfPf - ok
    14:17:14.0789 0x1694  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:17:14.0804 0x1694  WUDFRd - ok
    14:17:14.0820 0x1694  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
    14:17:14.0835 0x1694  wudfsvc - ok
    14:17:14.0898 0x1694  [ 2E812881EC96E80EAE304877ED90206B, 1AB180F0B899A92F56D76B3FB008A91252C4A5AD3AEC8F098C17E9CD43896E0D ] WUSB54GCv3      C:\Windows\system32\DRIVERS\WUSB54GCv3.sys
    14:17:14.0929 0x1694  WUSB54GCv3 - ok
    14:17:14.0976 0x1694  [ 04E268ADFC81964C49DC0C082D520F7E, 7D2574E366636AB1D59A08FE3038268095D627C39636C6ED6BCE1D5ACB44A179 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
    14:17:14.0991 0x1694  yukonwlh - ok
    14:17:15.0023 0x1694  [ 40AC8590CC9006DBB99FFCB37879D4C6, 3EBC1379503C1E65034A25660FB634813926B0918FCB6A3E6F36CEBB57DA9E20 ] zntport         C:\Windows\system32\drivers\zntport.sys
    14:17:15.0023 0x1694  zntport - ok
    14:17:15.0023 0x1694  ================ Scan global ===============================
    14:17:15.0069 0x1694  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
    14:17:15.0132 0x1694  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
    14:17:15.0179 0x1694  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
    14:17:15.0225 0x1694  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
    14:17:15.0241 0x1694  [ Global ] - ok
    14:17:15.0241 0x1694  ================ Scan MBR ==================================
    14:17:15.0257 0x1694  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
    14:17:18.0205 0x1694  \Device\Harddisk0\DR0 - ok
    14:17:18.0205 0x1694  ================ Scan VBR ==================================
    14:17:18.0236 0x1694  [ B8EF0EF55DDE4BDC68AC87C08050DC73 ] \Device\Harddisk0\DR0\Partition1
    14:17:18.0314 0x1694  \Device\Harddisk0\DR0\Partition1 - ok
    14:17:18.0345 0x1694  [ E0905DA9F0B8A8CA096A7B1E618F9134 ] \Device\Harddisk0\DR0\Partition2
    14:17:18.0533 0x1694  \Device\Harddisk0\DR0\Partition2 - ok
    14:17:18.0533 0x1694  ================ Scan generic autorun ======================
    14:17:18.0673 0x1694  [ 234051C0D242A6F4A79AE5212C1323D4, CA40BDB2AC40D1685310B4D56E97C91B72626D5C2CC3A986139CB37BA1071E7E ] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    14:17:18.0673 0x1694  LogMeIn GUI - ok
    14:17:18.0767 0x1694  [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] C:\Program Files\Microsoft Security Client\msseces.exe
    14:17:18.0782 0x1694  MSC - ok
    14:17:19.0203 0x1694  [ 0AE3673E1C450359490CF47D6AA3AF7F, 52E99FC537E47E749AEEC0CEAB9170D8EA54C31011C038D02E6EA53E9F192067 ] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    14:17:19.0235 0x1694  SMSERIAL - ok
    14:17:19.0890 0x1694  [ A659F31AC25418738351E5BDF4C85780, 771CB4EEFAA83DD7319165483869688C69D76349526953FDE5D973945B6CC337 ] C:\Windows\RtHDVCpl.exe
    14:17:20.0015 0x1694  RtHDVCpl - ok
    14:17:20.0171 0x1694  [ 19BE5BF2FF9283894BC0F22322FDF56B, DB1B35B4D65C7BF8BC24C730899E93F10C45FC615C45129B01B76BCEAD9928E0 ] C:\Program Files\Microsoft LifeCam\LifeExp.exe
    14:17:20.0171 0x1694  LifeCam - ok
    14:17:20.0405 0x1694  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    14:17:20.0498 0x1694  SDTray - ok
    14:17:20.0561 0x1694  swg - ok
    14:17:20.0701 0x1694  Skype - ok
    14:17:21.0107 0x1694  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
    14:17:21.0138 0x1694  Sidebar - ok
    14:17:21.0138 0x1694  WindowsWelcomeCenter - ok
    14:17:21.0341 0x1694  [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
    14:17:21.0450 0x1694  Spybot-S&D Cleaning - ok
    14:17:22.0495 0x1694  [ 805210C8DB11D5799E7172923959BF98, A8DCB8A6FDE5ED583D329D6D8A5979FFD3E844046335529BB2E81A5D310E5894 ] C:\Program Files\CCleaner\CCleaner.exe
    14:17:22.0635 0x1694  CCleaner Monitoring - ok
    14:17:23.0072 0x1694  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
    14:17:23.0103 0x1694  Sidebar - ok
    14:17:23.0119 0x1694  WindowsWelcomeCenter - ok
    14:17:23.0119 0x1694  swg - ok
    14:17:23.0571 0x1694  [ 6F0DAB13529BCB7C0F8A3082A8B1CDE9, F81501B2F23C1876345EE60DF7AFDD2FBE2FFA1D269E286535D3DF45FF926991 ] C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    14:17:23.0681 0x1694  msnmsgr - ok
    14:17:23.0743 0x1694  FlashPlayerUpdate - ok
    14:17:23.0743 0x1694  Waiting for KSN requests completion. In queue: 11
    14:17:24.0757 0x1694  Waiting for KSN requests completion. In queue: 11
    14:17:25.0771 0x1694  Waiting for KSN requests completion. In queue: 11
    14:17:26.0816 0x1694  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x60000 ( disabled : updated )
    14:17:26.0863 0x1694  Win FW state via NFP2: enabled
    14:17:29.0421 0x1694  ============================================================
    14:17:29.0421 0x1694  Scan finished
    14:17:29.0421 0x1694  ============================================================
    14:17:29.0421 0x0818  Detected object count: 0
    14:17:29.0421 0x0818  Actual detected object count: 0
    14:17:56.0019 0x0ee4  Deinitialize success
     

     

     

     

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2015-01-11 14:29:43
    -----------------------------
    14:29:43.092    OS Version: Windows 6.0.6002 Service Pack 2
    14:29:43.092    Number of processors: 2 586 0x6B02
    14:29:43.092    ComputerName: STEVE-PC  UserName: Rich
    14:29:57.880    Initialize success
    14:29:57.943    VM: initialized successfully
    14:29:57.943    VM: Amd CPU virtualization not supported
    14:31:00.936    AVAST engine defs: 15011101
    14:31:09.921    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:31:09.921    Disk 0 Vendor: WDC_WD3200AAJS-22B4A0 01.03A01 Size: 305245MB BusType: 3
    14:31:10.155    Disk 0 MBR read successfully
    14:31:10.155    Disk 0 MBR scan
    14:31:10.171    Disk 0 unknown MBR code
    14:31:10.186    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9993 MB offset 63
    14:31:10.186    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       147757 MB offset 20467712
    14:31:10.218    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       147493 MB offset 323074048
    14:31:10.233    Disk 0 scanning sectors +625139712
    14:31:10.342    Disk 0 scanning C:\Windows\system32\drivers
    14:31:20.108    Service scanning
    14:31:52.213    Modules scanning
    14:31:52.962    AVAST engine scan C:\Windows
    14:31:58.765    AVAST engine scan C:\Windows\system32
    14:41:54.591    AVAST engine scan C:\Windows\system32\drivers
    14:42:27.367    AVAST engine scan C:\Users\Rich
    14:45:02.056    AVAST engine scan C:\ProgramData
    14:48:33.670    Disk 0 statistics 2634887/0/0 @ 2.09 MB/s
    14:48:33.686    Scan finished successfully
    17:42:02.151    Disk 0 MBR has been saved successfully to "C:\Users\Rich\Desktop\MBR.dat"
    17:42:02.151    The log file has been saved successfully to "C:\Users\Rich\Desktop\aswMBR.txt"

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2015-01-13 20:45:50
    -----------------------------
    20:45:50.895    OS Version: Windows 6.0.6002 Service Pack 2
    20:45:50.895    Number of processors: 2 586 0x6B02
    20:45:50.895    ComputerName: STEVE-PC  UserName: Rich
    20:45:58.477    Initialize success
    20:45:58.601    VM: initialized successfully
    20:45:58.601    VM: Amd CPU virtualization not supported
    20:49:26.441    AVAST engine defs: 15011302
    20:49:33.913    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:49:33.913    Disk 0 Vendor: WDC_WD3200AAJS-22B4A0 01.03A01 Size: 305245MB BusType: 3
    20:49:34.194    Disk 0 MBR read successfully
    20:49:34.194    Disk 0 MBR scan
    20:49:34.241    Disk 0 unknown MBR code
    20:49:34.241    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9993 MB offset 63
    20:49:34.272    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS       147757 MB offset 20467712
    20:49:34.288    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       147493 MB offset 323074048
    20:49:34.335    Disk 0 scanning sectors +625139712
    20:49:34.725    Disk 0 scanning C:\Windows\system32\drivers
    20:49:55.363    Service scanning
    20:50:20.776    Modules scanning
    20:50:20.776    Disk 0 trace - called modules:
    20:50:20.807    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
    20:50:20.807    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b61ac8]
    20:50:20.807    3 CLASSPNP.SYS[877a78b3] -> nt!IofCallDriver -> [0x84aa0590]
    20:50:20.823    5 acpi.sys[872166bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84a9c520]
    20:50:21.649    AVAST engine scan C:\Windows
    20:50:36.844    AVAST engine scan C:\Windows\system32
    20:55:31.355    AVAST engine scan C:\Windows\system32\drivers
    20:55:45.302    AVAST engine scan C:\Users\Rich
    20:57:58.806    AVAST engine scan C:\ProgramData
    21:01:20.780    Disk 0 statistics 2634634/0/0 @ 2.57 MB/s
    21:01:20.780    Scan finished successfully
    21:01:45.147    Disk 0 MBR has been saved successfully to "C:\Users\Rich\Desktop\MBR.dat"
    21:01:45.147    The log file has been saved successfully to "C:\Users\Rich\Desktop\aswMBR.txt"

     


    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    aswMBR did not recognize your mbr so let's

     

     submit the mbr,dat file on your desktop to virustotal:
     
     
    Easiest way to submit a file is to copy the path:
     
    "C:\Users\Rich\Desktop\MBR.dat"
     
    Then
    Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with spoolsv.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 46 different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 58  or so then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
     
    Then if virustotal has nothing against your mbr I would like to change out your anti-virus from Microsoft Security Essentials to the free Avast.  MSE has been backburnered by Microsoft and they don't even offer it for Windows 8.  Instead they use a beefed up windows defender.  
     
    Download the avast setup program:  http://files.avast.c...virus_setup.exe
     
    Save it but do not install yet.  First uninstall Microsoft Security Essentials and reboot.
     
    Then right click on the installer file and Run As Admin.  It will probably want you to reboot again and then try and talk you into using Chrome or the google toolbar.  You can decline them.  (Stick with the basic Avast rather than accepting their offer of the 30 day demo)  Once it gets its first update.  you can set it up to do a boot-time scan.  You want to do this while you sleep as it can take 6 or more hours.
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:
     
     Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
     
    They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.
     
    If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want you name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.
     
    How is it running?  Is it still slow?
     
     
     

    • 0

    #10
    Mrs_Roboto

    Mrs_Roboto

      Member

    • Topic Starter
    • Member
    • PipPip
    • 37 posts

    Here you go and thank you for the help.

     

     

    NANO-Antivirus Virus.Boot.Gen-Resident-Crypt.ccnj 20130928 VBA32 suspected of Unknown.BootVirus.I 20130927 AVG   20130928 Agnitum   20130928 AhnLab-V3   20130928 AntiVir   20130928 Antiy-AVL   20130928 Avast   20130928 Baidu-International   20130928 BitDefender   20130928 Bkav   20130927 ByteHero   20130924 CAT-QuickHeal   20130928 ClamAV   20130928 Commtouch   20130928 Comodo   20130928 DrWeb   20130928 ESET-NOD32   20130928 Emsisoft   20130928 F-Prot   20130928 F-Secure   20130928 Fortinet   20130928 GData   20130928 Ikarus   20130928 Jiangmin   20130903 K7AntiVirus   20130927 K7GW   20130927 Kaspersky   20130928 Kingsoft   20130829 Malwarebytes   20130928 McAfee   20130928 McAfee-GW-Edition   20130928 MicroWorld-eScan   20130928 Microsoft   20130928 Norman   20130928 PCTools   20130925 Panda   20130928 Rising   20130927 SUPERAntiSpyware   20130928 Sophos   20130928 Symantec   20130928 TheHacker   20130927 TotalDefense   20130927 TrendMicro   20130928 TrendMicro-HouseCall   20130928 VIPRE   20130928 ViRobot   20130928 nProtect   20130927

     

     

     

    01/14/2015 21:12
    Scan of C:

    Scan of *STARTUP

    File C:\AdwCleaner\Quarantine\C\Program Files\WeatherBlinkEI\Installr\1.bin\gcEZSETP.dll.vir is infected by Win32:FunWeb-J [PUP], Moved to chest
    File C:\hiberfil.sys is infected by Win32:Crypt-QFY [Trj], Move to chest: Error 0xC000007F {An operation failed because the disk was full.}
    File C:\Program Files\WeatherBlinkEI\Installr\1.bin\gcEZSETP.dll is infected by Win32:FunWeb-J [PUP], Moved to chest
    File C:\Users\eljeffries\AppData\Local\Temp\jar_cache151707055939489116.tmp|>bingo\finger.class is infected by Java:Agent-AFZ [Expl], Moved to chest
    File C:\Users\eljeffries\AppData\Local\Temp\jar_cache151707055939489116.tmp|>bingo\nigertak.class is infected by Java:Agent-AKC [Expl], Moved to chest
    File C:\Users\eljeffries\AppData\Local\Temp\jar_cache151707055939489116.tmp|>bingo\pensil.class is infected by Java:Agent-WD [Expl], Moved to chest
    File C:\Users\eljeffries\AppData\Local\Temp\jar_cache151707055939489116.tmp|>bingo\vedrona.class is infected by Java:Agent-AKB [Expl], Moved to chest
    File C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09LEGN5T\WeatherBlink[1].exe|>gcEzSetp.dll is infected by Win32:FunWeb-J [PUP], Moved to chest
    File C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09LEGN5T\WeatherBlink[1].exe is infected by Win32:Mywebsearch-AB [PUP], Moved to chest
    File C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HXLTD72\TotalRecipeSearch[1].exe|>14EzSetp.dll is infected by Win32:FunWeb-J [PUP], Moved to chest
    File C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HXLTD72\TotalRecipeSearch[1].exe is infected by Win32:Mywebsearch-AB [PUP], Moved to chest
    Number of searched folders: 28922
    Number of tested files: 575426
    Number of infected files: 11


    • 0

    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    We lost the formatting on the virustotal response but I think most of them didn't object to it.  Let's check with MBR check:

     

    Download

     
     
    Save it and run it.  It will produce a log MBRCheck(date).txt on your desktop.  Copy and paste it into a reply.
     
     
     
    In the Avast scan it wasn't able to fix C:\hiberfil.sys because the file is enormous and won't fit in the chest.  This is the hibernate file.  It should be removed when we turn off hibernate and a fresh one created when we start it back up again.
     
     
    shows how to turn it off.  To turn it back on again (after a reboot to make sure it's gone)  Copy the next line
     
    powercfg -h on 

    Start, All Programs, Accessories and then right click on Command Prompt and Run As Admin.  In the black window, right click and Paste or Edit then Paste and the copied line will appear.  Hit Enter.

     

     

    How is it running now?


    • 0

    #12
    Mrs_Roboto

    Mrs_Roboto

      Member

    • Topic Starter
    • Member
    • PipPip
    • 37 posts

    ComboFix Finally was able to run here is the log

     

    ComboFix 15-01-08.01 - Rich 01/15/2015  20:20:28.1.2 - x86
    Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1791.985 [GMT -7:00]
    Running from: c:\users\Rich\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\WeatherBlinkEI
    c:\program files\WeatherBlinkEI\Installr\1.bin\gcEIPlug.dll
    c:\program files\WeatherBlinkEI\Installr\1.bin\NPgcEISb.dll
    c:\users\eljeffries\AppData\Roaming\.#
    c:\users\eljeffries\AppData\Roaming\.#\MBX@7E0@1DD2990.###
    c:\users\eljeffries\AppData\Roaming\.#\MBX@7E0@1DD29C0.###
    c:\users\eljeffries\AppData\Roaming\.#\MBX@7E0@1DD29F0.###
    c:\users\eljeffries\AppData\Roaming\Adobe\plugs
    c:\users\eljeffries\AppData\Roaming\Adobe\shed
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-12-16 to 2015-01-16  )))))))))))))))))))))))))))))))
    .
    .
    2015-01-16 03:30 . 2015-01-16 03:32 -------- d-----w- c:\users\Rich\AppData\Local\temp
    2015-01-16 03:30 . 2015-01-16 03:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2015-01-16 03:30 . 2015-01-16 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-01-16 03:30 . 2015-01-16 03:30 -------- d-----w- c:\users\eljeffries\AppData\Local\temp
    2015-01-16 01:57 . 2014-12-15 11:13 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E80B33D-0809-44BB-B7D3-A741E7DBB709}\mpengine.dll
    2015-01-15 03:45 . 2015-01-15 03:46 -------- d-----w- c:\windows\system32\vbox
    2015-01-15 03:43 . 2015-01-15 03:43 -------- d-----w- c:\users\Rich\AppData\Roaming\AVAST Software
    2015-01-15 03:42 . 2015-01-15 03:41 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2015-01-15 03:42 . 2015-01-15 03:41 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-01-15 03:42 . 2015-01-15 03:42 73480 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
    2015-01-15 03:42 . 2015-01-15 03:42 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2015-01-15 03:42 . 2015-01-15 03:41 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-01-15 03:42 . 2015-01-15 03:41 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-01-15 03:42 . 2015-01-15 03:41 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2015-01-15 03:42 . 2015-01-15 03:42 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2015-01-15 03:42 . 2015-01-15 03:41 291352 ----a-w- c:\windows\system32\aswBoot.exe
    2015-01-15 03:41 . 2015-01-15 03:41 43152 ----a-w- c:\windows\avastSS.scr
    2015-01-15 03:40 . 2015-01-15 03:40 -------- d-----w- c:\program files\AVAST Software
    2015-01-15 03:28 . 2015-01-15 03:40 -------- d-----w- c:\programdata\AVAST Software
    2015-01-14 10:10 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2015-01-14 10:00 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll
    2015-01-14 10:00 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll
    2015-01-14 10:00 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll
    2015-01-14 10:00 . 2014-12-06 03:14 153600 ----a-w- c:\windows\system32\profsvc.dll
    2015-01-10 23:25 . 2015-01-11 05:05 -------- d-----w- C:\FRST
    2015-01-10 23:02 . 2015-01-10 23:05 -------- d-----w- C:\AdwCleaner
    2015-01-10 15:32 . 2015-01-10 15:33 -------- d-----w- c:\users\Rich\AppData\Local\Deployment
    2015-01-10 15:32 . 2015-01-10 15:32 -------- d-----w- c:\users\Rich\AppData\Local\Apps
    2015-01-10 06:55 . 2014-10-31 18:10 57032 ----a-w- c:\windows\system32\drivers\mozy.sys
    2015-01-10 06:55 . 2015-01-10 06:55 -------- d-----w- c:\program files\MozyHome
    2015-01-10 04:04 . 2015-01-10 04:05 -------- d-----w- c:\program files\CCleaner
    2015-01-10 03:28 . 2010-05-21 19:11 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
    2015-01-10 03:28 . 2010-05-21 19:11 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
    2015-01-10 03:28 . 2015-01-10 09:52 -------- d-----w- c:\program files\MyDefrag v4.3.1
    2015-01-09 03:05 . 2015-01-11 21:08 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-01-09 03:03 . 2015-01-09 03:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-01-09 03:03 . 2014-11-21 13:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-01-09 03:03 . 2014-11-21 13:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-01-09 03:03 . 2014-11-21 13:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-01-09 01:53 . 2013-09-20 17:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
    2015-01-09 01:53 . 2015-01-09 01:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2015-01-09 01:36 . 2015-01-09 01:36 -------- d-----w- c:\users\Rich\AppData\Roaming\TuneUp Software
    2015-01-09 01:33 . 2015-01-09 01:33 -------- d-----w- c:\users\Rich\AppData\Local\MFAData
    2015-01-02 01:06 . 2015-01-02 01:06 -------- d-----w- c:\users\Rich\AppData\Local\Avg2015
    2014-12-30 00:45 . 2014-12-30 00:45 -------- d-----w- c:\program files\Jigsaw Puzzle Platinum 2
    2014-12-25 02:41 . 2014-12-25 02:41 -------- d-----w- c:\users\eljeffries\AppData\Roaming\TuneUp Software
    2014-12-25 02:35 . 2014-12-25 02:35 -------- d-----w- c:\users\eljeffries\AppData\Local\MFAData
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-01-14 06:11 . 2012-05-01 15:28 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-01-14 06:11 . 2011-12-07 15:30 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-01-08 16:55 . 2009-10-03 03:17 249488 ------w- c:\windows\system32\MpSigStub.exe
    2014-12-03 02:06 . 2014-12-10 10:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2014-11-24 20:44 . 2014-12-10 00:29 367104 ----a-w- c:\windows\system32\html.iec
    2014-11-24 20:40 . 2014-12-10 00:29 1810944 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-24 20:35 . 2014-12-10 00:29 1129472 ----a-w- c:\windows\system32\wininet.dll
    2014-11-24 20:34 . 2014-12-10 00:29 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-24 20:33 . 2014-12-10 00:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-11-24 20:33 . 2014-12-10 00:29 421376 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-24 20:32 . 2014-12-10 00:29 11776 ----a-w- c:\windows\system32\mshta.exe
    2014-11-24 20:32 . 2014-12-10 00:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-18 21:56 . 2014-11-18 21:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
    2014-11-07 01:33 . 2014-12-10 10:26 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-11-04 03:36 . 2011-07-17 18:32 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2014-11-04 03:36 . 2011-07-17 18:32 53096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2014-11-04 03:36 . 2011-07-17 18:32 31592 ----a-w- c:\windows\system32\LMIport.dll
    2014-11-04 03:36 . 2011-07-17 18:32 85864 ----a-w- c:\windows\system32\LMIinit.dll
    2014-11-04 00:19 . 2014-12-10 10:27 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-10-24 01:04 . 2014-11-13 10:23 67072 ----a-w- c:\windows\system32\packager.dll
    2014-10-24 01:03 . 2014-11-19 10:01 499200 ----a-w- c:\windows\system32\kerberos.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-01-15 03:41 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
    @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2014-10-31 18:11 4513024 ----a-w- c:\program files\MozyHome\mozyshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
    @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2014-10-31 18:11 4513024 ----a-w- c:\program files\MozyHome\mozyshell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-15 5227112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/w...0&ver=10.0.1424" [?]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2014-10-31 4779264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ    autocheck autochk *\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^eljeffries^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\eljeffries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
    2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    2008-01-10 01:43 326176 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
    2007-10-15 20:43 3387392 ----a-w- c:\program files\Acer Registration\ACE1.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2010-10-28 02:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2006-11-02 09:45 8704 ----a-w- c:\windows\System32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    2008-03-05 06:38 526896 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linksys Wireless Manager]
    2009-02-16 09:44 1358384 ----a-r- c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 08:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
    2008-12-13 01:06 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
    2008-01-26 01:49 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-07-06 03:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-06-15 08:45 1826816 ----a-w- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2009-10-26 20:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-03-09 11:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 06:11]
    .
    2015-01-16 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-01-09 18:52]
    .
    2015-01-14 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-01-09 17:41]
    .
    2015-01-10 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2015-01-09 17:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.geekstogo.com/forum/topic/346276-malware-infection/
    mStart Page = hxxp://en.us.acer.yahoo.com
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-Apanel - c:\acersw\config\NewSetApanel.cmd
    MSConfigStartUp-nxflesku - c:\users\eljeffries\AppData\Local\myuvfombt\yluxyaetssd.exe
    MSConfigStartUp-Setresolution - c:\acersw\config\1440x900.cmd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-01-15 20:32
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2015-01-15  20:35:00
    ComboFix-quarantined-files.txt  2015-01-16 03:34
    .
    Pre-Run: 102,270,787,584 bytes free
    Post-Run: 102,259,834,880 bytes free
    .
    - - End Of File - - E959212A6785172CEF6C24C78156B2AE
    A863475757CC50891AA8458C415E4B25
     

     

     

    Here is the MBRCheck log

     

    MBRCheck, version 1.2.3
    © 2010, AD

    Command-line:   
    Windows Version:  Windows Vista Home Premium Edition
    Windows Information:  Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Acer
    BIOS Manufacturer:  Phoenix Technologies, LTD
    System Manufacturer:  Acer
    System Product Name:  Aspire M1100
    Logical Drives Mask:  0x000001fc

    Kernel Drivers (total 167):
      0x82211000 \SystemRoot\system32\ntkrnlpa.exe
      0x825CB000 \SystemRoot\system32\hal.dll
      0x80607000 \SystemRoot\system32\kdcom.dll
      0x8060E000 \SystemRoot\system32\PSHED.dll
      0x8061F000 \SystemRoot\system32\BOOTVID.dll
      0x80627000 \SystemRoot\system32\CLFS.SYS
      0x80668000 \SystemRoot\system32\CI.dll
      0x80748000 \SystemRoot\system32\drivers\Wdf01000.sys
      0x807C9000 \SystemRoot\system32\drivers\WDFLDR.SYS
      0x87207000 \SystemRoot\system32\drivers\acpi.sys
      0x8724D000 \SystemRoot\system32\drivers\WMILIB.SYS
      0x87256000 \SystemRoot\system32\drivers\msisadrv.sys
      0x8725E000 \SystemRoot\system32\drivers\pci.sys
      0x87285000 \SystemRoot\System32\drivers\partmgr.sys
      0x87295000 \SystemRoot\system32\drivers\volmgr.sys
      0x872A4000 \SystemRoot\System32\drivers\volmgrx.sys
      0x872EE000 \SystemRoot\system32\drivers\pciide.sys
      0x872F5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
      0x87303000 \SystemRoot\System32\drivers\mountmgr.sys
      0x87313000 \SystemRoot\system32\drivers\atapi.sys
      0x8731B000 \SystemRoot\system32\drivers\ataport.SYS
      0x87339000 \SystemRoot\system32\drivers\fltmgr.sys
      0x8736B000 \SystemRoot\system32\drivers\fileinfo.sys
      0x8737B000 \SystemRoot\system32\DRIVERS\psdfilter.sys
      0x87384000 \SystemRoot\System32\Drivers\ksecdd.sys
      0x8740E000 \SystemRoot\system32\drivers\ndis.sys
      0x87519000 \SystemRoot\system32\drivers\msrpc.sys
      0x87544000 \SystemRoot\system32\drivers\NETIO.SYS
      0x8760D000 \SystemRoot\System32\Drivers\Ntfs.sys
      0x8771D000 \SystemRoot\system32\drivers\volsnap.sys
      0x87756000 \SystemRoot\System32\Drivers\spldr.sys
      0x8775E000 \SystemRoot\System32\Drivers\mup.sys
      0x8776D000 \SystemRoot\System32\drivers\ecache.sys
      0x87794000 \SystemRoot\system32\drivers\disk.sys
      0x877A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
      0x877C6000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
      0x877CE000 \SystemRoot\system32\drivers\crcdisk.sys
      0x8757F000 \SystemRoot\System32\Drivers\aswVmm.sys
      0x877D7000 \SystemRoot\System32\Drivers\aswRvrt.sys
      0x875AF000 \SystemRoot\system32\DRIVERS\tunnel.sys
      0x875BA000 \SystemRoot\system32\DRIVERS\tunmp.sys
      0x875C3000 \SystemRoot\system32\DRIVERS\amdk8.sys
      0x8CE06000 \SystemRoot\system32\DRIVERS\atikmdag.sys
      0x8D60E000 \SystemRoot\System32\drivers\dxgkrnl.sys
      0x8D6AE000 \SystemRoot\System32\drivers\watchdog.sys
      0x8D6BA000 \SystemRoot\system32\DRIVERS\yk60x86.sys
      0x8D706000 \SystemRoot\system32\DRIVERS\cdrom.sys
      0x8D71E000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
      0x8D720000 \SystemRoot\system32\DRIVERS\usbohci.sys
      0x8D72A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
      0x8D768000 \SystemRoot\system32\DRIVERS\usbehci.sys
      0x8D40A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
      0x8D497000 \SystemRoot\system32\DRIVERS\smserial.sys
      0x8D5A3000 \SystemRoot\system32\drivers\modem.sys
      0x8D5B0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
      0x8D5C0000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
      0x8D5CE000 \SystemRoot\system32\DRIVERS\fdc.sys
      0x8D5D9000 \SystemRoot\system32\DRIVERS\serial.sys
      0x8D5F3000 \SystemRoot\system32\DRIVERS\serenum.sys
      0x8D777000 \SystemRoot\system32\DRIVERS\parport.sys
      0x8D7A2000 \SystemRoot\system32\DRIVERS\mouclass.sys
      0x8D5FD000 \SystemRoot\system32\DRIVERS\lmimirr.sys
      0x8D7AD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
      0x8D7CE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
      0x8D3B1000 \SystemRoot\system32\DRIVERS\storport.sys
      0x8D600000 \SystemRoot\system32\DRIVERS\TDI.SYS
      0x875D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
      0x8D3F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
      0x807D7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
      0x875EA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
      0x8D80A000 \SystemRoot\system32\DRIVERS\raspptp.sys
      0x8D81E000 \SystemRoot\system32\DRIVERS\rassstp.sys
      0x8D833000 \SystemRoot\system32\DRIVERS\termdd.sys
      0x8D843000 \SystemRoot\system32\DRIVERS\kbdclass.sys
      0x8D84E000 \SystemRoot\system32\DRIVERS\swenum.sys
      0x8D850000 \SystemRoot\system32\DRIVERS\ks.sys
      0x8D87A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
      0x8D884000 \SystemRoot\system32\DRIVERS\umbus.sys
      0x8D891000 \SystemRoot\system32\DRIVERS\usbhub.sys
      0x8D8C6000 \SystemRoot\system32\drivers\MODEMCSA.sys
      0x8DC0B000 \SystemRoot\system32\drivers\RTKVHDA.sys
      0x8DDCB000 \SystemRoot\system32\drivers\portcls.sys
      0x8D8D0000 \SystemRoot\system32\drivers\drmk.sys
      0x8D8F5000 \SystemRoot\System32\Drivers\NDProxy.SYS
      0x8D906000 \SystemRoot\system32\drivers\aswSnx.sys
      0x8D9CA000 \SystemRoot\system32\DRIVERS\mozy.sys
      0x8E207000 \SystemRoot\system32\drivers\aswSP.sys
      0x8E26C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
      0x8E275000 \SystemRoot\System32\Drivers\Null.SYS
      0x8E27C000 \SystemRoot\System32\Drivers\Beep.SYS
      0x8E283000 \SystemRoot\system32\DRIVERS\i8042prt.sys
      0x8E29F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      0x8E2A6000 \SystemRoot\System32\drivers\vga.sys
      0x8E2B2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
      0x8E2BA000 \SystemRoot\system32\drivers\rdpencdd.sys
      0x8E2C2000 \SystemRoot\System32\Drivers\Msfs.SYS
      0x8E2CD000 \SystemRoot\System32\Drivers\Npfs.SYS
      0x8E2DB000 \SystemRoot\System32\DRIVERS\rasacd.sys
      0x8E2E4000 \SystemRoot\System32\drivers\tcpip.sys
      0x8E3D2000 \SystemRoot\System32\drivers\fwpkclnt.sys
      0x8D9DC000 \SystemRoot\system32\DRIVERS\tdx.sys
      0x8E3ED000 \SystemRoot\system32\drivers\aswTdi.sys
      0x8E80E000 \SystemRoot\system32\DRIVERS\smb.sys
      0x8E822000 \SystemRoot\System32\DRIVERS\netbt.sys
      0x8E854000 \SystemRoot\system32\drivers\afd.sys
      0x8E89C000 \SystemRoot\system32\drivers\aswRdr.sys
      0x8E8A8000 \SystemRoot\system32\drivers\ws2ifsl.sys
      0x8E8B1000 \SystemRoot\system32\DRIVERS\pacer.sys
      0x8E8C7000 \SystemRoot\system32\DRIVERS\netbios.sys
      0x8E8D5000 \SystemRoot\system32\DRIVERS\wanarp.sys
      0x8E8E8000 \SystemRoot\system32\DRIVERS\rdbss.sys
      0x8E924000 \SystemRoot\system32\drivers\nsiproxy.sys
      0x8E92E000 \SystemRoot\System32\Drivers\dfsc.sys
      0x8E945000 \SystemRoot\system32\DRIVERS\hidusb.sys
      0x8E94E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
      0x8E95E000 \SystemRoot\system32\DRIVERS\USBD.SYS
      0x8E960000 \SystemRoot\system32\DRIVERS\usbccgp.sys
      0x8E977000 \SystemRoot\system32\DRIVERS\mouhid.sys
      0x8E97F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
      0x8E988000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
      0x8E99D000 \SystemRoot\system32\DRIVERS\cdfs.sys
      0x8E9B3000 \SystemRoot\System32\Drivers\crashdmp.sys
      0x8E9C0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
      0x8E9CB000 \SystemRoot\System32\Drivers\dump_atapi.sys
      0x98040000 \SystemRoot\System32\win32k.sys
      0x8E9D3000 \SystemRoot\System32\drivers\Dxapi.sys
      0x8E9DD000 \SystemRoot\system32\DRIVERS\monitor.sys
      0x98260000 \SystemRoot\System32\TSDDD.dll
      0x98280000 \SystemRoot\System32\cdd.dll
      0x877E1000 \SystemRoot\system32\drivers\luafv.sys
      0x9E40E000 \SystemRoot\system32\drivers\aswMonFlt.sys
      0x9E42C000 \??\C:\Windows\system32\drivers\mbam.sys
      0x9E435000 \SystemRoot\system32\drivers\WudfPf.sys
      0x9E449000 \SystemRoot\system32\drivers\spsys.sys
      0x9E4F9000 \SystemRoot\system32\DRIVERS\lltdio.sys
      0x9E509000 \SystemRoot\system32\DRIVERS\nwifi.sys
      0x9E533000 \SystemRoot\system32\DRIVERS\ndisuio.sys
      0x9E53D000 \SystemRoot\system32\DRIVERS\pnarp.sys
      0x9E547000 \SystemRoot\system32\DRIVERS\purendis.sys
      0x9E551000 \SystemRoot\system32\DRIVERS\rspndr.sys
      0x9E564000 \SystemRoot\system32\drivers\HTTP.sys
      0x9E5D1000 \SystemRoot\System32\DRIVERS\srvnet.sys
      0xA060B000 \SystemRoot\system32\DRIVERS\bowser.sys
      0xA0624000 \SystemRoot\System32\drivers\mpsdrv.sys
      0xA0639000 \SystemRoot\system32\drivers\mrxdav.sys
      0xA065B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
      0xA067A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
      0xA06B3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
      0xA06CB000 \SystemRoot\System32\DRIVERS\srv2.sys
      0xA06F3000 \SystemRoot\System32\DRIVERS\srv.sys
      0xA0742000 \SystemRoot\system32\DRIVERS\parvdm.sys
      0xA0749000 \SystemRoot\system32\drivers\aswHwid.sys
      0xA074D000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
      0xA0754000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
      0xA0756000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
      0xA500A000 \SystemRoot\system32\drivers\peauth.sys
      0xA50E8000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
      0xA50F1000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
      0xA5103000 \SystemRoot\System32\Drivers\secdrv.SYS
      0xA510D000 \SystemRoot\System32\drivers\tcpipreg.sys
      0xA5119000 \??\C:\Windows\system32\drivers\tvicport.sys
      0xA511C000 \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
      0xA5155000 \??\C:\Windows\system32\drivers\zntport.sys
      0xA5156000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
      0xA5181000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
      0xA5183000 \??\C:\Users\Rich\AppData\Local\Temp\catchme.sys
      0x77B00000 \Windows\System32\ntdll.dll

    Processes (total 76):
           0 System Idle Process
           4 System
         512 C:\Windows\System32\smss.exe
         600 csrss.exe
         660 csrss.exe
         668 C:\Windows\System32\wininit.exe
         704 C:\Windows\System32\services.exe
         732 C:\Windows\System32\winlogon.exe
         748 C:\Windows\System32\lsass.exe
         756 C:\Windows\System32\lsm.exe
         912 C:\Windows\System32\svchost.exe
        1000 C:\Windows\System32\svchost.exe
        1040 C:\Windows\System32\Ati2evxx.exe
        1116 C:\Windows\System32\svchost.exe
        1156 C:\Windows\System32\svchost.exe
        1172 C:\Windows\System32\svchost.exe
        1276 C:\Windows\System32\audiodg.exe
        1300 C:\Windows\System32\svchost.exe
        1320 C:\Windows\System32\SLsvc.exe
        1372 C:\Windows\System32\svchost.exe
        1456 C:\Windows\System32\Ati2evxx.exe
        1596 C:\Windows\System32\svchost.exe
        1748 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
        1888 C:\Windows\System32\spoolsv.exe
        1912 C:\Windows\System32\svchost.exe
        2164 C:\Windows\System32\dwm.exe
        2188 C:\Windows\System32\taskeng.exe
        2228 C:\Windows\System32\taskeng.exe
        2336 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
        2348 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
        2392 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
        2624 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
        2688 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        2716 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
        2752 C:\Program Files\LogMeIn\x86\ramaint.exe
        2792 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
        2864 C:\Windows\System32\svchost.exe
        2896 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
        3024 C:\Windows\System32\svchost.exe
        3080 C:\Windows\System32\svchost.exe
        3100 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
        3180 C:\Windows\System32\SearchIndexer.exe
        3228 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
        3236 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
        3348 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
        3444 C:\Program Files\LogMeIn\x86\LogMeIn.exe
        3472 WUDFHost.exe
        3620 WmiPrvSE.exe
        3772 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
        3952 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
        1516 C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
        4060 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
        2452 C:\Windows\RtHDVCpl.exe
        1308 C:\Program Files\Microsoft LifeCam\LifeExp.exe
        2996 C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
        4156 C:\Program Files\AVAST Software\Avast\avastui.exe
        4164 C:\Program Files\Windows Sidebar\sidebar.exe
        4324 C:\Program Files\MozyHome\mozystat.exe
        4456 C:\Windows\System32\svchost.exe
        4824 C:\Windows\System32\taskeng.exe
        4860 C:\Program Files\CCleaner\CCleaner.exe
        5408 C:\Windows\System32\VSSVC.exe
        5576 C:\Windows\System32\svchost.exe
        5640 C:\Program Files\Windows Sidebar\sidebar.exe
        3216 C:\Windows\System32\wbem\unsecapp.exe
         448 C:\Program Files\MozyHome\mozybackup.exe
        5920 C:\Program Files\MozyHome\mozybackup.exe
        4668 C:\Windows\System32\svchost.exe
        4432 C:\Windows\System32\notepad.exe
        4116 C:\Windows\explorer.exe
        2096 C:\Program Files\Internet Explorer\iexplore.exe
        2748 C:\Program Files\Internet Explorer\iexplore.exe
        5348 C:\Program Files\Internet Explorer\iexplore.exe
        6076 C:\Windows\System32\SearchProtocolHost.exe
        7820 C:\Windows\System32\SearchFilterHost.exe
        8112 C:\Users\Rich\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000  (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`83700000  (NTFS)

    PhysicalDrive0 Model Number: WDCWD3200AAJS-22B4A0, Rev: 01.03A01

          Size  Device Name          MBR Status
      --------------------------------------------
        298 GB  \\.\PhysicalDrive0   Unknown MBR code
                SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E

    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    OK.  MBR is good.  Nice that Combofix decided to run now.  Makes me feel a lot better.

     

    Your Adobe reader is way out of date.  Go back into msconfig and check it before you uninstall it and then get the latest version from adobe.com.  Careful when you download it as they always offer optional foistware such as the ask tool bar or mcafee security scan so make sure you uncheck it before the final download.

     

    How is it running now?


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP