View Full Version : Spybot - Search & Destroy unable to remove Delta.Tollbar
mikewill
2014-01-30, 20:34
Hello,
Originally, I posted my request at http://forums.spybot.info/showthread.php?70113-Unable-to-remove-Delta-Tollbar.
Anyhow, I was running Spybot - Search & Destroy v2.2.21.0 on Windows 7 32-bit. (ERUNT doesn't support Windows 7. Should I run it? Is there an alternative?)
After completing a system scan, Spybot - Search & Destroy was unable to remove the following:
Delta.Tollbar
Settings :: HKLM\SOWTWARE\DataMngr :: Registry Key :: Adware-000 :: 15E43F9C
Spybot - Search & Destroy Log (DDS and aswMBR logs are further down)
Search results from Spybot - Search & Destroy
31-Jan-14 00:23:00
Scan took 00:17:41.
7 items found.
Delta.Toolbar: [SBI $15E43F9C] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3422875488-3658502439-2224259970-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3422875488-3658502439-2224259970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-3422875488-3658502439-2224259970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-10-17 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-01-29 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-14 Includes\Malware-C.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-01-29 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-29 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
DDS Log
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by Michael at 0:32:59 on 2014-01-31
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
F:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\spoolsv.exe
F:\Program Files\Bluetooth Suite\adminservice.exe
F:\Program Files\AOMEI Backupper\ABService.exe
F:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
F:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
F:\Program Files\Wise\Wise Care 365\WiseTray.exe
F:\Program Files\Process Lasso\processgovernor.exe
F:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
F:\Program Files\System Explorer\SystemExplorer.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\Program Files\Bluetooth Suite\BtvStack.exe
F:\Program Files\Bluetooth Suite\AthBtTray.exe
F:\Program Files\Glary Utilities 4\Integrator.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
F:\Program Files\WordWeb\wweb32.exe
F:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files\uTorrent\uTorrent.exe
F:\Program Files\Ditto\Ditto.exe
F:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\Drive\googledrivesync.exe
F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
F:\Program Files\Internet Download Manager\IDMan.exe
F:\Downloads\Programs\VectorClock-Sunset.exe
C:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\PhraseExpress\phraseexpress.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
F:\Program Files\Internet Download Manager\IEMonitor.exe
F:\PROGRA~1\DU Meter\DUMeter.exe
F:\Program Files\System Explorer\service\SystemExplorerService.exe
F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Users\Michael\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
C:\Windows\system32\sppsvc.exe
F:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
F:\Program Files\LastPass\nplastpass.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
F:\Program Files\Samsung\Kies\KiesTrayAgent.exe
F:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\explorer.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\System32\WUDFHost.exe
F:\Program Files\VideoLAN\VLC\vlc.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - f:\program files\internet download manager\IDMIECC.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - f:\program files\classic shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - f:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - f:\program files\java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - f:\program files\bluetooth suite\IEPlugIn.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - f:\program files\lastpass\LPToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - f:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - f:\program files\java\jre7\bin\jp2ssv.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - f:\program files\classic shell\ClassicIEDLL_32.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - f:\program files\lastpass\LPToolbar.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - f:\program files\classic shell\ClassicExplorer32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: "f:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [tinySpell] f:\program files\tinyspell\tinyspell.exe
uRun: [Ditto] f:\program files\ditto\Ditto.exe
uRun: [DU Meter] "f:\program files\du meter\DUMeter.exe" /autostart
uRun: [Rainlendar2] f:\program files\rainlendar2\Rainlendar2.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [] f:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe Run
uRun: [OfficeSyncProcess] "f:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [IDMan] f:\program files\internet download manager\IDMan.exe /onboot
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
uRun: [Programs\Vector-Clock_VectorClock-Sunset] "f:\downloads\programs\VectorClock-Sunset.exe"
uRun: [GUDelayStartup] f:\program files\glary utilities 4\StartupManager.exe -delayrun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [KiesPreload] f:\program files\samsung\kies\Kies.exe /preload
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [SystemExplorerAutoStart] "f:\program files\system explorer\SystemExplorer.exe" /TRAY
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [UnlockerAssistant] "f:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AtherosBtStack] "f:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "f:\program files\bluetooth suite\AthBtTray.exe"
mRun: "f:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IAStorIcon] "f:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe" "f:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
mRun: [Everything] "f:\program files\everything\Everything.exe" -startup
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtkNGUI.exe" -s
mRun: [WordWeb] "f:\program files\wordweb\wweb32.exe" -startup
mRun: [Classic Start Menu] "f:\program files\classic shell\ClassicStartMenu.exe" -autorun
uPolicies-Explorer: NoNetConnectDisconnect = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: HideClock = dword:1
mPolicies-Explorer: LockTaskbar = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - f:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - f:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - f:\progra~1\microsoft office\office14\EXCEL.EXE/3000
IE: LastPass - c:\users\michael\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\michael\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - f:\progra~1\microsoft office\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\program files\microsoft office\office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - f:\program files\lastpass\LPToolbar.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - f:\program files\classic shell\ClassicIE_32.exe
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - f:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - f:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5B0CAEBB-C1A5-485A-A9DD-69DFA29FF048} : NameServer = 8.8.8.8,8.8.4.4,
TCP: Interfaces\{8D455361-BC46-4759-9F56-A31844B9B5F5} : NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{8D455361-BC46-4759-9F56-A31844B9B5F5} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= ~
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - f:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\15vdszyg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.th4u.com
FF - prefs.js: keyword.URL - hxxp://th.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIIPT.dll
FF - plugin: c:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIUpdater.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\michael\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
FF - plugin: f:\progra~1\microsoft office\office14\NPAUTHZ.DLL
FF - plugin: f:\progra~1\microsoft office\office14\NPSPWRAP.DLL
FF - plugin: f:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: f:\program files\google\picasa3\npPicasa3.dll
FF - plugin: f:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: f:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: f:\program files\videolan\vlc\npvlc.dll
FF - plugin: f:\program files\wordweb\wcapturemoz\plugins\npWCX.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R? ????????tI";????4????t"
R? ampa;ampa
R? androidusb;SAMSUNG Android Composite ADB Interface Driver
R? ATHDFU;Atheros Valkyrie USB BootROM
R? AtiDCM;AtiDCM
R? avckf;avckf
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? BrowserDefendert;BrowserDefendert
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface
R? LiveUpdateSvc;LiveUpdate
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? Revoflt;Revoflt
R? SkypeUpdate;Skype Updater
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? ssadmdfl;SAMSUNG Android USB Modem (Filter)
R? ssadmdm;SAMSUNG Android USB Modem Drivers
R? ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM)
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies Service
R? WiseBootAssistant;Wise Boot Assistant
S? ambakdrv;ambakdrv
S? ammntdrv;ammntdrv
S? amwrtdrv;amwrtdrv
S? asmthub3;ASMedia USB3 Hub Service
S? asmtxhci;ASMEDIA XHCI Service
S? AthBTPort;Atheros Virtual Bluetooth Class
S? AtherosSvc;AtherosSvc
S? avc3;avc3
S? Backupper Service;AOMEI Backupper Scheduler Service
S? bdfwfpf;bdfwfpf
S? BootDefragDriver;BootDefragDriver
S? BTATH_A2DP;Bluetooth A2DP Audio Driver
S? BTATH_BUS;Atheros Bluetooth Bus
S? BTATH_HCRP;Bluetooth HCRP Server driver
S? BTATH_LWFLT;Bluetooth LWFLT Device
S? BTATH_RCP;Bluetooth AVRCP Device
S? BtFilter;BtFilter
S? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
S? DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver
S? DUMeterSvc;DU Meter Service
S? gzflt;gzflt
S? gzserv;Bitdefender Antivirus Free Edition
S? HWiNFO32;HWiNFO32/64 Kernel Driver
S? iaStorA;iaStorA
S? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
S? iaStorF;iaStorF
S? IDMWFP;IDMWFP
S? Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface
S? Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service
S? jhi_service;Intel(R) Dynamic Application Loader Host Interface Service
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MEI;Intel(R) Management Engine Interface
S? MpFilter;Microsoft Malware Protection Driver
S? NvStreamSvc;NVIDIA Streamer Service
S? nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
S? SDScannerService;Spybot-S&D 2 Scanner Service
S? SDUpdateService;Spybot-S&D 2 Updating Service
S? SDWSCService;Spybot-S&D 2 Security Center Service
S? Skype C2C Service;Skype C2C Service
S? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
S? SystemExplorerHelpService;System Explorer Service
S? TeamViewer9;TeamViewer 9
.
=============== File Associations ===============
.
FileExt: .txt: Applications\win32pad.exe="f:\program files\win32pad\win32pad.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-28 12:26:25 1573488 ----a-w- c:\windows\ampa.exe
2014-01-28 12:26:25 14448 ----a-w- c:\windows\system32\ampa.sys
2014-01-22 16:55:06 -------- d-----w- c:\users\michael\appdata\local\Skype
2014-01-22 11:16:04 -------- d-----w- c:\users\michael\appdata\roaming\GlarySoft
2014-01-22 11:16:02 14528 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-01-22 11:16:02 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-01-18 10:12:00 243904 ----a-w- c:\windows\system32\StartMenuHelper32.dll
2014-01-16 23:37:52 108000 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2014-01-15 11:43:12 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 11:43:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 11:43:04 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 11:43:04 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 11:43:04 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 11:43:04 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 11:43:04 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 11:43:04 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 11:43:04 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 11:39:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-11 16:16:27 -------- d-----w- c:\program files\common files\Innovative Solutions
2014-01-11 15:51:19 -------- d-----w- c:\users\michael\appdata\local\Innovative Solutions
2014-01-11 15:32:44 42496 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2014-01-07 15:54:43 -------- d-----w- c:\users\michael\appdata\roaming\DropboxMaster
2014-01-07 03:34:51 -------- d-----w- c:\users\michael\appdata\roaming\Wise Care 365
2014-01-07 01:19:31 -------- d-----w- c:\users\michael\appdata\roaming\ChemTable Software
2014-01-07 01:09:09 -------- d-----w- c:\users\michael\appdata\local\ChemTable Software
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2014-01-04 16:26:05 50688 ----a-w- c:\windows\system32\admwprox.dll
2014-01-04 16:26:05 154624 ----a-w- c:\windows\system32\iisRtl.dll
2014-01-04 16:26:03 26624 ----a-w- c:\windows\system32\ahadmin.dll
2014-01-04 16:26:03 15360 ----a-w- c:\windows\system32\iisreset.exe
2014-01-04 16:26:03 10752 ----a-w- c:\windows\system32\wamregps.dll
2014-01-04 16:26:02 8192 ----a-w- c:\windows\system32\iisrstap.dll
2014-01-04 06:41:36 -------- d-----w- c:\windows\system32\BestPractices
2014-01-04 06:41:36 -------- d-----w- C:\inetpub
2013-12-31 19:17:43 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
.
==================== Find3M ====================
.
2014-01-28 12:27:41 1024 ---h--w- C:\AMTAG.BIN
2014-01-14 11:56:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-14 11:56:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-11 10:04:48 3329288 ----a-w- c:\windows\system32\wweb32.dll
2013-12-29 17:08:04 9357824 ----a-w- c:\program files\common files\lpuninstall.exe
2013-12-08 04:01:50 1024 ---ha-w- C:\SYSTAG.BIN
2013-12-03 19:23:26 892704 ----a-w- c:\windows\system32\nvhdagenco32.dll
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ------w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 05:53:51 16384 ----a-w- C:\FixitRegBackup.reg
2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-16 14:08:33 73368 ----a-w- c:\windows\system32\drivers\hola_mon_drv.sys
2013-11-16 14:08:33 476056 ----a-w- c:\windows\system32\drivers\hola_drv.sys
2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-05 12:47:54 2888536 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2013-11-05 11:55:00 38385664 ----a-w- c:\windows\system32\RCoRes.dat
2013-11-04 12:26:24 124632 ----a-w- c:\windows\system32\RtkCoInstII.dll
2013-11-04 04:11:44 2328792 ----a-w- c:\windows\system32\RtkAPO.dll
.
============= FINISH: 0:35:09.66 ===============
11183
[U][B]aswMBR Log
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-31 00:49:10
-----------------------------
00:49:10.301 OS Version: Windows 6.1.7601 Service Pack 1
00:49:10.301 Number of processors: 4 586 0x2A07
00:49:10.303 ComputerName: MICHAEL-PC UserName: Michael
00:49:13.003 Initialize success
01:00:56.532 AVAST engine defs: 14013000
01:01:25.641 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
01:01:25.643 Disk 0 Vendor: ST330062 3.AA Size: 286168MB BusType: 11
01:01:25.761 Disk 0 MBR read successfully
01:01:25.769 Disk 0 MBR scan
01:01:25.906 Disk 0 Windows 7 default MBR code
01:01:25.911 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
01:01:25.936 Disk 0 Partition - 00 05 Extended 246167 MB offset 81915435
01:01:25.957 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99998 MB offset 81915498
01:01:25.977 Disk 0 Partition - 00 05 Extended 20732 MB offset 286712055
01:01:25.996 Disk 0 scanning sectors +586067265
01:01:26.185 Disk 0 scanning C:\Windows\system32\drivers
01:01:47.921 Service scanning
01:01:51.453 Service bdfwfpf F:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
01:01:51.478 Service bdselfpr F:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys **LOCKED** 5
01:02:23.352 Modules scanning
01:02:35.518 Disk 0 trace - called modules:
01:02:35.545 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys halmacpi.dll storport.sys iaStorA.sys
01:02:35.549 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88d83518]
01:02:35.552 3 CLASSPNP.SYS[8c65659e] -> nt!IofCallDriver -> [0x88d83a70]
01:02:35.556 5 iaStorF.sys[8c5f7868] -> nt!IofCallDriver -> [0x87c40828]
01:02:35.559 7 ACPI.sys[8baca3d4] -> nt!IofCallDriver -> \Device\00000067[0x86949228]
01:02:36.112 AVAST engine scan C:\Windows
01:02:39.012 AVAST engine scan C:\Windows\system32
01:09:24.707 AVAST engine scan C:\Windows\system32\drivers
01:09:45.586 AVAST engine scan C:\Users\Michael
01:17:55.738 AVAST engine scan C:\ProgramData
01:19:08.208 Scan finished successfully
01:19:52.469 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
01:19:52.498 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
====
Thank you in advance for assistance.
Hi and welcome
Tweaking.com Registry Backup
http://i.imgur.com/OJQgrbU.png Tweaking.com Registry Backup
Download the tool found here (http://www.bleepingcomputer.com/download/registry-backup/) to your Desktop so it is easy to find.
Double click on the file you just downloaded
to install it to your system.
Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
**Note** The tool should automatically open to the Backup Registry tab.
http://i.imgur.com/TRfuT3t.jpg
Press Backup Now
When the back up is complete, the tool will tell you that Successful */* Files Backed Up
You have now successfully backed up your Registry.
Once you have the tool downloaded there is a tab labeled Settings where you can set where the backups are saved at.
************************************************
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop.
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
mikewill
2014-01-31, 18:25
Thank you for the reply, Juliet.
1. I have successfully backed up my registry with the Tweaking.com - Registry Backup 1.6.9. Although, I was not able to download it from bleepingcomputer.com, so I downloaded it from majorgeeks.com.
14/14 Registry Files Backed up.
************************************************
2. Farbar Recovery Scan Tool
Here is the First.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by Michael (administrator) on MICHAEL-PC on 31-01-2014 23:00:48
Running from C:\Users\Michael\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(Bitdefender) F:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Atheros Commnucations) F:\Program Files\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AOMEI Tech Co., Ltd.) F:\Program Files\AOMEI Backupper\ABService.exe
(Hagel Technologies Ltd.) F:\Program Files\DU Meter\DUMeterSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Bitdefender) F:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(WiseCleaner.com) F:\Program Files\Wise\Wise Care 365\WiseTray.exe
(Bitsum LLC) F:\Program Files\Process Lasso\ProcessGovernor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Bitsum LLC) F:\Program Files\Process Lasso\ProcessLasso.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Mister Group) F:\Program Files\System Explorer\SystemExplorer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() F:\Program Files\Unlocker\UnlockerAssistant.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Atheros Commnucations) F:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) F:\Program Files\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Glarysoft Ltd) F:\Program Files\Glary Utilities 4\Integrator.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(WordWeb Software) F:\Program Files\WordWeb\wweb32.exe
(IvoSoft) F:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent, Inc.) F:\Program Files\uTorrent\uTorrent.exe
() F:\Program Files\Ditto\Ditto.exe
() F:\Program Files\Rainlendar2\Rainlendar2.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Tonec Inc.) F:\Program Files\Internet Download Manager\IDMan.exe
() F:\Downloads\Programs\VectorClock-Sunset.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Bartels Media GmbH) F:\Program Files\PhraseExpress\phraseexpress.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hagel Technologies Ltd.) F:\Program Files\DU Meter\DUMeter.exe
(Mister Group) F:\Program Files\System Explorer\service\SystemExplorerService.exe
(Tonec Inc.) F:\Program Files\Internet Download Manager\IEMonitor.exe
(Samsung Electronics Co., Ltd.) F:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Intel Corporation) F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics) F:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Samsung) F:\Program Files\Samsung\Kies\Kies.exe
(Intel Corporation) F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(KEDMI Scientific Computing) F:\Program Files\tinySpell\tinyspell.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(LastPass) F:\Program Files\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Gennady Feldman) F:\Program Files\Win32Pad\win32pad.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tweaking.com) F:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) F:\Program Files\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) F:\Program Files\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_32.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) F:\Program Files\Tweaking.com\Registry Backup\files\vss_pause.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM\...\Run: [SystemExplorerAutoStart] - F:\Program Files\System Explorer\SystemExplorer.exe [2860064 2013-11-30] (Mister Group)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-28] (NVIDIA Corporation)
HKLM\...\Run: [UnlockerAssistant] - F:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [AtherosBtStack] - F:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - F:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: - F:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] - F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Everything] - F:\Program Files\Everything\Everything.exe [602624 2009-03-13] ()
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6336216 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [WordWeb] - F:\Program Files\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
HKLM\...\Run: [Classic Start Menu] - F:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-01-18] (IvoSoft)
HKLM\...\Policies\Explorer: [HideClock] 1
HKLM\...\Policies\Explorer: [LockTaskbar] 1
HKCU\...\Run: [uTorrent] - F:\Program Files\uTorrent\uTorrent.exe [968592 2013-04-19] (BitTorrent, Inc.)
HKCU\...\Run: [tinySpell] - F:\Program Files\tinySpell\tinyspell.exe [281088 2012-11-12] (KEDMI Scientific Computing)
HKCU\...\Run: [Ditto] - F:\Program Files\Ditto\Ditto.exe [1433200 2012-11-08] ()
HKCU\...\Run: [DU Meter] - F:\Program Files\DU Meter\DUMeter.exe [4245400 2013-07-31] (Hagel Technologies Ltd.)
HKCU\...\Run: [Rainlendar2] - F:\Program Files\Rainlendar2\Rainlendar2.exe [2611808 2014-01-20] ()
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKCU\...\Run: [] - F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKCU\...\Run: [OfficeSyncProcess] - F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKCU\...\Run: [IDMan] - F:\Program Files\Internet Download Manager\IDMan.exe [3825232 2014-01-17] (Tonec Inc.)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKCU\...\Run: [Programs\Vector-Clock_VectorClock-Sunset] - F:\Downloads\Programs\VectorClock-Sunset.exe [1162096 2013-07-09] ()
HKCU\...\Run: [GUDelayStartup] - F:\Program Files\Glary Utilities 4\StartupManager.exe [37152 2014-01-22] (Glarysoft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20724384 2014-01-14] (Skype Technologies S.A.)
HKCU\...\Run: [KiesPreload] - F:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKCU\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKCU\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
MountPoints2: {ee116688-99b5-11e2-8e97-806e6f6e6963} - G:\setup.exe
AppInit_DLLs: ~ => File Not Found
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {6BD0964E-8B2C-4F7F-B683-D9D918FFD511} URL = http://th.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - F:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - F:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - F:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - F:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - F:\Program Files\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - F:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5B0CAEBB-C1A5-485A-A9DD-69DFA29FF048}: [NameServer]8.8.8.8,8.8.4.4,
Tcpip\..\Interfaces\{8D455361-BC46-4759-9F56-A31844B9B5F5}: [NameServer]8.8.8.8,8.8.4.4,192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default
FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.th4u.com
FF Keyword.URL: hxxp://th.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - F:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - F:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - F:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - F:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - F:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michael\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michael\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\searchplugins\google-translate-any--en.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\searchplugins\googlecom-in-english.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\searchplugins\yahoo-answers.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-01-23]
FF Extension: AccelerateTab - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\speeddial@instair.net [2013-08-20]
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\staged [2014-01-23]
FF Extension: LastPass - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\support@lastpass.com [2013-12-30]
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\trash [2014-01-23]
FF Extension: Add Google Search To New Tab Page - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2013-09-17]
FF HKLM\...\Firefox\Extensions: [wcapturex@deskperience.com] - F:\Program Files\WordWeb\\WCaptureMoz
FF Extension: WordWeb one-click lookup - F:\Program Files\WordWeb\\WCaptureMoz [2013-04-02]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5 [2014-01-17]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5 [2014-01-17]
FF StartMenuInternet: FIREFOX.EXE - F:\Program Files\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.th4u.com/
CHR DefaultSearchKeyword: http://www.google.com/ncr
CHR DefaultNewTabURL:
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-12]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-15]
CHR Extension: (Live Earnings Checker for Google AdSense™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbicjibfhlghijbhbcmppmajlmgbgoh [2013-05-23]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-15]
CHR Extension: (Hola Better Internet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-04-15]
CHR Extension: (LastPass) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-04-15]
CHR Extension: (IDM Integration Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-07-27]
CHR Extension: (Wikipedia Quick Hints) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnhgfghebflgcndlbppfanbchpgmkna [2013-04-15]
CHR Extension: (TV for Google Chrome™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe [2013-05-15]
CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-07]
CHR Extension: (Thesaurus Extension) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlghihanpgbalbphnffoehfkbcfcpic [2013-04-15]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-04-15]
CHR Extension: (FastestFox for Chrome) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-04-15]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Publisher Toolbar) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2013-05-23]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-15]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-01-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - F:\Program Files\WordWeb\wcxChrome.crx [2013-04-02]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-12]
========================== Services (Whitelisted) =================
R2 AtherosSvc; F:\Program Files\Bluetooth Suite\adminservice.exe [68768 2011-03-13] (Atheros Commnucations)
R2 Backupper Service; F:\Program Files\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.)
R2 DUMeterSvc; F:\Program Files\DU Meter\DUMeterSvc.exe [2385304 2013-07-31] (Hagel Technologies Ltd.)
R2 gzserv; F:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [54424 2013-10-08] (Bitdefender)
R2 IAStorDataMgrSvc; F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2013-02-13] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 MBAMScheduler; F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; F:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14573856 2013-08-28] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R3 SystemExplorerHelpService; F:\Program Files\System Explorer\service\SystemExplorerService.exe [567256 2012-11-25] (Mister Group)
S2 WiseBootAssistant; F:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-12-09] (WiseCleaner.com)
S2 BrowserDefendert; No ImagePath
S2 LiveUpdateSvc; No ImagePath
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
U2 楗敳潂瑯獁楳瑳湡tI"; 㩆停潲牧浡䘠汩獥坜獩履楗敳䌠牡㘳尵潂瑯楔敭攮數" [x]
==================== Drivers (Whitelisted) ====================
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] ()
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] ()
S3 ampa; C:\Windows\system32\ampa.sys [14448 2013-11-29] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] ()
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc)
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-13] (Atheros)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [43680 2011-03-13] (Windows (R) Win 7 DDK provider)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 bdfwfpf; F:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [108008 2013-10-23] (Bitdefender SRL)
R1 bdselfpr; F:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-10-23] (BitDefender LLC)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-13] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-13] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-13] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-13] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-13] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-13] (Atheros)
R3 DUMeterDrv; F:\Program Files\DU Meter\DUMETR32.SYS [19944 2013-03-01] (Hagel Technologies Ltd.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2013-02-21] (Intel Corporation)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [21624 2013-04-01] (REALiX(tm))
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [505192 2013-08-07] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25448 2013-08-07] (Intel Corporation)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [106296 2012-09-17] (JMicron Technology Corp.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [85976 2013-03-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-08-20] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
U5 UnlockerDriver5; F:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-05] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-31 23:00 - 2014-01-31 23:02 - 00031439 _____ C:\Users\Michael\Desktop\FRST.txt
2014-01-31 22:58 - 2014-01-31 22:55 - 01137152 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
2014-01-31 22:57 - 2014-01-31 23:00 - 00000000 ____D C:\FRST
2014-01-31 22:49 - 2014-01-31 22:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MICHAEL-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-01-31 22:48 - 2014-01-31 22:48 - 00000000 ____D C:\RegBackup
2014-01-31 22:41 - 2014-01-31 22:41 - 00001062 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-01-31 21:13 - 2014-01-31 21:13 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-31 21:12 - 2014-01-31 21:12 - 00000352 _____ C:\Windows\PFRO.log
2014-01-31 20:41 - 2014-01-31 20:41 - 00000674 _____ C:\Users\Michael\Desktop\The Bat!.lnk
2014-01-31 20:29 - 2014-01-31 20:29 - 00000000 ____D C:\ProgramData\SetApp
2014-01-31 20:12 - 2013-11-15 19:25 - 00010112 _____ C:\Users\Michael\ACCOUNT.~FLB
2014-01-31 15:01 - 2014-01-31 15:01 - 00109208 _____ C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-31 15:00 - 2014-01-31 21:13 - 00000672 _____ C:\Windows\setupact.log
2014-01-31 15:00 - 2014-01-31 15:00 - 00000000 _____ C:\Windows\setuperr.log
2014-01-31 14:59 - 2014-01-31 15:00 - 00409816 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-31 07:56 - 2014-01-31 22:55 - 00048281 _____ C:\Windows\WindowsUpdate.log
2014-01-31 01:19 - 2014-01-31 01:19 - 00002419 _____ C:\Users\Michael\Desktop\aswMBR.txt
2014-01-31 01:19 - 2014-01-31 01:19 - 00000512 _____ C:\Users\Michael\Desktop\MBR.dat
2014-01-31 00:43 - 2014-01-31 00:43 - 00002010 _____ C:\Users\Michael\Desktop\attach.zip
2014-01-31 00:35 - 2014-01-31 00:35 - 00025472 _____ C:\Users\Michael\Desktop\dds.txt
2014-01-31 00:35 - 2014-01-31 00:35 - 00004303 _____ C:\Users\Michael\Desktop\attach.txt
2014-01-31 00:22 - 2014-01-31 00:23 - 00000000 ____D C:\Users\Michael\Desktop\Spybot S&D
2014-01-30 23:45 - 2014-01-30 23:45 - 04745728 _____ (AVAST Software) C:\Users\Michael\Desktop\aswMBR.exe
2014-01-30 23:38 - 2014-01-30 23:38 - 00688992 ____R (Swearware) C:\Users\Michael\Desktop\dds.scr
2014-01-29 08:27 - 2014-01-30 00:05 - 00000000 ____D C:\Windows\Minidump
2014-01-28 19:26 - 2014-01-28 19:26 - 00000887 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Pro Edition 5.5.lnk
2014-01-28 19:26 - 2013-11-29 20:42 - 01573488 _____ C:\Windows\ampa.exe
2014-01-28 19:26 - 2013-11-29 10:31 - 00014448 _____ C:\Windows\system32\ampa.sys
2014-01-28 17:13 - 2014-01-28 17:13 - 00000956 _____ C:\Users\UpdatusUser\Desktop\DownloadHashVerifier.lnk
2014-01-28 17:13 - 2014-01-28 17:13 - 00000956 _____ C:\Users\Michael\Desktop\DownloadHashVerifier.lnk
2014-01-22 23:55 - 2014-01-22 23:55 - 00000000 ____D C:\Users\Michael\AppData\Local\Skype
2014-01-22 23:54 - 2014-01-22 23:54 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-22 18:16 - 2014-01-24 08:07 - 00000743 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-01-22 18:16 - 2014-01-24 08:07 - 00000324 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-22 18:16 - 2014-01-22 18:16 - 00000000 ____D C:\Users\Michael\AppData\Roaming\GlarySoft
2014-01-22 18:16 - 2014-01-22 08:16 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-01-22 18:16 - 2014-01-22 08:09 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-01-22 10:17 - 2014-01-22 10:33 - 00000000 ____D C:\Users\Michael\Desktop\GMER
2014-01-18 17:12 - 2014-01-18 17:12 - 00243904 _____ (IvoSoft) C:\Windows\system32\StartMenuHelper32.dll
2014-01-18 14:54 - 2014-01-18 14:54 - 00174142 _____ C:\Users\Michael\Desktop\gmer.log
2014-01-17 06:37 - 2013-11-28 07:24 - 00108000 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-01-15 18:43 - 2013-11-27 08:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 18:43 - 2013-11-27 08:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 18:43 - 2013-11-27 08:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 18:43 - 2013-11-27 08:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 18:43 - 2013-11-27 08:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 18:43 - 2013-11-27 08:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 18:43 - 2013-11-27 08:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 18:43 - 2013-11-26 18:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 18:43 - 2013-11-26 17:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 18:39 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-15 18:39 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-15 18:39 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-15 18:39 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-11 23:16 - 2014-01-11 23:16 - 00000000 ____D C:\Program Files\Common Files\Innovative Solutions
2014-01-11 22:51 - 2014-01-11 22:51 - 00000000 ____D C:\Users\Michael\AppData\Local\Innovative Solutions
2014-01-11 22:32 - 2009-11-05 12:24 - 00042496 _____ C:\Windows\system32\AdvUninstCPL.cpl
2014-01-08 09:20 - 2014-01-09 14:49 - 00000260 _____ C:\Users\Michael\Desktop\NVidia drivers.txt
2014-01-07 22:54 - 2014-01-07 22:54 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DropboxMaster
2014-01-07 22:47 - 2014-01-07 22:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-07 10:37 - 2014-01-31 21:13 - 00000402 _____ C:\Windows\Tasks\Wise Care 365.job
2014-01-07 10:34 - 2014-01-31 21:14 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Wise Care 365
2014-01-07 10:34 - 2014-01-07 10:34 - 00000811 _____ C:\Users\Public\Desktop\Wise Care 365.lnk
2014-01-07 08:19 - 2014-01-07 08:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ChemTable Software
2014-01-07 08:09 - 2014-01-07 08:09 - 00000000 ____D C:\Users\Michael\AppData\Local\ChemTable Software
2014-01-07 02:23 - 2014-01-07 02:23 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2014-01-07 01:50 - 2014-01-07 01:50 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2014-01-04 23:26 - 2012-06-01 11:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2014-01-04 23:26 - 2012-06-01 11:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2014-01-04 23:26 - 2012-06-01 11:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2014-01-04 23:26 - 2012-06-01 11:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2014-01-04 23:26 - 2012-06-01 11:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2014-01-04 23:26 - 2012-06-01 11:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2014-01-04 13:41 - 2014-01-04 13:41 - 00000000 ____D C:\Windows\system32\BestPractices
2014-01-04 13:41 - 2014-01-04 13:41 - 00000000 ____D C:\inetpub
2014-01-01 02:17 - 2014-01-01 02:17 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
==================== One Month Modified Files and Folders =======
2014-01-31 23:02 - 2014-01-31 23:00 - 00031439 _____ C:\Users\Michael\Desktop\FRST.txt
2014-01-31 23:02 - 2013-04-01 21:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\uTorrent
2014-01-31 23:00 - 2014-01-31 22:57 - 00000000 ____D C:\FRST
2014-01-31 23:00 - 2013-04-01 18:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2014-01-31 22:58 - 2013-04-02 00:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DMCache
2014-01-31 22:55 - 2014-01-31 22:58 - 01137152 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
2014-01-31 22:55 - 2014-01-31 07:56 - 00048281 _____ C:\Windows\WindowsUpdate.log
2014-01-31 22:54 - 2013-04-05 20:55 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Ditto
2014-01-31 22:50 - 2013-11-24 00:45 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cee873bbaba2f8.job
2014-01-31 22:49 - 2014-01-31 22:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MICHAEL-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-01-31 22:48 - 2014-01-31 22:48 - 00000000 ____D C:\RegBackup
2014-01-31 22:41 - 2014-01-31 22:41 - 00001062 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-01-31 22:40 - 2013-09-26 02:39 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2014-01-31 22:37 - 2013-04-15 12:58 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 22:19 - 2013-04-09 23:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 21:44 - 2013-10-07 23:32 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ClassicShell
2014-01-31 21:16 - 2013-04-02 02:06 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2014-01-31 21:14 - 2014-01-07 10:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Wise Care 365
2014-01-31 21:14 - 2013-06-19 19:32 - 00000000 ___RD C:\Users\Michael\Google Drive
2014-01-31 21:14 - 2013-05-11 16:36 - 00000000 ____D C:\Users\Michael\.rainlendar2
2014-01-31 21:13 - 2014-01-31 21:13 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-31 21:13 - 2014-01-31 15:00 - 00000672 _____ C:\Windows\setupact.log
2014-01-31 21:13 - 2014-01-07 10:37 - 00000402 _____ C:\Windows\Tasks\Wise Care 365.job
2014-01-31 21:13 - 2013-11-24 00:44 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cee873b8b0f56d.job
2014-01-31 21:13 - 2013-04-15 12:58 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 21:13 - 2013-04-01 18:20 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-31 21:13 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-31 21:12 - 2014-01-31 21:12 - 00000352 _____ C:\Windows\PFRO.log
2014-01-31 21:10 - 2013-04-02 01:03 - 00000000 ____D C:\Users\Michael\Documents\PhraseExpress
2014-01-31 21:00 - 2013-05-31 21:46 - 00000382 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2014-01-31 20:43 - 2013-04-08 09:52 - 00011732 _____ C:\Users\Michael\Account.CFN
2014-01-31 20:43 - 2013-04-02 16:32 - 00000000 ____D C:\Users\Michael\AppData\Roaming\The Bat!
2014-01-31 20:41 - 2014-01-31 20:41 - 00000674 _____ C:\Users\Michael\Desktop\The Bat!.lnk
2014-01-31 20:29 - 2014-01-31 20:29 - 00000000 ____D C:\ProgramData\SetApp
2014-01-31 20:29 - 2013-09-05 15:02 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-31 20:12 - 2013-04-08 09:53 - 00000000 ____D C:\Users\Michael\Trash
2014-01-31 20:12 - 2013-03-30 21:05 - 00000000 ____D C:\Users\Michael
2014-01-31 19:40 - 2013-10-18 21:21 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-01-31 19:39 - 2013-04-05 19:29 - 00000000 ____D C:\Program Files\Calibre2
2014-01-31 19:12 - 2013-04-02 15:42 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2014-01-31 15:01 - 2014-01-31 15:01 - 00109208 _____ C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-31 15:00 - 2014-01-31 15:00 - 00000000 _____ C:\Windows\setuperr.log
2014-01-31 15:00 - 2014-01-31 14:59 - 00409816 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-31 10:34 - 2013-10-18 10:09 - 00000000 ____D C:\Users\Michael\AppData\Local\PrivaZer
2014-01-31 10:33 - 2013-04-03 17:24 - 00000000 ____D C:\Users\Michael\AppData\Roaming\WordWeb
2014-01-31 10:02 - 2013-04-06 00:16 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IDM
2014-01-31 02:00 - 2009-07-14 11:34 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 02:00 - 2009-07-14 11:34 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 01:19 - 2014-01-31 01:19 - 00002419 _____ C:\Users\Michael\Desktop\aswMBR.txt
2014-01-31 01:19 - 2014-01-31 01:19 - 00000512 _____ C:\Users\Michael\Desktop\MBR.dat
2014-01-31 00:43 - 2014-01-31 00:43 - 00002010 _____ C:\Users\Michael\Desktop\attach.zip
2014-01-31 00:35 - 2014-01-31 00:35 - 00025472 _____ C:\Users\Michael\Desktop\dds.txt
2014-01-31 00:35 - 2014-01-31 00:35 - 00004303 _____ C:\Users\Michael\Desktop\attach.txt
2014-01-31 00:23 - 2014-01-31 00:22 - 00000000 ____D C:\Users\Michael\Desktop\Spybot S&D
2014-01-30 23:45 - 2014-01-30 23:45 - 04745728 _____ (AVAST Software) C:\Users\Michael\Desktop\aswMBR.exe
2014-01-30 23:38 - 2014-01-30 23:38 - 00688992 ____R (Swearware) C:\Users\Michael\Desktop\dds.scr
2014-01-30 18:20 - 2013-04-02 02:07 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-30 09:42 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-30 08:31 - 2013-04-24 23:17 - 00000867 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-01-30 08:27 - 2013-09-03 09:03 - 00000000 ____D C:\Users\Michael\Documents\SelfMV
2014-01-30 00:05 - 2014-01-29 08:27 - 00000000 ____D C:\Windows\Minidump
2014-01-30 00:05 - 2013-05-24 14:42 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2014-01-29 22:22 - 2009-07-14 09:37 - 00000000 ___RD C:\Users\Public
2014-01-29 11:00 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\LogFiles
2014-01-28 19:27 - 2013-12-08 10:56 - 00001024 ____H C:\AMTAG.BIN
2014-01-28 19:26 - 2014-01-28 19:26 - 00000887 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Pro Edition 5.5.lnk
2014-01-28 17:13 - 2014-01-28 17:13 - 00000956 _____ C:\Users\UpdatusUser\Desktop\DownloadHashVerifier.lnk
2014-01-28 17:13 - 2014-01-28 17:13 - 00000956 _____ C:\Users\Michael\Desktop\DownloadHashVerifier.lnk
2014-01-24 08:07 - 2014-01-22 18:16 - 00000743 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-01-24 08:07 - 2014-01-22 18:16 - 00000324 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-23 20:35 - 2013-04-01 18:39 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ProcessLasso
2014-01-23 15:04 - 2013-03-31 11:48 - 00000000 ____D C:\Windows\Panther
2014-01-22 23:55 - 2014-01-22 23:55 - 00000000 ____D C:\Users\Michael\AppData\Local\Skype
2014-01-22 23:54 - 2014-01-22 23:54 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-22 23:54 - 2013-05-14 20:24 - 00000000 ___RD C:\Program Files\Skype
2014-01-22 23:54 - 2013-05-14 20:23 - 00000000 ____D C:\ProgramData\Skype
2014-01-22 18:16 - 2014-01-22 18:16 - 00000000 ____D C:\Users\Michael\AppData\Roaming\GlarySoft
2014-01-22 10:33 - 2014-01-22 10:17 - 00000000 ____D C:\Users\Michael\Desktop\GMER
2014-01-22 08:16 - 2014-01-22 18:16 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-01-22 08:09 - 2014-01-22 18:16 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-01-21 19:23 - 2009-07-14 11:53 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-19 20:52 - 2013-12-03 23:47 - 00000000 ____D C:\ProgramData\ClassicShell
2014-01-18 17:12 - 2014-01-18 17:12 - 00243904 _____ (IvoSoft) C:\Windows\system32\StartMenuHelper32.dll
2014-01-18 14:54 - 2014-01-18 14:54 - 00174142 _____ C:\Users\Michael\Desktop\gmer.log
2014-01-15 23:47 - 2013-04-02 03:36 - 00000817 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordWeb Pro.lnk
2014-01-15 18:49 - 2013-07-10 21:59 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 18:44 - 2013-04-01 18:34 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 18:40 - 2013-10-19 08:01 - 00000000 ____D C:\ProgramData\Oracle
2014-01-14 18:56 - 2013-04-09 23:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-14 18:56 - 2013-04-09 23:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-12 19:20 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\rescache
2014-01-11 23:16 - 2014-01-11 23:16 - 00000000 ____D C:\Program Files\Common Files\Innovative Solutions
2014-01-11 23:16 - 2013-07-31 20:03 - 00000000 ____D C:\ProgramData\Innovative Solutions
2014-01-11 22:51 - 2014-01-11 22:51 - 00000000 ____D C:\Users\Michael\AppData\Local\Innovative Solutions
2014-01-11 17:04 - 2013-04-02 03:36 - 03329288 _____ (WordWeb Software) C:\Windows\system32\wweb32.dll
2014-01-09 14:49 - 2014-01-08 09:20 - 00000260 _____ C:\Users\Michael\Desktop\NVidia drivers.txt
2014-01-08 14:47 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\schemas
2014-01-07 22:54 - 2014-01-07 22:54 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DropboxMaster
2014-01-07 22:47 - 2014-01-07 22:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-07 22:46 - 2013-04-05 11:37 - 00000771 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2014-01-07 22:23 - 2013-04-04 05:20 - 00000000 ___RD C:\Users\Michael\Desktop\Text Files
2014-01-07 10:34 - 2014-01-07 10:34 - 00000811 _____ C:\Users\Public\Desktop\Wise Care 365.lnk
2014-01-07 08:19 - 2014-01-07 08:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ChemTable Software
2014-01-07 08:09 - 2014-01-07 08:09 - 00000000 ____D C:\Users\Michael\AppData\Local\ChemTable Software
2014-01-07 02:23 - 2014-01-07 02:23 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2014-01-07 01:50 - 2014-01-07 01:50 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2014-01-06 19:22 - 2013-07-12 03:48 - 00000722 _____ C:\Users\Public\Desktop\System Ninja.lnk
2014-01-05 12:34 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\inetsrv
2014-01-04 13:42 - 2010-11-21 04:01 - 00838012 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 13:41 - 2014-01-04 13:41 - 00000000 ____D C:\Windows\system32\BestPractices
2014-01-04 13:41 - 2014-01-04 13:41 - 00000000 ____D C:\inetpub
2014-01-04 13:02 - 2013-10-31 14:26 - 00000000 ____D C:\ProgramData\ProductData
2014-01-01 02:17 - 2014-01-01 02:17 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
Files to move or delete:
====================
C:\Users\Michael\Network_Meter_Data.js
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ufxl1.dll
C:\Users\Michael\AppData\Local\Temp\htmlayout.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 19:34
==================== End Of Log ============================
The [B]Additional.txt I will copy in the next post. I get an error: "The text that you have entered is too long (84380 characters). Please shorten it to 64000 characters long."
mikewill
2014-01-31, 18:28
Continuation to the previous post...
Additional.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2014 01
Ran by Michael at 2014-01-31 23:02:28
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
==================== Installed Programs ======================
µTorrent (Version: 3.2.2.28500 - BitTorrent Inc.)
Adobe Bridge 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Advanced Uninstaller PRO - Version 11 (Version: 11 - Innovative Solutions)
Amolto Call Recorder for Skype (Version: 2.3.0 - Amolto)
Android Data Recovery (Version: - Tenorshare, Inc.)
AnvSoft Photo Slideshow Maker Professional 5.56 (Version: 5.56 - AnvSoft, Inc.)
AOMEI Backupper (Version: - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Pro Edition 5.5 (Version: - AOMEI Technology Co., Ltd.)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.16.4.0 - Asmedia Technology)
Auslogics BoostSpeed (Version: 6.4.2.0 - Auslogics Labs Pty Ltd)
Auslogics DiskDefrag (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
Bitdefender Antivirus Free Edition (Version: 1.0.20.1083 - Bitdefender)
Bluetooth Win7 Suite (Version: 7.2.0.65 - Atheros Communications)
BusinessCards MX (Version: 4.90 - MOJOSOFT)
calibre (Version: 1.22.0 - Kovid Goyal)
CCleaner (Version: 4.10 - Piriform)
Classic Shell (Version: 4.0.4 - IvoSoft)
CloudReading (Version: 1.1.55.103 - Foxit Corporation)
Corel PaintShop Pro X5 (Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (Version: 15.1.0.10 - Corel Corporation) Hidden
CPUID CPU-Z 1.68 (Version: - )
Daum PotPlayer 1.5.44465 (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
Ditto (Version: - Scott Brogden)
Dropbox (HKCU Version: 2.6.6 - Dropbox, Inc.)
DU Meter (Version: 6.20 - Hagel Technologies Ltd.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Eusing Free Registry Cleaner (Version: - Eusing Software)
Everything 1.2.1.371 (Version: - )
FastStone Capture 7.5 (Version: 7.5 - FastStone Soft)
FastStone Image Viewer 4.9 (Version: 4.9 - FastStone Soft)
FileZilla Client 3.7.3 (Version: 3.7.3 - Tim Kosse)
Folder Colorizer version 1.2.1 (Version: 1.2.1 - Softorino)
FolderIco 1.0 (Version: - teorex)
Foxit Reader (Version: 6.1.2.1224 - Foxit Corporation)
GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
Glary Utilities PRO 4.5 (Version: 4.5.0.89 - Glarysoft Ltd)
GMail Drive Shell Extension (Version: 1.0.20 - viksoe.dk)
Google Chrome (Version: 32.0.1700.102 - Google Inc.)
Google Drive (Version: 1.13.5782.599 - Google, Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Talk Plugin (Version: 4.4.2.14502 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (Version: 1.0.21.81 - Google)
ICA (Version: 15.0.0.183 - Corel Corporation) Hidden
Inpaint 5.6 (Version: - Teorex)
Intel(R) Management Engine Components (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Network Connections 18.3.72.0 (Version: 18.3.72.0 - Intel)
Intel(R) Network Connections 18.3.72.0 (Version: 18.3.72.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Internet Download Manager (Version: - Tonec Inc.)
IPM_PSP_COM (Version: 15.0.0.183 - Corel Corporation) Hidden
iResizer 2.4 (Version: - teorex)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaScript Slideshow Maker 3.1 Free Version (Version: - Magic Hills Pty Ltd)
LastPass (uninstall only) (Version: - LastPass)
Logitech Webcam Software (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.3.145.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.145.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2005 (Version: - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.56405 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MyFreeCodec (HKCU Version: - )
NVIDIA 3D Vision Controller Driver 326.01 (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 327.23 (Version: 327.23 - NVIDIA Corporation)
NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Update 8.3.14 (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5 - NVIDIA Corporation)
Perspective Pilot Free 3.4.0 (Version: 3.4.0 - Two Pilots)
PhraseExpress v10.0.135 (Version: 10.0.135 - Bartels Media GmbH)
Picasa 3 (Version: 3.9 - Google, Inc.)
PrivaZer (Version: 2.15.0.0 - Goversoft LLC)
Process Lasso (Version: 6.7.0.34 - Bitsum)
PSPPContent (Version: 15.1.0.9 - Corel Corporation) Hidden
PSPPHelp (Version: 15.0.0.183 - Corel Corporation) Hidden
Rainlendar2 (remove only) (Version: - )
Realtek High Definition Audio Driver (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Registrar Registry Manager 7.52 (Version: - Resplendence Software Projects Sp.)
Restore Point Creator version 1.7 (Version: 1.7 - )
Revo Uninstaller Pro 3.0.8 (Version: 3.0.8 - VS Revo Group, Ltd.)
Riot - Radical Image Optimization Tool (Version: - )
Samsung Kies (Version: 2.5.3.13043_13 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13043_13 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Setup (Version: 15.0.0.183 - Corel Corporation) Hidden
SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden
Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.13 (Version: 6.13.104 - Skype Technologies S.A.)
Soft Organizer version 3.04 (Version: 3.04 - ChemTable Software)
Spybot - Search & Destroy (Version: 2.2.25 - Safer-Networking Ltd.)
Startup Delayer v3.0 (build 357) (Version: 3.0 (build 357) - r2 Studios)
System Explorer 4.5.0 (Version: - Mister Group)
System Ninja version 2.4.5 (Version: 2.4.5 - SingularLabs)
System Requirements Lab for Intel (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (Version: 9.0.25790 - TeamViewer)
Teorex Inpaint 5.4 (Version: - )
The Bat! Professional (Version: - Ritlabs S.R.L.)
The Bat! Professional v6.2.8 (Version: 6.2.8 - Ritlabs)
tinySpell 1.9.44 (Version: - KEDMI Scientific Computing)
Tweaking.com - Registry Backup (Version: 1.6.9 - Tweaking.com)
UltraEdit (Version: 20.00.1056 - IDM Computer Solutions, Inc.)
UltraEdit (Version: 20.00.1056 - IDM Computer Solutions, Inc.) Hidden
Unlocker 1.9.2 (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version: - Microsoft)
VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WinDirStat 1.1.2 (HKCU Version: - )
WinRAR 5.01 (32-bit) (Version: 5.01.0 - win.rar GmbH)
Wise Care 365 version 2.92 (Version: 2.9.4 - WiseCleaner.com, Inc.)
WordWeb Pro (Version: 7 - WordWeb Software)
==================== Restore Points =========================
29-01-2014 02:49:09 C
29-01-2014 02:50:25 C
29-01-2014 03:08:55 Windows Update
29-01-2014 03:56:50 C
29-01-2014 15:39:13 C
31-01-2014 12:34:27 Installed calibre
31-01-2014 12:38:24 Installed calibre
31-01-2014 13:09:24 Installed The Bat! Professional v6.2.8
==================== Hosts content: ==========================
2009-07-14 09:04 - 2013-10-17 20:40 - 00450769 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 licensing.ultraedit.com
127.0.0.1 licensing2.ultraedit.com
127.0.0.1 www.iobit.com (http://www.iobit.com)
127.0.0.1 www.asc55.iobit.com (http://www.asc55.iobit.com)
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {01F90729-EC43-41FD-8368-6990EBEDEE07} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {224FD65C-5E6F-40F4-8C1E-D813DB456FB4} - System32\Tasks\Wise Turbo Checker => F:\Program Files\Wise\Wise Care 365\WiseTurbo.exe [2013-12-09] (WiseCleaner.COM)
Task: {22E2AAE4-694E-4992-A3B8-CF860392A1CE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation)
Task: {3042FCF4-25CD-4821-AC28-379D3A8693D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
Task: {326E7BE8-A632-479B-AE51-7AEC7003DB37} - System32\Tasks\GlaryInitialize 4 => F:\Program Files\Glary Utilities 4\Initialize.exe [2014-01-22] (Glarysoft Ltd)
Task: {4BA925EB-2BD1-4B8C-BC45-45D7AD009151} - System32\Tasks\Process Lasso Core Engine Only => F:\Program Files\Process Lasso\processgovernor.exe [2014-01-22] (Bitsum LLC)
Task: {5FB6C82A-23B3-4EE9-ABF0-BB06FD2F7C46} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-09-04] (Microsoft)
Task: {64247781-28D6-48FC-BF71-A0D3EE897759} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation)
Task: {6C2DFBAD-B12C-48EA-B671-28FF48E2B395} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {74762E07-6AD1-4AD4-A2C8-172C853F7A79} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert
Task: {74D786D2-A63F-4095-BE9A-43268B347F98} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation)
Task: {89CA3C21-5A73-4148-9AFF-1D684B2F6B9E} - System32\Tasks\GoogleUpdateTaskMachineCore1cee873b8b0f56d => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
Task: {8BFC5F33-0A7E-4A9D-B3F9-67CB22BBF091} - System32\Tasks\GoogleUpdateTaskMachineUA1cee873bbaba2f8 => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
Task: {9097A25C-CDB6-42D8-B2EE-450B6063B5E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
Task: {91019417-9733-4E1E-AC2A-AEAE2EA20BE7} - System32\Tasks\Wise Care 365 => F:\Program Files\Wise\Wise Care 365\WiseTray.exe [2013-12-09] (WiseCleaner.com)
Task: {AECB464B-FC8F-4AC6-ABA0-1A226B9FC347} - System32\Tasks\GU4SkipUAC => F:\Program Files\Glary Utilities 4\Integrator.exe [2014-01-22] (Glarysoft Ltd)
Task: {B3D79AF4-738F-46BB-9D8B-1DCB18833B8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {BF3BD3CA-18FF-49BC-AE76-00F0C918C43A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation)
Task: {C31AA4ED-3343-4FA0-87B0-E15FF497A24F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {DCAC5DB1-C0E5-416B-83C9-D2D1A4D27E78} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {E4CA2239-3A3B-42D6-A1EF-B6460E73549C} - System32\Tasks\Process Lasso Management Console (GUI) => F:\Program Files\Process Lasso\processlasso.exe [2014-01-22] (Bitsum LLC)
Task: {EB38B438-8ECC-44A8-8609-C40C10899CE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-14] (Adobe Systems Incorporated)
Task: {FE9BC3FE-6803-4F4B-A282-BA36D1C1911C} - System32\Tasks\CCleanerSkipUAC => F:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => F:\Program Files\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cee873b8b0f56d.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cee873bbaba2f8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Care 365.job => F:\Program Files\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => F:\Program Files\Wise\Wise Care 365\WiseTurbo.exe
==================== Loaded Modules (whitelisted) =============
2014-01-29 10:48 - 2013-10-08 04:44 - 00508136 ____N () F:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2010-07-05 04:32 - 2010-07-05 04:32 - 00004608 _____ () F:\Program Files\Unlocker\UnlockerHook.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () F:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-08 02:25 - 2013-08-08 02:25 - 00093696 _____ () F:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-07-05 04:32 - 2010-07-05 04:32 - 00010752 _____ () F:\Program Files\Unlocker\UnlockerCOM.dll
2013-03-15 19:00 - 2013-03-15 19:00 - 00100864 _____ () F:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll
2013-10-17 19:58 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-17 19:58 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-22 08:16 - 2014-01-22 08:16 - 00080160 _____ () F:\Program Files\Glary Utilities 4\zlib1.dll
2012-05-17 02:01 - 2012-05-17 02:01 - 00140800 _____ () F:\Program Files\Rainlendar2\lua52.dll
2014-01-05 00:20 - 2014-01-05 00:20 - 00249344 _____ () F:\Program Files\Rainlendar2\libical.dll
2014-01-20 14:48 - 2014-01-20 14:48 - 00060512 _____ () F:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2014-01-05 00:00 - 2014-01-05 00:00 - 00065024 _____ () F:\Program Files\Rainlendar2\libicalss.dll
2012-06-17 20:22 - 2012-06-17 20:22 - 00012800 _____ () F:\Program Files\Rainlendar2\lfs.dll
2013-04-04 19:21 - 2014-01-16 15:12 - 00453952 _____ () F:\Program Files\PhraseExpress\pexlang.dll
2014-01-31 21:15 - 2014-01-31 21:15 - 00041984 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ufxl1.dll
2013-08-24 02:01 - 2013-08-24 02:01 - 25100288 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-31 21:14 - 2014-01-31 21:14 - 00098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32api.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\pywintypes27.dll
2014-01-31 21:14 - 2014-01-31 21:14 - 00364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\pythoncom27.dll
2014-01-31 21:14 - 2014-01-31 21:14 - 00044032 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_socket.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 01153024 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_ssl.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32com.shell.shell.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00711680 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_hashlib.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 01175040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._core_.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00805888 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._gdi_.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00811008 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._windows_.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 01062400 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._controls_.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00735232 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._misc_.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00128512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_elementtree.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\pyexpat.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00557056 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\pysqlite2._sqlite.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00087040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_ctypes.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32file.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32security.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32event.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32inet.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00122368 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._wizard.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00026624 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_multiprocessing.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00070656 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._html2.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\select.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\unicodedata.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32pdh.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00521680 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\windows._lib_cacheinvalidation.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32crypt.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32pipe.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32process.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32profile.pyd
2014-01-31 21:14 - 2014-01-31 21:14 - 00022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32ts.pyd
2013-04-14 15:59 - 2013-03-01 11:38 - 00166808 _____ () F:\Program Files\DU Meter\ssleay32.dll
2013-04-14 15:59 - 2013-03-01 11:38 - 00846744 _____ () F:\Program Files\DU Meter\libeay32.dll
2013-12-05 23:12 - 2013-12-05 23:12 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\300c5a74c0323c565bce42ebdeb70b86\Kies.Common.DeviceServiceLib.Interface.ni.dll
2013-12-05 23:13 - 2013-12-05 23:13 - 14971904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\00a6d87fa7094061539e76cba0bf6f9c\Kies.Theme.ni.dll
2013-12-05 23:12 - 2013-12-05 23:12 - 01844224 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8abe25a7b262f8b65a0900e445b961f5\Kies.UI.ni.dll
2013-12-05 23:12 - 2013-12-05 23:12 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\1787c20ef39452a76b877af1ebae771d\Kies.MVVM.ni.dll
2013-10-21 21:43 - 2013-10-21 21:43 - 00236544 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\9de98f06882d62c4ed949cd8756798b5\ASF_cSharpAPI.ni.dll
2014-01-06 10:52 - 2014-01-06 10:52 - 03244032 _____ () C:\Users\Michael\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2014-01-28 15:44 - 2014-01-23 12:56 - 00715544 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-28 15:44 - 2014-01-23 12:56 - 00100120 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-28 15:44 - 2014-01-23 12:56 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 15:44 - 2014-01-23 12:57 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 15:44 - 2014-01-23 12:55 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2014-01-28 15:44 - 2014-01-23 12:56 - 13615896 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:0A8E2C33
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/31/2014 09:15:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/31/2014 09:13:27 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the file specified.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the file specified.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the file specified.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the file specified.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
System errors:
=============
Error: (01/31/2014 11:03:00 PM) (Source: Service Control Manager) (User: )
Description: The BrowserDefendert service failed to start due to the following error:
%%3
Error: (01/31/2014 11:02:00 PM) (Source: Service Control Manager) (User: )
Description: The BrowserDefendert service failed to start due to the following error:
%%3
Error: (01/31/2014 11:01:00 PM) (Source: Service Control Manager) (User: )
Description: The BrowserDefendert service failed to start due to the following error:
%%3
Error: (01/31/2014 11:00:00 PM) (Source: Service Control Manager) (User: )
Description: The BrowserDefendert service failed to start due to the following error:
%%3
Error: (01/31/2014 10:59:00 PM) (Source: Service Control Manager) (User: )
Description: The BrowserDefendert service failed to start due to the following error:
%%3
Error: (01/31/2014 10:58:00 PM) (Source: Service Control Manager) (User: )
Description: The BrowserDefendert service failed to start due to the following error:
%%3
Error: (01/31/2014 10:57:00 PM) (Source: Service Control Manager) (User: )
Description: The BrowserDefendert service failed to start due to the following error:
%%3
Error: (01/31/2014 10:56:00 PM) (Source: Service Control Manager) (User: )
Description: The BrowserDefendert service failed to start due to the following error:
%%3
Error: (01/31/2014 10:55:00 PM) (Source: Service Control Manager) (User: )
Description: The BrowserDefendert service failed to start due to the following error:
%%3
Error: (01/31/2014 10:54:00 PM) (Source: Service Control Manager) (User: )
Description: The BrowserDefendert service failed to start due to the following error:
%%3
Microsoft Office Sessions:
=========================
Error: (01/31/2014 09:15:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/31/2014 09:13:27 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description: The system cannot find the file specified.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description:
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description: The system cannot find the file specified.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description:
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description: The system cannot find the file specified.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description:
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description: The system cannot find the file specified.
Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
Description:
==================== Memory info ===========================
Percentage of memory in use: 89%
Total physical RAM: 3055.13 MB
Available physical RAM: 307.79 MB
Total Pagefile: 6108.55 MB
Available Pagefile: 921.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.48 MB
==================== Drives ================================
Drive b: () (RAMDisk) (Total:48.12 GB) (Free:20.8 GB) NTFS
Drive c: () (Fixed) (Total:48.12 GB) (Free:20.73 GB) NTFS
Drive d: () (Fixed) (Total:97.65 GB) (Free:11.17 GB) NTFS
Drive e: () (Fixed) (Total:20.25 GB) (Free:18.46 GB) NTFS
Drive f: () (Fixed) (Total:74.37 GB) (Free:67 GB) NTFS
Drive g: (Win7_sp1_32-64_EN) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279 GB) (Disk ID: F394F394)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=240 GB) - (Type=05)
==================== End Of Log ============================
P2P software/programs are a major contributor to infections. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
Can you tell me what this is
U2 楗敳潂瑯獁楳瑳湡tI"; 㩆停潲牧浡䘠汩獥坜獩履楗敳䌠牡㘳尵潂瑯楔敭攮數�" [x]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Do you connect to the internet through a Proxy setting?
~~~~~~~~~~~~~~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
AppInit_DLLs: ~ => File Not Found
FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\user.js
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\staged [2014-01-23]
S2 BrowserDefendert; No ImagePath
C:\Users\Michael\Network_Meter_Data.js
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ufxl1.dll
C:\Users\Michael\AppData\Local\Temp\htmlayout.dll
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Junkware-Removal-Tool-
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Vista / 7 / 8 users:
You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~~~`
In your next reply please post:
Fix.txt
C:\AdwCleaner[S1].txt
JRT.txt
mikewill
2014-01-31, 23:54
Dear Juliet,
I have no idea what is
U2 楗敳潂瑯獁楳瑳湡tI"; 㩆停潲牧浡䘠汩獥坜獩履楗敳䌠牡㘳尵潂瑯楔敭攮數�" [x]
Where did you saw this? It looks like Chinese or something...
Previously, I run GMER Antirootkit, and it detected something similar, but instead of Chinese characters there were question marks ..???..
When I tried to delete this rootkit via GMER, I ended up with the "BLUE Screen of Death"
--
I use proxies very rarely. Normally, I connect to the internet directly.
--
Here is the Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
Ran by Michael at 2014-02-01 03:04:29 Run:1
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
AppInit_DLLs: ~ => File Not Found
FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\user.js
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\staged [2014-01-23]
S2 BrowserDefendert; No ImagePath
C:\Users\Michael\Network_Meter_Data.js
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ufxl1.dll
C:\Users\Michael\AppData\Local\Temp\htmlayout.dll
end
*****************
"~" => Value Data removed successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\user.js => Moved successfully.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\staged => Moved successfully.
BrowserDefendert => Service deleted successfully.
C:\Users\Michael\Network_Meter_Data.js => Moved successfully.
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ufxl1.dll => Moved successfully.
C:\Users\Michael\AppData\Local\Temp\htmlayout.dll => Moved successfully.
==== End of Fixlog ====
--
Here is the AdwCleaner[S0].txt
# AdwCleaner v3.018 - Report created 01/02/2014 at 03:44:12
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Michael - MICHAEL-PC
# Running from : C:\Users\Michael\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : BrowserDefendert
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Users\Michael\Inbox
Folder Deleted : C:\Users\Michael\AppData\Local\SwvUpdater
File Deleted : C:\Windows\System32\Tasks\BrowserDefendert
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
***** [ Shortcuts ] *****
***** [ Registry ] *****
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74762E07-6AD1-4AD4-A2C8-172C853F7A79}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74762E07-6AD1-4AD4-A2C8-172C853F7A79}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C2DFBAD-B12C-48EA-B671-28FF48E2B395}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C2DFBAD-B12C-48EA-B671-28FF48E2B395}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\86dcdae13dbe15
Key Deleted : HKLM\SOFTWARE\86dcdae13dbe15
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\prefs.js ]
-\\ Google Chrome v32.0.1700.102
[ File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3986 octets] - [01/02/2014 03:37:14]
AdwCleaner[S0].txt - [4027 octets] - [01/02/2014 03:44:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4087 octets] ##########
--
Here is the contents of JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x86
Ran by Michael on 01-Feb-14 at 4:03:25.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3422875488-3658502439-2224259970-1000\Software\sweetim
~~~ Files
Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-Feb-14 at 4:05:12.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
I want to let you know the following:
I am still unable to install the following file offered by Windows Update.
nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware - NVIDIA GeForce GT 630
Download size: 183.6 MB
Error Code: 80243004 - an unknown error.
And also, updates to NVIDIA GeForce GT 630 - graphics card:
Not Installed:
PhysX System Software 9.13.0725
3D Vision Controller Driver 332.21
HD Audio Driver 1.3 30.1
Microsoft .NET Framework 4
Graphics Driver 332.21
NVIDIA GeForce Experience 1.8.1
3D Vision Driver 332.21
====
Thank you for your help.
Other then the windows update not working how's your computer?
I am still unable to install the following file offered by Windows Update.
nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware - NVIDIA GeForce GT 630
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/nvidia-graphics-adapter-wddm11-graphics-adapter/b1412d52-f599-43a3-95f4-df3537478ab4
Appears to be an issue several have had, read over that link, some are ignoring it and some went to the NVIDIA site and are still confused.
*****************
Concerning this:
楗敳潂瑯獁楳瑳湡tI"; 㩆停潲牧浡䘠汩獥坜獩履楗敳䌠牡㘳尵潂瑯楔敭攮數
from what I can find is the scanner finds it as Undetermined and set as auto......U=Undetermined. 2=Auto,
Let's try a different scanner and see if it can pick up on it.
Please download Malwarebytes Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.
mikewill
2014-02-01, 11:49
Dear Juliet,
First of all, the good news.
I scanned my system w/Spybot S&D and it fixed all the problems - no Delta.Tollbar was found. So, I think that the problem with Delta.Tollbar is resolved.
I also run the Malwarebytes Anti-Rootkit, and the scan found nothing - No malware found!
My system on the other hand is still sluggish. It takes quite a while for the programs to start, and the mouse is oftentimes is stuck/unaccessible.
Also there is a problem with NVIDIA GeForce Experience 1.8.1 - can't install updates:
NVIDIA Installer failed - it reports that the following components Not Installed:
Microsoft .Net Framework version 4
NVIDIA GeForce Experience version 1.8.1
Rather than that, the system is working.
I also tried to email to GMER, but unfortunately, didn't get any reply.
Glad to here it found nothing and the Delta tool bar is gone.
Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..
~~~~~~~~~~~~~~~~~~
http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Download HijackThis
Go Here (http://www.bleepingcomputer.com/download/hijackthis/dl/90/) to download HijackThis program
Save HijackThis to your desktop.
Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
copy and paste hijackthis report into the topic
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I'd like for you to run one more scan, let's ensure nothing is lurking around in the background. Do not be alarmed if you see it finding things because I do expect items in quarantine folders to be there.
This scan is very thorough and can take quite a time to complete, please be patient.
~~~~~~~~~~~~~~~~~
Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish
*************************************
Please post the following logs:
MBAM log
HJT log
Eset log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now, the graphic card issue is kind of out of my field of knowledge, I can offer links to read over and see if it can list help what to do.
Before you try to tackle the error with the issues from windows update please follow the instructions above.
http://www.microsoft.com/en-us/download/details.aspx?id=17851#
Microsoft .NET Framework 4 (Web Installer)
http://pcsupport.about.com/b/2014/01/10/nvidia-drivers-windows-7-8-vista-xp.htm
also read Comments by other users here with the same or similar issues.
https://forums.geforce.com/default/topic/660333/geforce-experience-1-8-1-shadowplay-vs-microsoft-media-center-pack/
http://www.sevenforums.com/graphic-cards/200003-install-failure-nvidia-drivers-2.html
http://www.bleepingcomputer.com/forums/t/502004/nvidia-driver-30783-wont-install/
mikewill
2014-02-02, 00:01
Dear Juliet,
I already have the Malwarebytes' Anti-Malware installed on my system, and as a matter of fact, I run it daily. Anyhow, here is the log of the last scan I made with my Malwarebytes' Anti-Malware:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.01.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Michael :: MICHAEL-PC [administrator]
Protection: Enabled
02-Feb-14 02:52:54
mbam-log-2014-02-02 (02-52-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215037
Time elapsed: 9 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
__________________
Here is HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:13:17, on 02-Feb-14
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
F:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
F:\Program Files\Process Lasso\processgovernor.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
F:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
F:\Program Files\System Explorer\SystemExplorer.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\Program Files\Bluetooth Suite\BtvStack.exe
F:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
F:\Program Files\WordWeb\wweb32.exe
F:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files\uTorrent\uTorrent.exe
F:\Program Files\tinySpell\tinyspell.exe
F:\Program Files\Ditto\Ditto.exe
F:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\Drive\googledrivesync.exe
F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
F:\Program Files\Internet Download Manager\IDMan.exe
F:\Downloads\Programs\VectorClock-Sunset.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
F:\Program Files\PhraseExpress\phraseexpress.exe
F:\Program Files\Glary Utilities 4\Integrator.exe
C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Drive\googledrivesync.exe
F:\PROGRA~1\DU Meter\DUMeter.exe
F:\Program Files\Internet Download Manager\IEMonitor.exe
F:\Program Files\Samsung\Kies\KiesTrayAgent.exe
F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
F:\Program Files\Samsung\Kies\KiesAirMessage.exe
F:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
F:\Program Files\LastPass\nplastpass.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
F:\Program Files\Win32Pad\win32pad.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Users\Michael\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - F:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - F:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - F:\Program Files\LastPass\LPToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - F:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - F:\Program Files\LastPass\LPToolbar.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - F:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "F:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AtherosBtStack] "F:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "F:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: "F:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IAStorIcon] "F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [Everything] "F:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s
O4 - HKLM\..\Run: [WordWeb] "F:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKLM\..\Run: [Classic Start Menu] "F:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [tinySpell] F:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [Ditto] F:\Program Files\Ditto\Ditto.exe
O4 - HKCU\..\Run: [DU Meter] "F:\Program Files\DU Meter\DUMeter.exe" /autostart
O4 - HKCU\..\Run: [Rainlendar2] F:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
O4 - HKCU\..\Run: [OfficeSyncProcess] "F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [Programs\Vector-Clock_VectorClock-Sunset] "F:\Downloads\Programs\VectorClock-Sunset.exe"
O4 - HKCU\..\Run: [GUDelayStartup] F:\Program Files\Glary Utilities 4\StartupManager.exe -delayrun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Ditto] F:\Program Files\Ditto\Ditto.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [DU Meter] "F:\Program Files\DU Meter\DUMeter.exe" /autostart (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [KiesAirMessage] F:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Rainlendar2] F:\Program Files\Rainlendar2\Rainlendar2.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [OfficeSyncProcess] "F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Programs\Vector-Clock_VectorClock-Sunset] "F:\Downloads\Programs\VectorClock-Sunset.exe" (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe
O4 - Global Startup: PhraseExpress.lnk = F:\Program Files\PhraseExpress\phraseexpress.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - F:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\Michael\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Michael\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://F:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - F:\Program Files\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - F:\Program Files\LastPass\LPToolbar.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - F:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - F:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - F:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - F:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B0CAEBB-C1A5-485A-A9DD-69DFA29FF048}: NameServer = 8.8.8.8,8.8.4.4,
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D455361-BC46-4759-9F56-A31844B9B5F5}: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B0CAEBB-C1A5-485A-A9DD-69DFA29FF048}: NameServer = 8.8.8.8,8.8.4.4,
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B0CAEBB-C1A5-485A-A9DD-69DFA29FF048}: NameServer = 8.8.8.8,8.8.4.4,
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - F:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI Tech Co., Ltd. - F:\Program Files\AOMEI Backupper\ABService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - F:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - F:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - Logitech, Inc. - (no file)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - F:\Program Files\System Explorer\service\SystemExplorerService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - F:\Program Files\Wise\Wise Care 365\BootTime.exe
--
End of file - 20563 bytes
___________________
Here is the [B]ESETSCAN log:
C:\ProgramData\InstallMate\{2A6BC1EC-5E54-45D1-A73A-1676F188E31A}\Custom.dll Win32/InstalleRex.M application
C:\ProgramData\InstallMate\{5FEA8DDE-808E-4CE1-AE0A-C8AC8409AF28}\Custom.dll Win32/InstalleRex.L application
C:\ProgramData\InstallMate\{81D582C8-C4D0-4F3F-ADD4-8CF25A36A03E}\Custom.dll Win32/InstalleRex.L application
C:\ProgramData\InstallMate\{93BCC2D7-1367-4C41-AEAA-5B45485FE021}\Custom.dll Win32/InstalleRex.L application
C:\ProgramData\InstallMate\{F863596D-E44D-4B59-A9B2-AC6F23807B9B}\Custom.dll Win32/InstalleRex.L application
C:\Users\All Users\InstallMate\{2A6BC1EC-5E54-45D1-A73A-1676F188E31A}\Custom.dll Win32/InstalleRex.M application
C:\Users\All Users\InstallMate\{5FEA8DDE-808E-4CE1-AE0A-C8AC8409AF28}\Custom.dll Win32/InstalleRex.L application
C:\Users\All Users\InstallMate\{81D582C8-C4D0-4F3F-ADD4-8CF25A36A03E}\Custom.dll Win32/InstalleRex.L application
C:\Users\All Users\InstallMate\{93BCC2D7-1367-4C41-AEAA-5B45485FE021}\Custom.dll Win32/InstalleRex.L application
C:\Users\All Users\InstallMate\{F863596D-E44D-4B59-A9B2-AC6F23807B9B}\Custom.dll Win32/InstalleRex.L application
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Win32/AdWare.1ClickDownload.AQ application
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 Win32/Somoto.A application
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000 Win32/AdWare.1ClickDownload.AQ application
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001 Win32/AdWare.1ClickDownload.AQ application
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000 Win32/AdWare.1ClickDownload.AQ application
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000 Win32/Somoto.A application
C:\Users\Michael\Desktop\u1301.exe Win32/UltraReach.AF application
D:\Downloads\Programs\du.meter.6.0x-patch.rar.2233.gzquar a variant of Win32/HackTool.Patcher.AD application
D:\Downloads\Programs\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application
D:\Downloads\Torrents\Microsoft Office Enterprise 2010 Corporate.zip a variant of MSIL/HackKMS.A application
D:\Downloads\Torrents\Auslogics BoostSpeed 6.4.2.0\Auslogics BoostSpeed 6.4.2.0.zip a variant of Win32/Amonetize.AA application
D:\Downloads\Torrents\Battery.Calibration.v2.1-AnDrOiD\Battery Calibration v2.1-AnDrOiD.apk a variant of Android/Adware.AirPush.G application
D:\Downloads\Torrents\Kindle new Library 2012 by naxyyidz\Kindle new Library 2012 by naxyyidz.rar a variant of Win32/BHO.OEG trojan
D:\Downloads\Torrents\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA\Windows.7.SP1.ENG.x86-x64.MAFIAA.iso multiple threats
D:\Downloads\Torrents\Windows Loader v2.2.1. DAZ crack 7\windows loader v2.2.1.exe.3098.gzquar multiple threats
E:\Downloads\Programs\Tweak-Me!-1.3.0.0-Setup.exe Win32/OpenCandy application
F:\Downloads\Antony.Lewis.WordWeb.Pro.Ultimate.Reference.Bundle.v6.8.Retail.Incl.Keygen-BRD.part1.exe Win32/Adware.1ClickDownload.W application
F:\Downloads\ThaiTV.apk a variant of Android/Adware.AirPush.J application
F:\Downloads\Compressed\Android.Application.KeysP2P.rar a variant of Android/Adware.Viser.A application
F:\Downloads\Compressed\DownloadHashVerifier.zip a variant of Win32/SecurityXploded.A application
F:\Downloads\Compressed\idm_ultraedit_20.00.0.1037.rar.8578.gzquar a variant of Win32/Keygen.AU application
F:\Downloads\Compressed\rainlendar.pro.2.12.build.136_2.rar.32615.gzquar a variant of Win32/Keygen.GY application
F:\Downloads\Compressed\u.zip Win32/UltraReach.AF application
F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012.rar a variant of Android/Adware.Viser.A application
F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012\Android Keys Collection 2012\Poweramp Full Version Unlocker.apk a variant of Android/Adware.Viser.A application
F:\Downloads\Programs\ccsetup410.exe Win32/Bundled.Toolbar.Google.D application
F:\Downloads\Programs\disk-defrag-setup_2.exe Win32/InstallMonetizer.AQ application
F:\Downloads\Programs\ninja-setup-2.4.5.exe Win32/OpenCandy application
F:\Downloads\Programs\Riot-setup.exe Win32/OpenCandy application
F:\Downloads\Programs\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E application
F:\Program Files\SecurityXploded\DownloadHashVerifier\DownloadHashVerifier.exe a variant of Win32/SecurityXploded.A application
--
You had a severely infected machine. I'm going to try and help you out here but I do know there are files found that are pirated, illegal and that is unacceptable.
The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.
All items can be found using http://www.bleepingcomputer.com/startups/ startup items database
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "F:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKLM\..\Run: "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AtherosBtStack] "F:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "F:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: "F:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Everything] "F:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WordWeb] "F:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [tinySpell] F:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [Ditto] F:\Program Files\Ditto\Ditto.exe
O4 - HKCU\..\Run: [DU Meter] "F:\Program Files\DU Meter\DUMeter.exe" /autostart
O4 - HKCU\..\Run: [OfficeSyncProcess] "F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Ditto] F:\Program Files\Ditto\Ditto.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'UpdatusUser')O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [DU Meter] "F:\Program Files\DU Meter\DUMeter.exe" /autostart (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [KiesAirMessage] F:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [OfficeSyncProcess] "F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" (User 'UpdatusUser')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
after you check these items, of course some you may not want to, please reboot the computer to set the registry.
~~~~~~~~~~~~~~~~~~~~~`
NEXT
Need to delete the malicious files found.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as [b]fixlist.txt
[u]NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\Users\All Users\InstallMate
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000
C:\Users\Michael\Desktop\u1301.exe
D:\Downloads\Programs\du.meter.6.0x-patch.rar.2233.gzquar
D:\Downloads\Programs\SetupImgBurn_2.5.7.0.exe
D:\Downloads\Torrents\Microsoft Office Enterprise 2010 Corporate.zip
D:\Downloads\Torrents\Auslogics BoostSpeed 6.4.2.0\Auslogics BoostSpeed 6.4.2.0.zip
D:\Downloads\Torrents\Battery.Calibration.v2.1-AnDrOiD\Battery Calibration v2.1-AnDrOiD.apk
D:\Downloads\Torrents\Kindle new Library 2012 by naxyyidz\Kindle new Library 2012 by naxyyidz.rar
:\Downloads\Torrents\Windows Loader v2.2.1. DAZ crack 7\windows loader v2.2.1.exe.
E:\Downloads\Programs\Tweak-Me!-1.3.0.0-Setup.exe
F:\Downloads\Antony.Lewis.WordWeb.Pro.Ultimate.Reference.Bundle.v6.8.Retail.Incl.Keygen-BRD.part1.exe
F:\Downloads\ThaiTV.apk
F:\Downloads\Compressed\Android.Application.KeysP2P.rar
F:\Downloads\Compressed\DownloadHashVerifier.zip
F:\Downloads\Compressed\idm_ultraedit_20.00.0.1037.rar.8578.gzquar
F:\Downloads\Compressed\rainlendar.pro.2.12.build.136_2.rar.32615.gzquar
F:\Downloads\Compressed\u.zip
F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012.rar
F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012\Android Keys Collection 2012\Poweramp Full Version Unlocker.apk
F:\Downloads\Programs\ccsetup410.exe
F:\Downloads\Programs\disk-defrag-setup_2.exe
F:\Downloads\Programs\ninja-setup-2.4.5.exe
F:\Downloads\Programs\Riot-setup.exe
F:\Downloads\Programs\Unlocker1.9.2.exe
F:\Program Files\SecurityXploded\DownloadHashVerifier\DownloadHashVerifier.exe
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
~~~~~~~~~~~~~~~~~~~~~~~~
Fixlog.txt <-- Please post it to your reply
~~~~~~~~~~~~~
Forum Policy
I strongly suggest you remove any cracked software that is installed, we do not approve nor will we provide support in the future for problems produced because of illegal software.
Don't download/run keygens or cracks..Most are infected by some kind of malware.
At the least you get adware popups and junk links to junk sites.
At worst -- system could be destroyed resulting in need to do total wipe/re-install & personal info such as credit card numbers/bank passwords stolen.
Many of the keygens uploaded to p2p sites are done so by infected systems and are named in such a way to make them look like awsome downloads.
Most victims don't even know they are sharing worms....Others are script kiddies uploading crapware because they think its funny.
Crack sites are just as bad.
Simply visiting the site out of curosity just to see if a "crack" is even available without downloading can get you infected because the sites themselves take advantage of exploitable software/OS to infect it.
mikewill
2014-02-02, 12:20
Dear Juliet,
Here is the Fixlog.txt log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
Ran by Michael at 2014-02-02 16:56:44 Run:2
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Users\All Users\InstallMate
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000
C:\Users\Michael\Desktop\u1301.exe
D:\Downloads\Programs\du.meter.6.0x-patch.rar.2233.gzquar
D:\Downloads\Programs\SetupImgBurn_2.5.7.0.exe
D:\Downloads\Torrents\Microsoft Office Enterprise 2010 Corporate.zip
D:\Downloads\Torrents\Auslogics BoostSpeed 6.4.2.0\Auslogics BoostSpeed 6.4.2.0.zip
D:\Downloads\Torrents\Battery.Calibration.v2.1-AnDrOiD\Battery Calibration v2.1-AnDrOiD.apk
D:\Downloads\Torrents\Kindle new Library 2012 by naxyyidz\Kindle new Library 2012 by naxyyidz.rar
:\Downloads\Torrents\Windows Loader v2.2.1. DAZ crack 7\windows loader v2.2.1.exe.
E:\Downloads\Programs\Tweak-Me!-1.3.0.0-Setup.exe
F:\Downloads\Antony.Lewis.WordWeb.Pro.Ultimate.Reference.Bundle.v6.8.Retail.Incl.Keygen-BRD.part1.exe
F:\Downloads\ThaiTV.apk
F:\Downloads\Compressed\Android.Application.KeysP2P.rar
F:\Downloads\Compressed\DownloadHashVerifier.zip
F:\Downloads\Compressed\idm_ultraedit_20.00.0.1037.rar.8578.gzquar
F:\Downloads\Compressed\rainlendar.pro.2.12.build.136_2.rar.32615.gzquar
F:\Downloads\Compressed\u.zip
F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012.rar
F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012\Android Keys Collection 2012\Poweramp Full Version Unlocker.apk
F:\Downloads\Programs\ccsetup410.exe
F:\Downloads\Programs\disk-defrag-setup_2.exe
F:\Downloads\Programs\ninja-setup-2.4.5.exe
F:\Downloads\Programs\Riot-setup.exe
F:\Downloads\Programs\Unlocker1.9.2.exe
F:\Program Files\SecurityXploded\DownloadHashVerifier\DownloadHashVerifier.exe
end
*****************
C:\Users\All Users\InstallMate => Moved successfully.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 => Moved successfully.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 => Moved successfully.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000 => Moved successfully.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001 => Moved successfully.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000 => Moved successfully.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000 => Moved successfully.
C:\Users\Michael\Desktop\u1301.exe => Moved successfully.
D:\Downloads\Programs\du.meter.6.0x-patch.rar.2233.gzquar => Moved successfully.
D:\Downloads\Programs\SetupImgBurn_2.5.7.0.exe => Moved successfully.
D:\Downloads\Torrents\Microsoft Office Enterprise 2010 Corporate.zip => Moved successfully.
D:\Downloads\Torrents\Auslogics BoostSpeed 6.4.2.0\Auslogics BoostSpeed 6.4.2.0.zip => Moved successfully.
D:\Downloads\Torrents\Battery.Calibration.v2.1-AnDrOiD\Battery Calibration v2.1-AnDrOiD.apk => Moved successfully.
D:\Downloads\Torrents\Kindle new Library 2012 by naxyyidz\Kindle new Library 2012 by naxyyidz.rar => Moved successfully.
E:\Downloads\Programs\Tweak-Me!-1.3.0.0-Setup.exe => Moved successfully.
F:\Downloads\Antony.Lewis.WordWeb.Pro.Ultimate.Reference.Bundle.v6.8.Retail.Incl.Keygen-BRD.part1.exe => Moved successfully.
F:\Downloads\ThaiTV.apk => Moved successfully.
F:\Downloads\Compressed\Android.Application.KeysP2P.rar => Moved successfully.
F:\Downloads\Compressed\DownloadHashVerifier.zip => Moved successfully.
F:\Downloads\Compressed\idm_ultraedit_20.00.0.1037.rar.8578.gzquar => Moved successfully.
F:\Downloads\Compressed\rainlendar.pro.2.12.build.136_2.rar.32615.gzquar => Moved successfully.
F:\Downloads\Compressed\u.zip => Moved successfully.
F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012.rar => Moved successfully.
F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012\Android Keys Collection 2012\Poweramp Full Version Unlocker.apk => Moved successfully.
F:\Downloads\Programs\ccsetup410.exe => Moved successfully.
F:\Downloads\Programs\disk-defrag-setup_2.exe => Moved successfully.
F:\Downloads\Programs\ninja-setup-2.4.5.exe => Moved successfully.
F:\Downloads\Programs\Riot-setup.exe => Moved successfully.
F:\Downloads\Programs\Unlocker1.9.2.exe => Moved successfully.
F:\Program Files\SecurityXploded\DownloadHashVerifier\DownloadHashVerifier.exe => Moved successfully.
==== End of Fixlog ====
--
Do I need to post HijackThis new log?
Thank you.
How is the computer at the moment?
mikewill
2014-02-02, 12:52
Dear Juliet,
The PC is working normally, as far as I can see. Although, I didn't have enough time to try things.
I do not know if it is related, but my downloads are very slow at the moment.
Thank you.
no idea whats up with download speeds, continue to monitor it for now.
mikewill
2014-02-02, 15:25
Dear Juliet,
So far, I didn't notice any significant improvements in system behavior. Sluggishness and mouse inaccessibility is the same as it was before.
Also, the GMER is still reporting the same rootkit possibility. "GMER has found system modification caused by ROOTKIT activvity."
Service ??????????????????????????" (*** hidden *** ) [AUTO] <-- ROOTKIT !!!
If you want, I'll post a full log.
I'll post a full log.
just the part where it identifies the infection or we'll have a very big/long log.
Also,
Step 1.
TDSSKiller:
Please read carefully and follow these steps.
Doubleclick on TDSSKiller.exe on your desktop to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
mikewill
2014-02-02, 18:37
Dear Juliet,
Kaspersky TDSSKiller v2.8.16.0.
The scan found NO Threats. Here is a report:
23:21:17.0585 1380 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:21:18.0945 1380 ============================================================
23:21:18.0945 1380 Current date / time: 2014/02/02 23:21:18.0945
23:21:18.0945 1380 SystemInfo:
23:21:18.0945 1380
23:21:18.0945 1380 OS Version: 6.1.7601 ServicePack: 1.0
23:21:18.0945 1380 Product type: Workstation
23:21:18.0945 1380 ComputerName: MICHAEL-PC
23:21:18.0945 1380 UserName: Michael
23:21:18.0945 1380 Windows directory: C:\Windows
23:21:18.0945 1380 System windows directory: C:\Windows
23:21:18.0945 1380 Processor architecture: Intel x86
23:21:18.0945 1380 Number of processors: 4
23:21:18.0945 1380 Page size: 0x1000
23:21:18.0945 1380 Boot type: Normal boot
23:21:18.0945 1380 ============================================================
23:21:19.0772 1380 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:21:19.0812 1380 ============================================================
23:21:19.0812 1380 \Device\Harddisk0\DR0:
23:21:20.0014 1380 MBR partitions:
23:21:20.0014 1380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
23:21:20.0038 1380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0xC34F28D
23:21:20.0055 1380 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1116E136, BlocksNum 0x287E254
23:21:20.0066 1380 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x139EC3CA, BlocksNum 0x94BFD6D
23:21:20.0076 1380 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x1CEAC800, BlocksNum 0x603E000
23:21:20.0076 1380 ============================================================
23:21:20.0183 1380 C: <-> \Device\Harddisk0\DR0\Partition5
23:21:20.0219 1380 D: <-> \Device\Harddisk0\DR0\Partition2
23:21:20.0245 1380 E: <-> \Device\Harddisk0\DR0\Partition3
23:21:20.0285 1380 F: <-> \Device\Harddisk0\DR0\Partition4
23:21:20.0285 1380 ============================================================
23:21:20.0285 1380 Initialize success
23:21:20.0285 1380 ============================================================
23:21:29.0366 8596 ============================================================
23:21:29.0366 8596 Scan started
23:21:29.0367 8596 Mode: Manual;
23:21:29.0367 8596 ============================================================
23:21:30.0042 8596 ================ Scan system memory ========================
23:21:30.0042 8596 System memory - ok
23:21:30.0043 8596 ================ Scan services =============================
23:21:30.0175 8596 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:21:30.0177 8596 1394ohci - ok
23:21:30.0197 8596 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:21:30.0229 8596 ACPI - ok
23:21:30.0248 8596 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:21:30.0248 8596 AcpiPmi - ok
23:21:30.0375 8596 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:21:30.0393 8596 Adobe LM Service - ok
23:21:30.0445 8596 [ 8D268693A6DCE3D7319DF14834841BAF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:21:30.0446 8596 AdobeFlashPlayerUpdateSvc - ok
23:21:30.0471 8596 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:21:30.0477 8596 adp94xx - ok
23:21:30.0498 8596 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:21:30.0502 8596 adpahci - ok
23:21:30.0520 8596 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:21:30.0522 8596 adpu320 - ok
23:21:30.0546 8596 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:21:30.0547 8596 AeLookupSvc - ok
23:21:30.0580 8596 [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD C:\Windows\system32\drivers\afd.sys
23:21:30.0583 8596 AFD - ok
23:21:30.0612 8596 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:21:30.0614 8596 agp440 - ok
23:21:30.0643 8596 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:21:30.0645 8596 aic78xx - ok
23:21:30.0661 8596 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:21:30.0662 8596 ALG - ok
23:21:30.0678 8596 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
23:21:30.0678 8596 aliide - ok
23:21:30.0697 8596 [ DEB88D6B0D7CE5FB78FC4AB88E6B0C43 ] ambakdrv C:\Windows\system32\ambakdrv.sys
23:21:30.0698 8596 ambakdrv - ok
23:21:30.0712 8596 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:21:30.0713 8596 amdagp - ok
23:21:30.0736 8596 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
23:21:30.0736 8596 amdide - ok
23:21:30.0750 8596 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:21:30.0751 8596 AmdK8 - ok
23:21:30.0762 8596 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:21:30.0763 8596 AmdPPM - ok
23:21:30.0794 8596 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:21:30.0795 8596 amdsata - ok
23:21:30.0810 8596 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:21:30.0812 8596 amdsbs - ok
23:21:30.0822 8596 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:21:30.0823 8596 amdxata - ok
23:21:30.0830 8596 [ 9059308FD5FE4317B6C489CA570567CB ] ammntdrv C:\Windows\system32\ammntdrv.sys
23:21:30.0832 8596 ammntdrv - ok
23:21:30.0862 8596 [ A913BE84E18FB1A92853AB7525B448F9 ] ampa C:\Windows\system32\ampa.sys
23:21:30.0863 8596 ampa - ok
23:21:30.0887 8596 [ 9D6956A382EE791013B3FE4B7206D8C7 ] amwrtdrv C:\Windows\system32\amwrtdrv.sys
23:21:30.0888 8596 amwrtdrv - ok
23:21:30.0901 8596 [ 2F8616646215EEDB28C2E40994DB8E38 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
23:21:30.0901 8596 androidusb - ok
23:21:30.0991 8596 [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
23:21:30.0992 8596 AppHostSvc - ok
23:21:31.0026 8596 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
23:21:31.0027 8596 AppID - ok
23:21:31.0053 8596 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:21:31.0054 8596 AppIDSvc - ok
23:21:31.0088 8596 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
23:21:31.0089 8596 Appinfo - ok
23:21:31.0107 8596 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
23:21:31.0109 8596 arc - ok
23:21:31.0122 8596 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:21:31.0124 8596 arcsas - ok
23:21:31.0158 8596 [ 997E2A930987B5B417C2684C7C4B9156 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
23:21:31.0159 8596 asmthub3 - ok
23:21:31.0197 8596 [ EEC4742AA8FDD5FEBDACC566514CC3AD ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
23:21:31.0200 8596 asmtxhci - ok
23:21:31.0337 8596 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:21:31.0338 8596 aspnet_state - ok
23:21:31.0363 8596 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:21:31.0364 8596 AsyncMac - ok
23:21:31.0384 8596 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
23:21:31.0385 8596 atapi - ok
23:21:31.0411 8596 [ 882EDBAFCC227852C9DCA23EA48D2E78 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
23:21:31.0412 8596 AthBTPort - ok
23:21:31.0445 8596 [ 99925B8EC4FCCDB3992292FBCB31069E ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
23:21:31.0447 8596 ATHDFU - ok
23:21:31.0514 8596 [ 92758ED60F8134E3B844808413F25530 ] AtherosSvc F:\Program Files\Bluetooth Suite\adminservice.exe
23:21:31.0515 8596 AtherosSvc - ok
23:21:31.0552 8596 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:21:31.0559 8596 AudioEndpointBuilder - ok
23:21:31.0565 8596 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:21:31.0566 8596 Audiosrv - ok
23:21:31.0602 8596 [ B5B8FC2C4D520F1F1EED52A980ED5091 ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
23:21:31.0608 8596 avc3 - ok
23:21:31.0637 8596 [ 818E7E029DB594DCB8D6218A7D6FA575 ] avckf C:\Windows\system32\DRIVERS\avckf.sys
23:21:31.0644 8596 avckf - ok
23:21:31.0656 8596 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:21:31.0657 8596 AxInstSV - ok
23:21:31.0692 8596 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
23:21:31.0699 8596 b06bdrv - ok
23:21:31.0736 8596 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:21:31.0740 8596 b57nd60x - ok
23:21:31.0791 8596 [ CEC28A8DD313C36E2B3CD12C30A1B4D0 ] Backupper Service F:\Program Files\AOMEI Backupper\ABService.exe
23:21:31.0792 8596 Backupper Service - ok
23:21:31.0825 8596 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:21:31.0826 8596 BDESVC - ok
23:21:31.0886 8596 [ BC0795019263D9421003008C5211350C ] bdfwfpf F:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys
23:21:31.0889 8596 bdfwfpf - ok
23:21:31.0892 8596 [ 66668490AC6165FDA83089BF71511BF4 ] bdselfpr F:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys
23:21:31.0893 8596 bdselfpr - ok
23:21:31.0911 8596 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:21:31.0912 8596 Beep - ok
23:21:31.0932 8596 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
23:21:31.0937 8596 BFE - ok
23:21:31.0976 8596 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
23:21:31.0982 8596 BITS - ok
23:21:31.0984 8596 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:21:31.0985 8596 blbdrive - ok
23:21:32.0050 8596 [ 9D3719BCB5E78CCAFF5A2B192C0F5B81 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys
23:21:32.0051 8596 BootDefragDriver - ok
23:21:32.0066 8596 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:21:32.0067 8596 bowser - ok
23:21:32.0081 8596 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:21:32.0082 8596 BrFiltLo - ok
23:21:32.0089 8596 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:21:32.0089 8596 BrFiltUp - ok
23:21:32.0113 8596 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
23:21:32.0114 8596 Browser - ok
23:21:32.0156 8596 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:21:32.0158 8596 Brserid - ok
23:21:32.0174 8596 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:21:32.0175 8596 BrSerWdm - ok
23:21:32.0199 8596 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:21:32.0200 8596 BrUsbMdm - ok
23:21:32.0209 8596 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:21:32.0210 8596 BrUsbSer - ok
23:21:32.0240 8596 [ E5B321F18A1D8B6B8DD397D92BA5946A ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
23:21:32.0243 8596 BTATH_A2DP - ok
23:21:32.0266 8596 [ F60E0C722442EA91F0C253B7814D8192 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
23:21:32.0267 8596 BTATH_BUS - ok
23:21:32.0298 8596 [ F31E369DB8258B28E3DCF66705AEA9E9 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
23:21:32.0301 8596 BTATH_HCRP - ok
23:21:32.0335 8596 [ 6651798266FDE23159D961463A63A77D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
23:21:32.0337 8596 BTATH_LWFLT - ok
23:21:32.0349 8596 [ 08EF5298DF80BC136523BCD2ED8B9C37 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
23:21:32.0351 8596 BTATH_RCP - ok
23:21:32.0366 8596 [ EF6269EAB772989E338BA4C833093BAC ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
23:21:32.0368 8596 BtFilter - ok
23:21:32.0391 8596 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
23:21:32.0392 8596 BthEnum - ok
23:21:32.0406 8596 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:21:32.0407 8596 BTHMODEM - ok
23:21:32.0429 8596 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:21:32.0431 8596 BthPan - ok
23:21:32.0471 8596 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
23:21:32.0477 8596 BTHPORT - ok
23:21:32.0509 8596 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:21:32.0510 8596 bthserv - ok
23:21:32.0523 8596 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
23:21:32.0524 8596 BTHUSB - ok
23:21:32.0554 8596 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:21:32.0556 8596 cdfs - ok
23:21:32.0570 8596 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:21:32.0572 8596 cdrom - ok
23:21:32.0598 8596 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
23:21:32.0598 8596 CertPropSvc - ok
23:21:32.0613 8596 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
23:21:32.0614 8596 circlass - ok
23:21:32.0651 8596 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:21:32.0655 8596 CLFS - ok
23:21:32.0704 8596 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:21:32.0706 8596 clr_optimization_v2.0.50727_32 - ok
23:21:32.0731 8596 [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:21:32.0733 8596 clr_optimization_v4.0.30319_32 - ok
23:21:32.0746 8596 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:21:32.0746 8596 CmBatt - ok
23:21:32.0766 8596 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:21:32.0766 8596 cmdide - ok
23:21:32.0798 8596 [ 85449EEBE8F8EBD6481EFBF0F352B4EB ] CNG C:\Windows\system32\Drivers\cng.sys
23:21:32.0804 8596 CNG - ok
23:21:32.0808 8596 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:21:32.0810 8596 Compbatt - ok
23:21:32.0843 8596 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:21:32.0845 8596 CompositeBus - ok
23:21:32.0848 8596 COMSysApp - ok
23:21:32.0851 8596 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:21:32.0852 8596 crcdisk - ok
23:21:32.0874 8596 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:21:32.0876 8596 CryptSvc - ok
23:21:32.0913 8596 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:21:32.0915 8596 DcomLaunch - ok
23:21:32.0946 8596 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:21:32.0950 8596 defragsvc - ok
23:21:32.0965 8596 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:21:32.0982 8596 DfsC - ok
23:21:33.0017 8596 [ EDF7F8387C2072205ABCF105F14B13B4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
23:21:33.0018 8596 dg_ssudbus - ok
23:21:33.0048 8596 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:21:33.0052 8596 Dhcp - ok
23:21:33.0061 8596 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:21:33.0062 8596 discache - ok
23:21:33.0069 8596 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
23:21:33.0070 8596 Disk - ok
23:21:33.0097 8596 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:21:33.0099 8596 Dnscache - ok
23:21:33.0125 8596 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
23:21:33.0127 8596 dot3svc - ok
23:21:33.0163 8596 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
23:21:33.0165 8596 DPS - ok
23:21:33.0194 8596 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:21:33.0195 8596 drmkaud - ok
23:21:33.0245 8596 [ D19DCBB8C775E71D924BB66D9BFB708C ] DUMeterDrv F:\Program Files\DU Meter\DUMETR32.SYS
23:21:33.0246 8596 DUMeterDrv - ok
23:21:33.0247 8596 DUMeterSvc - ok
23:21:33.0295 8596 [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:21:33.0302 8596 DXGKrnl - ok
23:21:33.0330 8596 [ 43529B8D3655555D4C600538A1C90328 ] e1cexpress C:\Windows\system32\DRIVERS\e1c6232.sys
23:21:33.0333 8596 e1cexpress - ok
23:21:33.0359 8596 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:21:33.0362 8596 EapHost - ok
23:21:33.0543 8596 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
23:21:33.0611 8596 ebdrv - ok
23:21:33.0674 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] EFS C:\Windows\System32\lsass.exe
23:21:33.0675 8596 EFS - ok
23:21:33.0726 8596 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:21:33.0731 8596 ehRecvr - ok
23:21:33.0762 8596 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:21:33.0763 8596 ehSched - ok
23:21:33.0789 8596 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:21:33.0794 8596 elxstor - ok
23:21:33.0807 8596 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:21:33.0808 8596 ErrDev - ok
23:21:33.0837 8596 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:21:33.0838 8596 EventSystem - ok
23:21:33.0850 8596 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:21:33.0852 8596 exfat - ok
23:21:33.0867 8596 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:21:33.0868 8596 fastfat - ok
23:21:33.0910 8596 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
23:21:33.0932 8596 Fax - ok
23:21:33.0954 8596 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
23:21:33.0955 8596 fdc - ok
23:21:33.0969 8596 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:21:33.0969 8596 fdPHost - ok
23:21:33.0982 8596 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:21:33.0983 8596 FDResPub - ok
23:21:33.0990 8596 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:21:33.0991 8596 FileInfo - ok
23:21:34.0003 8596 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:21:34.0004 8596 Filetrace - ok
23:21:34.0018 8596 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:21:34.0019 8596 flpydisk - ok
23:21:34.0037 8596 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:21:34.0040 8596 FltMgr - ok
23:21:34.0092 8596 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
23:21:34.0150 8596 FontCache - ok
23:21:34.0205 8596 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:21:34.0206 8596 FontCache3.0.0.0 - ok
23:21:34.0223 8596 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:21:34.0225 8596 FsDepends - ok
23:21:34.0255 8596 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:21:34.0256 8596 Fs_Rec - ok
23:21:34.0293 8596 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:21:34.0297 8596 fvevol - ok
23:21:34.0315 8596 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:21:34.0317 8596 gagp30kx - ok
23:21:34.0361 8596 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
23:21:34.0369 8596 gpsvc - ok
23:21:34.0423 8596 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:21:34.0424 8596 gupdate - ok
23:21:34.0427 8596 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:21:34.0427 8596 gupdatem - ok
23:21:34.0443 8596 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:21:34.0445 8596 gusvc - ok
23:21:34.0464 8596 [ 46524E4F27A44A86F28772D80BC3CE02 ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
23:21:34.0466 8596 gzflt - ok
23:21:34.0497 8596 [ 771676DB364B444C6333B5F30C7A1755 ] gzserv F:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
23:21:34.0498 8596 gzserv - ok
23:21:34.0511 8596 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:21:34.0512 8596 hcw85cir - ok
23:21:34.0535 8596 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:21:34.0540 8596 HdAudAddService - ok
23:21:34.0560 8596 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:21:34.0561 8596 HDAudBus - ok
23:21:34.0583 8596 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:21:34.0584 8596 HidBatt - ok
23:21:34.0602 8596 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:21:34.0604 8596 HidBth - ok
23:21:34.0618 8596 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:21:34.0619 8596 HidIr - ok
23:21:34.0649 8596 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
23:21:34.0650 8596 hidserv - ok
23:21:34.0670 8596 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:21:34.0671 8596 HidUsb - ok
23:21:34.0696 8596 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:21:34.0697 8596 hkmsvc - ok
23:21:34.0730 8596 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:21:34.0753 8596 HomeGroupListener - ok
23:21:34.0797 8596 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:21:34.0799 8596 HomeGroupProvider - ok
23:21:34.0812 8596 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:21:34.0813 8596 HpSAMD - ok
23:21:34.0836 8596 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:21:34.0841 8596 HTTP - ok
23:21:34.0865 8596 [ 22B142AED14E7385B221539C15AF1568 ] HWiNFO32 C:\Windows\system32\drivers\HWiNFO32.SYS
23:21:34.0865 8596 HWiNFO32 - ok
23:21:34.0870 8596 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:21:34.0871 8596 hwpolicy - ok
23:21:34.0887 8596 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:21:34.0888 8596 i8042prt - ok
23:21:34.0922 8596 [ D339C4CA42E96B710567861F7645AF51 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
23:21:34.0925 8596 iaStorA - ok
23:21:34.0980 8596 [ 20E83F4632E15A5E9E716FF2E8AC7FAE ] IAStorDataMgrSvc F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:21:34.0982 8596 IAStorDataMgrSvc - ok
23:21:35.0011 8596 [ F2AB8BD9DF7B2497ED2A28038140A970 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
23:21:35.0012 8596 iaStorF - ok
23:21:35.0029 8596 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:21:35.0030 8596 iaStorV - ok
23:21:35.0063 8596 [ 203BB2691E7D0088A2C1F9C39C15A9B7 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
23:21:35.0064 8596 IDMWFP - ok
23:21:35.0122 8596 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:21:35.0125 8596 idsvc - ok
23:21:35.0126 8596 IEEtwCollectorService - ok
23:21:35.0153 8596 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:21:35.0154 8596 iirsp - ok
23:21:35.0192 8596 [ B9C54120F46392100478F58F374E5709 ] IKEEXT C:\Windows\System32\ikeext.dll
23:21:35.0198 8596 IKEEXT - ok
23:21:35.0327 8596 [ 816EEF1A714ABF9A633F478EFAC8F24C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:21:35.0404 8596 IntcAzAudAddService - ok
23:21:35.0668 8596 [ 406F3093117E72925DF8C50457E280A1 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:21:35.0672 8596 Intel(R) Capability Licensing Service Interface - ok
23:21:35.0764 8596 [ 0CC925B161F2496AF44E71E91CE42856 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
23:21:35.0769 8596 Intel(R) Capability Licensing Service TCP IP Interface - ok
23:21:35.0847 8596 [ 9097B892CBBB306F04A3852912FBDE9A ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
23:21:35.0849 8596 Intel(R) PROSet Monitoring Service - ok
23:21:35.0866 8596 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
23:21:35.0866 8596 intelide - ok
23:21:35.0908 8596 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:21:35.0908 8596 intelppm - ok
23:21:35.0937 8596 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:21:35.0939 8596 IPBusEnum - ok
23:21:35.0951 8596 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:21:35.0952 8596 IpFilterDriver - ok
23:21:35.0988 8596 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:21:35.0990 8596 iphlpsvc - ok
23:21:36.0004 8596 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:21:36.0005 8596 IPMIDRV - ok
23:21:36.0016 8596 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:21:36.0017 8596 IPNAT - ok
23:21:36.0029 8596 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:21:36.0029 8596 IRENUM - ok
23:21:36.0043 8596 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:21:36.0043 8596 isapnp - ok
23:21:36.0075 8596 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:21:36.0078 8596 iScsiPrt - ok
23:21:36.0147 8596 [ 1128B38EEC9DAF1B36373B65E87C00A3 ] jhi_service C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
23:21:36.0149 8596 jhi_service - ok
23:21:36.0201 8596 [ 9C8C370E7E15F0BB86BC264AD9D8AAFA ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
23:21:36.0202 8596 JRAID - ok
23:21:36.0215 8596 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:21:36.0216 8596 kbdclass - ok
23:21:36.0230 8596 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:21:36.0231 8596 kbdhid - ok
23:21:36.0236 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] KeyIso C:\Windows\system32\lsass.exe
23:21:36.0237 8596 KeyIso - ok
23:21:36.0263 8596 [ F286830298323272260332D6ABC905C1 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:21:36.0263 8596 KSecDD - ok
23:21:36.0280 8596 [ D7C760D57B1656DD748B9E4AB6CB5A51 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:21:36.0281 8596 KSecPkg - ok
23:21:36.0315 8596 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:21:36.0320 8596 KtmRm - ok
23:21:36.0366 8596 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
23:21:36.0370 8596 LanmanServer - ok
23:21:36.0406 8596 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:21:36.0410 8596 LanmanWorkstation - ok
23:21:36.0438 8596 [ 006540C9CDC7E72ADD1435CF778EC674 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:21:36.0440 8596 LHidFilt - ok
23:21:36.0458 8596 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:21:36.0459 8596 lltdio - ok
23:21:36.0489 8596 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:21:36.0492 8596 lltdsvc - ok
23:21:36.0501 8596 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:21:36.0501 8596 lmhosts - ok
23:21:36.0517 8596 [ 3C5BA4B2E4D1180BF9810963A494799A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:21:36.0518 8596 LMouFilt - ok
23:21:36.0534 8596 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:21:36.0536 8596 LSI_FC - ok
23:21:36.0550 8596 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:21:36.0551 8596 LSI_SAS - ok
23:21:36.0560 8596 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:21:36.0561 8596 LSI_SAS2 - ok
23:21:36.0574 8596 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:21:36.0576 8596 LSI_SCSI - ok
23:21:36.0589 8596 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:21:36.0590 8596 luafv - ok
23:21:36.0623 8596 [ 49F629541C91371FE3AAA2F8728555D9 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
23:21:36.0624 8596 LUsbFilt - ok
23:21:36.0651 8596 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
23:21:36.0652 8596 LVPr2Mon - ok
23:21:36.0712 8596 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
23:21:36.0714 8596 LVPrcSrv - ok
23:21:36.0818 8596 [ 37072EC9299E825F4335CC554B6FAC6A ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
23:21:36.0840 8596 LVRS - ok
23:21:37.0059 8596 [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
23:21:37.0266 8596 LVUVC - ok
23:21:37.0294 8596 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:21:37.0295 8596 MBAMProtector - ok
23:21:37.0390 8596 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:21:37.0393 8596 MBAMScheduler - ok
23:21:37.0435 8596 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:21:37.0437 8596 MBAMService - ok
23:21:37.0465 8596 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:21:37.0465 8596 Mcx2Svc - ok
23:21:37.0493 8596 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
23:21:37.0493 8596 megasas - ok
23:21:37.0517 8596 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:21:37.0518 8596 MegaSR - ok
23:21:37.0545 8596 [ D1625B6ADDDE12801DB3C2DF029CFDC2 ] MEI C:\Windows\system32\DRIVERS\TeeDriver.sys
23:21:37.0547 8596 MEI - ok
23:21:37.0582 8596 Microsoft SharePoint Workspace Audit Service - ok
23:21:37.0621 8596 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:21:37.0623 8596 MMCSS - ok
23:21:37.0637 8596 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:21:37.0638 8596 Modem - ok
23:21:37.0662 8596 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:21:37.0662 8596 monitor - ok
23:21:37.0673 8596 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:21:37.0673 8596 mouclass - ok
23:21:37.0685 8596 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:21:37.0685 8596 mouhid - ok
23:21:37.0698 8596 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:21:37.0698 8596 mountmgr - ok
23:21:37.0717 8596 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:21:37.0718 8596 MozillaMaintenance - ok
23:21:37.0745 8596 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
23:21:37.0746 8596 MpFilter - ok
23:21:37.0771 8596 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:21:37.0771 8596 mpio - ok
23:21:37.0786 8596 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:21:37.0786 8596 mpsdrv - ok
23:21:37.0826 8596 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:21:37.0829 8596 MpsSvc - ok
23:21:37.0851 8596 [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:21:37.0852 8596 MRxDAV - ok
23:21:37.0874 8596 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:21:37.0875 8596 mrxsmb - ok
23:21:37.0904 8596 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:21:37.0906 8596 mrxsmb10 - ok
23:21:37.0922 8596 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:21:37.0923 8596 mrxsmb20 - ok
23:21:37.0937 8596 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
23:21:37.0938 8596 msahci - ok
23:21:37.0955 8596 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:21:37.0955 8596 msdsm - ok
23:21:37.0969 8596 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:21:37.0970 8596 MSDTC - ok
23:21:37.0987 8596 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:21:37.0988 8596 Msfs - ok
23:21:37.0995 8596 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:21:37.0996 8596 mshidkmdf - ok
23:21:38.0004 8596 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:21:38.0005 8596 msisadrv - ok
23:21:38.0033 8596 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:21:38.0034 8596 MSiSCSI - ok
23:21:38.0036 8596 msiserver - ok
23:21:38.0060 8596 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:21:38.0060 8596 MSKSSRV - ok
23:21:38.0062 8596 MsMpSvc - ok
23:21:38.0068 8596 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:21:38.0068 8596 MSPCLOCK - ok
23:21:38.0075 8596 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:21:38.0075 8596 MSPQM - ok
23:21:38.0092 8596 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:21:38.0093 8596 MsRPC - ok
23:21:38.0117 8596 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:21:38.0117 8596 mssmbios - ok
23:21:38.0126 8596 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:21:38.0127 8596 MSTEE - ok
23:21:38.0134 8596 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:21:38.0135 8596 MTConfig - ok
23:21:38.0149 8596 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:21:38.0149 8596 Mup - ok
23:21:38.0220 8596 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
23:21:38.0224 8596 napagent - ok
23:21:38.0267 8596 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:21:38.0268 8596 NativeWifiP - ok
23:21:38.0311 8596 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:21:38.0316 8596 NDIS - ok
23:21:38.0335 8596 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:21:38.0336 8596 NdisCap - ok
23:21:38.0350 8596 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:21:38.0350 8596 NdisTapi - ok
23:21:38.0364 8596 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:21:38.0364 8596 Ndisuio - ok
23:21:38.0380 8596 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:21:38.0380 8596 NdisWan - ok
23:21:38.0394 8596 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:21:38.0394 8596 NDProxy - ok
23:21:38.0405 8596 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:21:38.0406 8596 NetBIOS - ok
23:21:38.0423 8596 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:21:38.0424 8596 NetBT - ok
23:21:38.0432 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] Netlogon C:\Windows\system32\lsass.exe
23:21:38.0432 8596 Netlogon - ok
23:21:38.0472 8596 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:21:38.0476 8596 Netman - ok
23:21:38.0497 8596 [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:21:38.0497 8596 NetMsmqActivator - ok
23:21:38.0500 8596 [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:21:38.0501 8596 NetPipeActivator - ok
23:21:38.0519 8596 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:21:38.0520 8596 netprofm - ok
23:21:38.0524 8596 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:21:38.0524 8596 NetTcpActivator - ok
23:21:38.0527 8596 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:21:38.0528 8596 NetTcpPortSharing - ok
23:21:38.0536 8596 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:21:38.0537 8596 nfrd960 - ok
23:21:38.0555 8596 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:21:38.0556 8596 NlaSvc - ok
23:21:38.0564 8596 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:21:38.0564 8596 Npfs - ok
23:21:38.0597 8596 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:21:38.0597 8596 nsi - ok
23:21:38.0607 8596 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:21:38.0607 8596 nsiproxy - ok
23:21:38.0671 8596 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:21:38.0682 8596 Ntfs - ok
23:21:38.0687 8596 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:21:38.0688 8596 Null - ok
23:21:38.0713 8596 [ FBEC0FD36ED61EFEE1E3063281EAB984 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
23:21:38.0715 8596 NVHDA - ok
23:21:39.0073 8596 [ FB20C4EE6242B71AB95A65AC2CE19161 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:21:39.0104 8596 nvlddmkm - ok
23:21:39.0135 8596 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:21:39.0137 8596 nvraid - ok
23:21:39.0152 8596 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:21:39.0154 8596 nvstor - ok
23:21:39.0722 8596 [ DB48A9EE04D1D581FB178BF88FA616FD ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
23:21:40.0119 8596 NvStreamSvc - ok
23:21:40.0229 8596 [ 6004D55C0434E15CE98A4CF2A6A4BE94 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:21:40.0233 8596 nvsvc - ok
23:21:40.0621 8596 [ 005E474630A7AA05A617C574B702FEED ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:21:40.0680 8596 nvUpdatusService - ok
23:21:40.0696 8596 [ 9C6266C4A78D48A4000F658AD187E9E5 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad32v.sys
23:21:40.0696 8596 nvvad_WaveExtensible - ok
23:21:40.0721 8596 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:21:40.0722 8596 nv_agp - ok
23:21:40.0751 8596 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:21:40.0751 8596 ohci1394 - ok
23:21:40.0806 8596 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:21:40.0808 8596 ose - ok
23:21:41.0014 8596 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:21:41.0140 8596 osppsvc - ok
23:21:41.0177 8596 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:21:41.0179 8596 p2pimsvc - ok
23:21:41.0196 8596 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:21:41.0198 8596 p2psvc - ok
23:21:41.0227 8596 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
23:21:41.0228 8596 Parport - ok
23:21:41.0255 8596 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:21:41.0255 8596 partmgr - ok
23:21:41.0270 8596 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:21:41.0270 8596 Parvdm - ok
23:21:41.0287 8596 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:21:41.0289 8596 PcaSvc - ok
23:21:41.0297 8596 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
23:21:41.0297 8596 pci - ok
23:21:41.0317 8596 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
23:21:41.0318 8596 pciide - ok
23:21:41.0335 8596 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:21:41.0336 8596 pcmcia - ok
23:21:41.0349 8596 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:21:41.0350 8596 pcw - ok
23:21:41.0394 8596 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:21:41.0401 8596 PEAUTH - ok
23:21:41.0465 8596 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
23:21:41.0476 8596 pla - ok
23:21:41.0514 8596 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:21:41.0515 8596 PlugPlay - ok
23:21:41.0530 8596 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:21:41.0530 8596 PNRPAutoReg - ok
23:21:41.0544 8596 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:21:41.0545 8596 PNRPsvc - ok
23:21:41.0569 8596 [ 8071BF1D8ACFCF96F36B28E34A16BD78 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
23:21:41.0569 8596 Point32 - ok
23:21:41.0607 8596 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:21:41.0608 8596 PolicyAgent - ok
23:21:41.0649 8596 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
23:21:41.0652 8596 Power - ok
23:21:41.0664 8596 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:21:41.0666 8596 PptpMiniport - ok
23:21:41.0699 8596 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
23:21:41.0699 8596 Processor - ok
23:21:41.0721 8596 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
23:21:41.0723 8596 ProfSvc - ok
23:21:41.0730 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:21:41.0731 8596 ProtectedStorage - ok
23:21:41.0743 8596 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:21:41.0744 8596 Psched - ok
23:21:41.0769 8596 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:21:41.0770 8596 PSI_SVC_2 - ok
23:21:41.0826 8596 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:21:41.0836 8596 ql2300 - ok
23:21:41.0846 8596 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:21:41.0847 8596 ql40xx - ok
23:21:41.0878 8596 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:21:41.0880 8596 QWAVE - ok
23:21:41.0894 8596 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:21:41.0895 8596 QWAVEdrv - ok
23:21:41.0903 8596 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:21:41.0903 8596 RasAcd - ok
23:21:41.0929 8596 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:21:41.0930 8596 RasAgileVpn - ok
23:21:41.0933 8596 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:21:41.0934 8596 RasAuto - ok
23:21:41.0943 8596 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:21:41.0944 8596 Rasl2tp - ok
23:21:41.0991 8596 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
23:21:41.0995 8596 RasMan - ok
23:21:42.0012 8596 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:21:42.0013 8596 RasPppoe - ok
23:21:42.0023 8596 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:21:42.0024 8596 RasSstp - ok
23:21:42.0036 8596 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:21:42.0037 8596 rdbss - ok
23:21:42.0047 8596 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:21:42.0047 8596 rdpbus - ok
23:21:42.0056 8596 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:21:42.0057 8596 RDPCDD - ok
23:21:42.0068 8596 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:21:42.0068 8596 RDPENCDD - ok
23:21:42.0077 8596 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:21:42.0077 8596 RDPREFMP - ok
23:21:42.0103 8596 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:21:42.0104 8596 RdpVideoMiniport - ok
23:21:42.0129 8596 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:21:42.0130 8596 RDPWD - ok
23:21:42.0148 8596 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:21:42.0149 8596 rdyboost - ok
23:21:42.0184 8596 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:21:42.0185 8596 RemoteAccess - ok
23:21:42.0208 8596 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:21:42.0209 8596 RemoteRegistry - ok
23:21:42.0238 8596 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
23:21:42.0239 8596 Revoflt - ok
23:21:42.0276 8596 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:21:42.0276 8596 RFCOMM - ok
23:21:42.0317 8596 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:21:42.0319 8596 RpcEptMapper - ok
23:21:42.0351 8596 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:21:42.0351 8596 RpcLocator - ok
23:21:42.0368 8596 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
23:21:42.0370 8596 RpcSs - ok
23:21:42.0396 8596 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:21:42.0397 8596 rspndr - ok
23:21:42.0413 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] SamSs C:\Windows\system32\lsass.exe
23:21:42.0415 8596 SamSs - ok
23:21:42.0445 8596 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:21:42.0446 8596 sbp2port - ok
23:21:42.0476 8596 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:21:42.0477 8596 SCardSvr - ok
23:21:42.0486 8596 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:21:42.0487 8596 scfilter - ok
23:21:42.0520 8596 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
23:21:42.0528 8596 Schedule - ok
23:21:42.0544 8596 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:21:42.0544 8596 SCPolicySvc - ok
23:21:42.0575 8596 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:21:42.0576 8596 SDRSVC - ok
23:21:42.0728 8596 [ 98EF79CC2B07398AC525F9EA1AE0366F ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
23:21:42.0823 8596 SDScannerService - ok
23:21:42.0895 8596 [ 14BF6B3AB327D519ED007CDDC56F6900 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
23:21:42.0928 8596 SDUpdateService - ok
23:21:42.0944 8596 [ 820EBE67AB99F033FDE25B2692157991 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
23:21:42.0946 8596 SDWSCService - ok
23:21:42.0973 8596 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:21:42.0974 8596 secdrv - ok
23:21:42.0987 8596 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:21:42.0988 8596 seclogon - ok
23:21:43.0010 8596 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
23:21:43.0011 8596 SENS - ok
23:21:43.0029 8596 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:21:43.0030 8596 SensrSvc - ok
23:21:43.0044 8596 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:21:43.0045 8596 Serenum - ok
23:21:43.0055 8596 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
23:21:43.0056 8596 Serial - ok
23:21:43.0067 8596 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:21:43.0068 8596 sermouse - ok
23:21:43.0084 8596 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
23:21:43.0086 8596 SessionEnv - ok
23:21:43.0112 8596 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:21:43.0112 8596 sffdisk - ok
23:21:43.0126 8596 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:21:43.0127 8596 sffp_mmc - ok
23:21:43.0141 8596 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:21:43.0141 8596 sffp_sd - ok
23:21:43.0154 8596 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:21:43.0154 8596 sfloppy - ok
23:21:43.0208 8596 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:21:43.0211 8596 SharedAccess - ok
23:21:43.0253 8596 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:21:43.0256 8596 ShellHWDetection - ok
23:21:43.0285 8596 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:21:43.0286 8596 sisagp - ok
23:21:43.0296 8596 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:21:43.0297 8596 SiSRaid2 - ok
23:21:43.0311 8596 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:21:43.0312 8596 SiSRaid4 - ok
23:21:43.0505 8596 [ 9F712B26EE3B0242DE997A42FD302E2C ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:21:43.0617 8596 Skype C2C Service - ok
23:21:43.0655 8596 [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:21:43.0657 8596 SkypeUpdate - ok
23:21:43.0672 8596 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:21:43.0673 8596 Smb - ok
23:21:43.0702 8596 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:21:43.0703 8596 SNMPTRAP - ok
23:21:43.0743 8596 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:21:43.0744 8596 spldr - ok
23:21:43.0826 8596 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
23:21:43.0830 8596 Spooler - ok
23:21:43.0951 8596 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
23:21:44.0048 8596 sppsvc - ok
23:21:44.0065 8596 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:21:44.0066 8596 sppuinotify - ok
23:21:44.0101 8596 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:21:44.0102 8596 srv - ok
23:21:44.0123 8596 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:21:44.0124 8596 srv2 - ok
23:21:44.0138 8596 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:21:44.0139 8596 srvnet - ok
23:21:44.0168 8596 [ BB6EDB0257860083193CC1581AC7D485 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
23:21:44.0170 8596 ssadbus - ok
23:21:44.0184 8596 [ 5BCB68F7B62159C07789D3F405750623 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:21:44.0185 8596 ssadmdfl - ok
23:21:44.0193 8596 [ 1588A89F9CD9E68DE9FCC9F60FDB5C08 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
23:21:44.0194 8596 ssadmdm - ok
23:21:44.0204 8596 [ 9EFD9F42795C9E90206C1E9A9B25E8D3 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
23:21:44.0204 8596 ssadserd - ok
23:21:44.0225 8596 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:21:44.0226 8596 SSDPSRV - ok
23:21:44.0238 8596 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:21:44.0239 8596 SstpSvc - ok
23:21:44.0259 8596 [ 24F5F92263E3B461A1105FE370D53D1C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
23:21:44.0260 8596 ssudmdm - ok
23:21:44.0305 8596 [ 4F08BE2C2AC568EE9867A9B0F4F09540 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:21:44.0306 8596 Stereo Service - ok
23:21:44.0337 8596 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:21:44.0337 8596 stexstor - ok
23:21:44.0373 8596 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
23:21:44.0376 8596 StiSvc - ok
23:21:44.0381 8596 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:21:44.0382 8596 swenum - ok
23:21:44.0417 8596 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:21:44.0418 8596 swprv - ok
23:21:44.0477 8596 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
23:21:44.0487 8596 SysMain - ok
23:21:44.0573 8596 [ 7EAEF49D206899909EB63014FC8DC19A ] SystemExplorerHelpService F:\Program Files\System Explorer\service\SystemExplorerService.exe
23:21:44.0577 8596 SystemExplorerHelpService - ok
23:21:44.0623 8596 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:21:44.0624 8596 TabletInputService - ok
23:21:44.0692 8596 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
23:21:44.0694 8596 TapiSrv - ok
23:21:44.0737 8596 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:21:44.0739 8596 TBS - ok
Continued in the next post...
mikewill
2014-02-02, 18:38
Continuation...
23:21:44.0800 8596 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:21:44.0804 8596 Tcpip - ok
23:21:44.0819 8596 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:21:44.0823 8596 TCPIP6 - ok
23:21:44.0861 8596 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:21:44.0862 8596 tcpipreg - ok
23:21:44.0898 8596 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:21:44.0899 8596 TDPIPE - ok
23:21:44.0942 8596 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:21:44.0943 8596 TDTCP - ok
23:21:44.0956 8596 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:21:44.0956 8596 tdx - ok
23:21:45.0158 8596 [ 8EA86BC14E5AE25E4DA5C742587FB1A4 ] TeamViewer9 C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
23:21:45.0309 8596 TeamViewer9 - ok
23:21:45.0323 8596 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:21:45.0324 8596 TermDD - ok
23:21:45.0365 8596 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
23:21:45.0371 8596 TermService - ok
23:21:45.0379 8596 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:21:45.0380 8596 Themes - ok
23:21:45.0392 8596 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:21:45.0393 8596 THREADORDER - ok
23:21:45.0422 8596 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:21:45.0440 8596 TrkWks - ok
23:21:45.0466 8596 [ 88E0F99FDB8DDCB6E6A15380E164FEA2 ] trufos C:\Windows\system32\DRIVERS\trufos.sys
23:21:45.0469 8596 trufos - ok
23:21:45.0521 8596 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:21:45.0522 8596 TrustedInstaller - ok
23:21:45.0548 8596 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:21:45.0548 8596 tssecsrv - ok
23:21:45.0563 8596 [ C6A5FBD4977305E1FA23E02C042DB463 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:21:45.0563 8596 TsUsbFlt - ok
23:21:45.0592 8596 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:21:45.0593 8596 TsUsbGD - ok
23:21:45.0625 8596 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:21:45.0626 8596 tunnel - ok
23:21:45.0636 8596 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:21:45.0636 8596 uagp35 - ok
23:21:45.0658 8596 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:21:45.0659 8596 udfs - ok
23:21:45.0693 8596 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:21:45.0694 8596 UI0Detect - ok
23:21:45.0714 8596 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:21:45.0714 8596 uliagpkx - ok
23:21:45.0731 8596 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:21:45.0731 8596 umbus - ok
23:21:45.0756 8596 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
23:21:45.0757 8596 UmPass - ok
23:21:45.0794 8596 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 F:\Program Files\Unlocker\UnlockerDriver5.sys
23:21:45.0794 8596 UnlockerDriver5 - ok
23:21:45.0831 8596 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:21:45.0833 8596 upnphost - ok
23:21:45.0880 8596 [ A1977C315BF5691DA99235AA4A6907AF ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:21:45.0881 8596 usbaudio - ok
23:21:45.0913 8596 [ 0803FBA9FE829D61AE26EC0BCC910C46 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
23:21:45.0913 8596 usbccgp - ok
23:21:46.0084 8596 [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:21:46.0086 8596 usbcir - ok
23:21:46.0130 8596 [ D40855F89B69305140BBD7E9A3BA2DA6 ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:21:46.0130 8596 usbehci - ok
23:21:46.0168 8596 [ EDF2DF71C4F1E13A6AC75F5224DE655A ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:21:46.0170 8596 usbhub - ok
23:21:46.0190 8596 [ 9828C8D14CC2676421778F0DE638CF97 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:21:46.0190 8596 usbohci - ok
23:21:46.0227 8596 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:21:46.0228 8596 usbprint - ok
23:21:46.0251 8596 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:21:46.0252 8596 USBSTOR - ok
23:21:46.0269 8596 [ 800AABFD625EEFF899F7E5496BDE37AB ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:21:46.0269 8596 usbuhci - ok
23:21:46.0303 8596 [ DE014425522610BEDCA3821BB8C0F1D5 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:21:46.0303 8596 usbvideo - ok
23:21:46.0353 8596 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:21:46.0355 8596 UxSms - ok
23:21:46.0378 8596 [ 803B370865D907EA21DC0C2B6A8936B5 ] VaultSvc C:\Windows\system32\lsass.exe
23:21:46.0379 8596 VaultSvc - ok
23:21:46.0413 8596 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:21:46.0414 8596 vdrvroot - ok
23:21:46.0506 8596 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
23:21:46.0512 8596 vds - ok
23:21:46.0528 8596 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:21:46.0529 8596 vga - ok
23:21:46.0539 8596 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:21:46.0539 8596 VgaSave - ok
23:21:46.0551 8596 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:21:46.0552 8596 vhdmp - ok
23:21:46.0584 8596 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:21:46.0584 8596 viaagp - ok
23:21:46.0596 8596 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:21:46.0596 8596 ViaC7 - ok
23:21:46.0611 8596 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
23:21:46.0611 8596 viaide - ok
23:21:46.0626 8596 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:21:46.0626 8596 volmgr - ok
23:21:46.0643 8596 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:21:46.0645 8596 volmgrx - ok
23:21:46.0675 8596 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:21:46.0676 8596 volsnap - ok
23:21:46.0691 8596 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:21:46.0692 8596 vsmraid - ok
23:21:46.0770 8596 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
23:21:46.0774 8596 VSS - ok
23:21:46.0782 8596 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:21:46.0782 8596 vwifibus - ok
23:21:46.0800 8596 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:21:46.0802 8596 W32Time - ok
23:21:46.0889 8596 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
23:21:46.0891 8596 W3SVC - ok
23:21:46.0900 8596 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:21:46.0901 8596 WacomPen - ok
23:21:46.0915 8596 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:21:46.0915 8596 WANARP - ok
23:21:46.0919 8596 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:21:46.0920 8596 Wanarpv6 - ok
23:21:46.0939 8596 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
23:21:46.0940 8596 WAS - ok
23:21:47.0002 8596 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:21:47.0013 8596 WatAdminSvc - ok
23:21:47.0085 8596 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
23:21:47.0102 8596 wbengine - ok
23:21:47.0125 8596 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:21:47.0128 8596 WbioSrvc - ok
23:21:47.0142 8596 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:21:47.0144 8596 wcncsvc - ok
23:21:47.0153 8596 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:21:47.0154 8596 WcsPlugInService - ok
23:21:47.0202 8596 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
23:21:47.0202 8596 Wd - ok
23:21:47.0237 8596 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:21:47.0242 8596 Wdf01000 - ok
23:21:47.0255 8596 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:21:47.0256 8596 WdiServiceHost - ok
23:21:47.0259 8596 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:21:47.0260 8596 WdiSystemHost - ok
23:21:47.0284 8596 [ 75E8EBD7040CE238684333F97014762A ] WebClient C:\Windows\System32\webclnt.dll
23:21:47.0286 8596 WebClient - ok
23:21:47.0299 8596 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:21:47.0300 8596 Wecsvc - ok
23:21:47.0311 8596 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:21:47.0312 8596 wercplsupport - ok
23:21:47.0344 8596 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:21:47.0347 8596 WerSvc - ok
23:21:47.0359 8596 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:21:47.0360 8596 WfpLwf - ok
23:21:47.0377 8596 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:21:47.0378 8596 WIMMount - ok
23:21:47.0429 8596 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:21:47.0432 8596 WinDefend - ok
23:21:47.0439 8596 WinHttpAutoProxySvc - ok
23:21:47.0493 8596 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:21:47.0495 8596 Winmgmt - ok
23:21:47.0564 8596 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:21:47.0574 8596 WinRM - ok
23:21:47.0611 8596 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:21:47.0612 8596 WinUsb - ok
23:21:47.0680 8596 [ A7C993F86BE5AF035DE06DF9160D7008 ] WiseBootAssistant F:\Program Files\Wise\Wise Care 365\BootTime.exe
23:21:47.0682 8596 WiseBootAssistant - ok
23:21:47.0742 8596 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:21:47.0755 8596 Wlansvc - ok
23:21:47.0783 8596 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:21:47.0784 8596 WmiAcpi - ok
23:21:47.0829 8596 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:21:47.0832 8596 wmiApSrv - ok
23:21:47.0906 8596 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:21:47.0910 8596 WMPNetworkSvc - ok
23:21:47.0928 8596 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:21:47.0929 8596 WPCSvc - ok
23:21:47.0951 8596 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:21:47.0952 8596 WPDBusEnum - ok
23:21:47.0985 8596 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:21:47.0985 8596 ws2ifsl - ok
23:21:47.0995 8596 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
23:21:47.0996 8596 wscsvc - ok
23:21:48.0001 8596 WSearch - ok
23:21:48.0085 8596 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:21:48.0130 8596 wuauserv - ok
23:21:48.0164 8596 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:21:48.0165 8596 WudfPf - ok
23:21:48.0187 8596 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:21:48.0188 8596 WUDFRd - ok
23:21:48.0216 8596 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:21:48.0217 8596 wudfsvc - ok
23:21:48.0247 8596 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:21:48.0249 8596 WwanSvc - ok
23:21:48.0276 8596 楗敳潂瑯獁楳瑳湡tI" - ok
23:21:48.0279 8596 ================ Scan global ===============================
23:21:48.0329 8596 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:21:48.0355 8596 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
23:21:48.0362 8596 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
23:21:48.0390 8596 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:21:48.0430 8596 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:21:48.0434 8596 [Global] - ok
23:21:48.0434 8596 ================ Scan MBR ==================================
23:21:48.0452 8596 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:21:48.0596 8596 \Device\Harddisk0\DR0 - ok
23:21:48.0596 8596 ================ Scan VBR ==================================
23:21:48.0597 8596 [ 0465127D79BBEF7154E32C1A6045797E ] \Device\Harddisk0\DR0\Partition1
23:21:48.0598 8596 \Device\Harddisk0\DR0\Partition1 - ok
23:21:48.0611 8596 [ F6BDAB548C5E891284E81656866A28C3 ] \Device\Harddisk0\DR0\Partition2
23:21:48.0612 8596 \Device\Harddisk0\DR0\Partition2 - ok
23:21:48.0626 8596 [ C1E451995F221C1C50CAD01A39425052 ] \Device\Harddisk0\DR0\Partition3
23:21:48.0627 8596 \Device\Harddisk0\DR0\Partition3 - ok
23:21:48.0637 8596 [ 206B2B5894B92584770FD18A925A895D ] \Device\Harddisk0\DR0\Partition4
23:21:48.0639 8596 \Device\Harddisk0\DR0\Partition4 - ok
23:21:48.0651 8596 [ AC3FFB9A21753396539FDC6202DBCF05 ] \Device\Harddisk0\DR0\Partition5
23:21:48.0653 8596 \Device\Harddisk0\DR0\Partition5 - ok
23:21:48.0653 8596 ============================================================
23:21:48.0653 8596 Scan finished
23:21:48.0653 8596 ============================================================
23:21:48.0657 8772 Detected object count: 0
23:21:48.0657 8772 Actual detected object count: 0
___
Here is a GMER partial log:
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-02 20:19:33
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000067 ST330062 rev.3.AA 279.46GB
Running: gmer.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwliifow.sys
---- System - GMER 2.1 ----
SSDT \??\F:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwAllocateVirtualMemory [0x91DA109C]
SSDT \??\F:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwAlpcConnectPort [0x91DA4544]
---...--- CUT HERE ---...---
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 ambakdrv.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 ambakdrv.sys
Device \Driver\BTHUSB \Device\00000084 bthport.sys
Device \Driver\BTHUSB \Device\00000086 bthport.sys
---- Services - GMER 2.1 ----
Service ??????????????????????????" (*** hidden *** ) [AUTO] <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832fd4c8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832fd4c8 (not active ControlSet)
---- EOF - GMER 2.1 ----
I think it's something we found earlier
I have attached a script for FRST, download it to your computer, locate it next to FRST.exe, then start FRST and click on the Fix button and then attach the fixlog.txt to your next reply.
11190
mikewill
2014-02-02, 19:56
Should I rename the fixtxt.txt to the fixlist.txt ?
FRST gives me an error:
No fixlist.txt found.
The fixlist.txt should be in the same folder/directory the tool is located.
mikewill
2014-02-02, 20:09
Here is the fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
Ran by Michael at 2014-02-03 01:07:11 Run:3
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
U2 楗敳潂瑯獁楳瑳湡tI"; 㩆停潲牧浡䘠汩獥坜獩履楗敳䌠牡㘳尵潂瑯楔敭攮數" [x]
*****************
楗敳潂瑯獁楳瑳湡tI" => Service deleted successfully.
==== End of Fixlog ====
ok, that got it.
How's it running now?
mikewill
2014-02-02, 20:23
I tried to Google the above, and ...
"æ" (and any subsequent words) was ignored because we limit queries to 32 words.
Your search - U2 楗敳潂瑯ç 楳瑳湡tI"; ã©†å œæ½²ç‰§æµ¡ä˜ æ±©ç ¥å œç ©å±¥æ¥—æ•³äŒ ç‰¡â ¥ã˜³å°µæ½‚ç‘¯æ¥”æ•*攮數＀￿" [x] - did not match any documents.
Suggestions:
Make sure all words are spelled correctly.
Try different keywords.
Try more general keywords.
Try fewer keywords.
Search Results
-----
Juliet, do you know what is that?
I am trying to run GMER - will let you the outcome.
I tried to Google the above, and ...
"æ" (and any subsequent words) was ignored because we limit queries to 32 words.
Your search - U2 楗敳潂瑯ç 楳瑳湡tI"; ã©†å œæ½²ç‰§æµ¡ä˜ æ±©ç ¥å œç ©å±¥æ¥—æ•³äŒ ç‰¡â ¥ã˜³å°µæ½‚ç‘¯æ¥”æ•*攮數＀￿" [x] - did not match any documents.
Suggestions:
Make sure all words are spelled correctly.
Try different keywords.
Try more general keywords.
Try fewer keywords.
Search Results
-----
Juliet, do you know what is that?
I am trying to run GMER - will let you the outcome.
楗敳潂瑯獁楳瑳湡tI" was the service found, this was in your beginning logs of this topic. I don't know what it is.
yes, it appears to look as Chinese characters but what I could find was unicode. Thats why I had to place it as an attachment because it was saved as a unicode file.
also, did you receive a Private message from me?
mikewill
2014-02-02, 21:03
Dear Juliet,
Firstly, I want to inform you that my system is suddenly crushed (again) during the GMER scan. I got a "blue screen of death".
But it seems that GMER didn't found the ROOTKIT (as before). At the beginning of scan, however, it mentioned some problem with the HDD, it can't recognize.
Secondly, after the reboot, the systems feels snappier.
I just read your Private message. I will delete these items.
Dear Juliet,
Firstly, I want to inform you that my system is suddenly crushed (again) during the GMER scan. I got a "blue screen of death".
But it seems that GMER didn't found the ROOTKIT (as before). At the beginning of scan, however, it mentioned some problem with the HDD, it can't recognize.
Secondly, after the reboot, the systems feels snappier.
I just read your Private message. I will delete these items.
I think we took care of the infection. Snappy is what I like.
From here let's remove the tools used and quarantine folders.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
start
DeleteQuarantine:
end
*******************
Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.
Go to Start > Run > copy and paste the full text path in the run box
ComboFix /Uninstall
Note the space between the x and the /U, it needs to be there.
********************
Download and Run OTC
We will now remove the tools we used during this fix using OTC.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer and save it to your desktop.
Double click http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.
********************
Any other tools and folders that remain can be deleted.
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
AdblockPlus, Surf the web without annoying ads![/*]
Blocks banners, pop-ups and video ads - even on Facebook and YouTube[/*]
Protects your online privacy[/*]
Two-click installation, It's free![/*]
click the icon that corresponds to your browser and download.[/*]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go[/*]
Yellow for caution[/*]
Red to stop[/*]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
File sharing infects 500,000 computers (http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)[/*]
*********************************************
Please read the following safe computing articles..
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)[/*]
Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.
Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/
[/quote]
mikewill
2014-02-02, 21:48
Dear Juliet,
I do not Have ComboFix on my system.
*******************
Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.
Go to Start > Run > copy and paste the full text path in the run box
ComboFix /Uninstall
Note the space between the x and the /U, it needs to be there.
********************
Dear Juliet,
I do not Have ComboFix on my system.
it's a standard reply, you can skip that part. :D:
mikewill
2014-02-02, 22:50
Dear Juliet,
Please tell me if there is something I need to do in regards to the ESET scan results?
There were quite a number of issues...
Should I run the scan again?
post #10, you posted the results of the Eset scan
post#11, I had FRST remove/delete them
Post #12, you provided the results of them being removed successfully into FRST quarantine
there were 2 other files I PM'd you to remove.
mikewill
2014-02-03, 12:48
Dear Juliet,
I just want to THANK YOU for your help.
Sincerely,
Mike
You are so welcome.
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.