Jump to content


Photo

Bad Image Error


  • This topic is locked This topic is locked
36 replies to this topic

#1 Timmy

Timmy

    Member

  • Members
  • 18 posts

Posted 07 January 2014 - 01:23 PM

I don't know what happened to my computer, I am new to the community here.  I can't open Internet Explorer anymore, only my Chrome.  Every time I try and open it, it comes up blank and closes immediately, Next, I try and open my pdf files and I get the message of Bad image error, as a matter of face I get the bad image error soon as I boot up my computer too and with everything I try and open. I get it popping up 3 times in a row.  I have tried removing Adobe so that I can re install it , now it won;t let me do that.  I can';t fully update my computer due to this error codes that keeps coming up.
Posted Image
 
I did a quick scan with Malwarebytes' Anti-Malware here is the log after the scan.
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.07.01
 
Windows 7 Service Pack 1 x86 NTFS
 
Protection: Disabled
 
1/6/2014 8:57:51 PM
mbam-log-2014-01-06 (20-57-51).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243251
Time elapsed: 18 minute(s), 31 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 3
C:Program FilesMovies ToolbarSafetyNutsafetynut.dll (PUP.Optional.SafetyNut.A) -> Delete on reboot.
C:Program FilesMovies ToolbarSafetyNutsafetycrt.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:Program FilesMovies ToolbarSafetyNutsafetyldr.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
 
Registry Keys Detected: 18
HKCRCLSID{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3444C3C5-6C56-4A16-A453-832B05BF6EA4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{3444C3C5-6C56-4A16-A453-832B05BF6EA4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{3444C3C5-6C56-4A16-A453-832B05BF6EA4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{3444C3C5-6C56-4A16-A453-832B05BF6EA4} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLMSOFTWARE{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKCUSoftwareAppDataLowSoftwareCrossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREClassesMoviesToolbarHelper.DNSGuard (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREClassesMoviesToolbarHelper.DNSGuard.1 (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREDATAMNGR (PUP.Optional.MoviesToolbar.A) -> Quarantined and deleted successfully.
HKLMSOFTWARESAFETYNUT (PUP.Optional.SafetyNut.A) -> Quarantined and deleted successfully.
HKCRCLSID{338a754c-b46e-4bf2-8ac8-23de36862ad3} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtSettings{338A754C-B46E-4BF2-8AC8-23DE36862AD3} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKCRTypeLib{934BEE21-C5A4-457E-B130-77CA098FBBD3} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKCRInterface{6014D692-4409-4EDD-ABB2-36CA26DC2A2E} (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallsomotomoviestoolbar1FF (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallsomotomoviestoolbar1CR (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallsomotomoviestoolbar1IE (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 4
HKLMSOFTWAREMicrosoftInternet ExplorerToolbar|{3444C3C5-6C56-4A16-A453-832B05BF6EA4} (PUP.Optional.MoviesToolBar.A) -> Data: Movies Toolbar (Dist. by Somoto Ltd.) -> Quarantined and deleted successfully.
HKLMSOFTWAREMicrosoftInternet ExplorerToolbar{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Data:  -> Quarantined and deleted successfully.
HKLMSOFTWAREDatamngr|uninstallstring (PUP.Optional.MoviesToolbar.A) -> Data: C:Program FilesMovies ToolbarSafetyNutuninstall.exe -> Quarantined and deleted successfully.
HKLMSOFTWARESafetyNut|browser (PUP.Optional.SafetyNut.A) -> Data:  ie ff cr -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 1
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows|AppInit_DLLs (PUP.Optional.MoviesToolBar.A) -> Bad: (C:PROGRA~1MOVIES~1SAFETY~1SAFETY~2.DLL) Good: () -> Quarantined and repaired successfully.
 
Folders Detected: 20
C:UsersdieasAppDataLocalFilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNut (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1 (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1FF (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1GC (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IE (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchrome (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontent (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentlib (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentmodules (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocale (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocalelib (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbar (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskin (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlib (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanels (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsdefault (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsdefaultscripts (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjs (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEcomponents (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
 
Files Detected: 50
C:Program FilesMovies ToolbarSafetyNutsafetynut.dll (PUP.Optional.SafetyNut.A) -> Delete on reboot.
C:UsersdieasDownloadsuplayermediaplayer-setup.exe (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully.
C:UsersdieasAppDataLocalGCClicker.exe (Trojan.Clicker) -> Delete on reboot.
C:ProgramDataWincertwin32prop.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:ProgramDataWincertwin64prop.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:UsersdieasAppDataLocalFilesFrog Update Checkerupdate_checker.exe (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutdel_DM_DLL_nseB1ED.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutdel_DM_LL_nsc7A57.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutdel_DM_LL_nseB1ED.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutdel_DM_LL_nss2507.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutdel_mg_nsb52BC.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutdel_mg_nseB1ED.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutHelper.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutInternet Explorer Settings.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutsafetycrt.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:Program FilesMovies ToolbarSafetyNutsafetyldr.dll (PUP.Optional.MoviesToolBar.A) -> Delete on reboot.
C:Program FilesMovies ToolbarSafetyNutsafetyldr_u.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutsafetynut.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutsafetynut_ie.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutUninstall.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1FFinstall.ico (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1FFuninstall.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1GCinstall.ico (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1GCuninstall.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEdtUser.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEinstall.ico (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEuninstall.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IE__searchresultsDx.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IE__searchresultstb.dll (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentcustom.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentvmncode.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentlibcustom.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentlibexternal.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromecontentmodulesnsDragAndDrop.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocalelocale.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaleliben.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbarde.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbaren.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbares.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbarfr.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromelocaletoolbarit.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsgameData.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsdefaultscriptsdefscript.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsdefault.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsjquery.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsjquery.tinyscrollbar.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsjquery.tinyscrollbar.min.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsjquery.uniform.min.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEchromeskinlibpanelsjsjquery.url.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
C:Program FilesMovies ToolbarSafetyNutSRTOOL~1IEcomponentswindowmediator.js (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
 
(end)


#2 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,080 posts
  • Gender:Female


Posted 07 January 2014 - 06:29 PM

let's see if we can find out whats going on.

If you can download these tools and run them in normal mode great, if not try to boot into safe mode and run from there.

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


adwcleaner_download.png
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:AdwCleaner[S1].txt as well.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    -Junkware-Removal-Tool-

    Please download Junkware Removal Tool to your desktop.

    Vista / 7 / 8 users:
    You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    When they are complete let me have the two reports and let me know how things are running.

Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#3 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,080 posts
  • Gender:Female


Posted 11 January 2014 - 07:13 AM

still with me?
Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#4 Timmy

Timmy

    Member

  • Members
  • 18 posts

Posted 12 January 2014 - 05:12 PM

still with me?

Yes sorry couldn't get my computer working i'll do it right now.

 

Well i've noticed that the bad image error went away after I restarted but I still experience the blue screen error.

 

# AdwCleaner v3.017 - Report created 12/01/2014 at 14:15:59
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : dieas - DIEAS-PC
# Running from : C:UsersdieasDownloadsadwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:ProgramDataapn
Folder Deleted : C:ProgramDataAsk
Folder Deleted : C:ProgramDataBabylon
[#] Folder Deleted : C:ProgramDataBitGuard
Folder Deleted : C:ProgramDataboost_interprocess
[#] Folder Deleted : C:ProgramDataBrowser Manager
[#] Folder Deleted : C:ProgramDataBrowserProtect
Folder Deleted : C:ProgramDataeSafe
Folder Deleted : C:ProgramDataNCH Software
Folder Deleted : C:ProgramDataParetoLogic
Folder Deleted : C:ProgramDataStarApp
Folder Deleted : C:ProgramDataVisualBee
Folder Deleted : C:ProgramDatawincert
Folder Deleted : C:ProgramDatasafe  saaVE
Folder Deleted : C:ProgramDataMicrosoftWindowsStart MenuProgramsotshot
Folder Deleted : C:Program FilesDealPly
Folder Deleted : C:Program FilesMovies Toolbar
Folder Deleted : C:Program FilesMyPC Backup
Folder Deleted : C:Program FilesNCH Software
Folder Deleted : C:Program FilesParetoLogic
Folder Deleted : C:Program FilesCommon FilesParetoLogic
Folder Deleted : C:Windowssystem32hotspot shield
Folder Deleted : C:UsersdieasAppDataLocalapn
Folder Deleted : C:UsersdieasAppDataLocalBundled software uninstaller
Folder Deleted : C:UsersdieasAppDataLocaleSupport.com
Folder Deleted : C:UsersdieasAppDataLocalsavings explorer
Folder Deleted : C:UsersdieasAppDataLocalsomotomoviestoolbar1
Folder Deleted : C:UsersdieasAppDataLocalSwvUpdater
Folder Deleted : C:UsersdieasAppDataLocalwebplayer
Folder Deleted : C:UsersdieasAppDataLocalLowsomotomoviestoolbar1
Folder Deleted : C:UsersdieasAppDataLocalLowsafe  saaVE
Folder Deleted : C:UsersdieasAppDataRoamingCheckPointZoneAlarm LTD Toolbar
Folder Deleted : C:UsersdieasAppDataRoamingDriverCure
Folder Deleted : C:UsersdieasAppDataRoamingiPumper
Folder Deleted : C:UsersdieasAppDataRoamingNCH Software
Folder Deleted : C:UsersdieasAppDataRoamingParetoLogic
Folder Deleted : C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsFirstRowSportApp.com
Folder Deleted : C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsFTDownloader.com
Folder Deleted : C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsParetoLogic
Folder Deleted : C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsTornTV.com
Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultSmartbar
Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsomotomoviestoolbar1
Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensions{3444c3c5-6c56-4a16-a453-832b05bf6ea4}
Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensions{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:Program FilesMozilla FirefoxExtensionsffxtlbr@babylon.com
Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsqzlzg.vh@tucw.co.uk
Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiles0Extensionsstaged
Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensions51be189c8e15e@51be189c8e197.com
Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsdonottrack@checkpoint.com
Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensions{739df940-c5ee-4bab-9d7e-270894ae687a}.oldbackup
Folder Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensions{9473F86A-8CD2-0C01-CF9E-946854F63D87}
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsfhdp@fhdp.tv.xpi
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsgophoto@gophoto.it.xpi
File Deleted : C:END
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultinvalidprefs.js
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsAsk.xml
File Deleted : C:Program FilesMozilla FirefoxsearchpluginsAsk.xml
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsAskcom.xml
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsBabylon.xml
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsConduit.xml
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsdelta.xml
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginszonealarm.xml
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiles0user.js
File Deleted : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultuser.js
File Deleted : C:WindowsTasksDealply.job
File Deleted : C:WindowsSystem32TasksDealply
File Deleted : C:WindowsSystem32TasksEscolade
File Deleted : C:WindowsSystem32TasksFunmoods
File Deleted : C:WindowsSystem32TasksNCH Software
File Deleted : C:WindowsTasksparetologic registration3.job
File Deleted : C:WindowsSystem32Tasksparetologic registration3
File Deleted : C:WindowsTasksparetologic update version3.job
File Deleted : C:WindowsSystem32Tasksparetologic update version3
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLMSOFTWAREMozillaFirefoxExtensions [ocr@babylon.com]
Key Deleted : HKLMSOFTWAREGoogleChromeExtensionsaaaaimdcedbpbcjjbbnfcbbjcngmomic
Key Deleted : HKLMSOFTWAREGoogleChromeExtensionsbbffdhejhaoiflnpooogkckfdcmmjppn
Key Deleted : HKLMSOFTWAREGoogleChromeExtensionsjbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLMSOFTWAREGoogleChromeExtensionskkfggacklibaabdomphfdpcodjgihgon
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{003CF83C-2AED-4EFF-AC42-4D7A276FA265}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{003CF83C-2AED-4EFF-AC42-4D7A276FA265}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{EFDBD748-5519-47D6-9261-691DEF737E36}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{EFDBD748-5519-47D6-9261-691DEF737E36}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{E1D9D73C-17D0-442F-940E-186AE1DAC58D}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{E1D9D73C-17D0-442F-940E-186AE1DAC58D}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{67CB0A54-4222-46E2-BF99-58AB8280C8AF}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{C3DF4D35-7A1E-4698-BA19-722F271741C1}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{C3DF4D35-7A1E-4698-BA19-722F271741C1}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{604B2427-0751-4483-9B43-ACEA6132C4D7}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{604B2427-0751-4483-9B43-ACEA6132C4D7}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{ED7C304F-DEDD-4234-BE87-6020C9C644E8}
[#] Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{A47CBE68-9BCF-4B5A-9B90-F5142D5CC420}
Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerLowRegistryDOMStoragebabylon.com
Key Deleted : HKLMSOFTWAREClasses*shellfilescout
Key Deleted : HKLMSOFTWAREClassesBabyDict
Key Deleted : HKLMSOFTWAREClassesBabyGloss
Key Deleted : HKLMSOFTWAREClassesBabyOptFile
Key Deleted : HKLMSOFTWAREClassesFTDownloader
Key Deleted : HKLMSOFTWAREClassesProd.cap
Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASAPI32
Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASMANCS
Key Deleted : HKLMSOFTWAREMicrosoftTracingau__rasapi32
Key Deleted : HKLMSOFTWAREMicrosoftTracingau__rasmancs
Key Deleted : HKLMSOFTWAREMicrosoftTracingBabylon_RASAPI32
Key Deleted : HKLMSOFTWAREMicrosoftTracingBabylon_RASMANCS
Key Deleted : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASAPI32
Key Deleted : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASMANCS
Key Deleted : HKLMSOFTWAREMicrosoftTracingFunmoodsSetup_RASAPI32
Key Deleted : HKLMSOFTWAREMicrosoftTracingFunmoodsSetup_RASMANCS
Key Deleted : HKLMSOFTWAREMicrosoftTracingTaskScheduler_RASAPI32
Key Deleted : HKLMSOFTWAREMicrosoftTracingTaskScheduler_RASMANCS
Key Deleted : HKLMSOFTWAREMicrosoftTracingUpdateTask_RASAPI32
Key Deleted : HKLMSOFTWAREMicrosoftTracingUpdateTask_RASMANCS
Key Deleted : HKLMSOFTWAREMicrosoftTracingwajam_install_rasapi32
Key Deleted : HKLMSOFTWAREMicrosoftTracingwajam_install_rasmancs
Key Deleted : HKLMSOFTWAREMicrosoftTracingwajamupdater_rasapi32
Key Deleted : HKLMSOFTWAREMicrosoftTracingwajamupdater_rasmancs
Key Deleted : HKLMSOFTWAREMicrosoftTracingWebCakeDesktop_RASAPI32
Key Deleted : HKLMSOFTWAREMicrosoftTracingWebCakeDesktop_RASMANCS
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsemngr.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsermngr.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbundlesweetimsetup.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscltmngsvc.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdealplylive.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdelta babylon.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdelta tb.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdelta2.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltainstaller.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltasetup.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltatb.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdeltatb_2501-c733154b.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsiminentsetup.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssweetimsetup.exe
Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstbdelta.exetoolbar783881609.exe
Key Deleted : HKLMSOFTWAREMozillaPlugins@checkpoint.com/FFApi
Value Deleted : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x64]
Value Deleted : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x86]
Value Deleted : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x64]
Value Deleted : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x86]
Key Deleted : HKCUSoftware5b55dcd0b23ee446
Key Deleted : HKLMSOFTWARE5b55dcd0b23ee446
Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_war-rock_RASAPI32
Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_war-rock_RASMANCS
Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_windows-xp-service-pack_RASAPI32
Key Deleted : HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_for_windows-xp-service-pack_RASMANCS
Key Deleted : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLMSOFTWAREClassesAppID{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLMSOFTWAREClassesAppID{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLMSOFTWAREClassesCLSID{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLMSOFTWAREClassesCLSID{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLMSOFTWAREClassesCLSID{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLMSOFTWAREClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLMSOFTWAREClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLMSOFTWAREClassesCLSID{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLMSOFTWAREClassesCLSID{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLMSOFTWAREClassesInterface{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLMSOFTWAREClassesInterface{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLMSOFTWAREClassesInterface{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLMSOFTWAREClassesInterface{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLMSOFTWAREClassesInterface{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLMSOFTWAREClassesInterface{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLMSOFTWAREClassesInterface{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLMSOFTWAREClassesInterface{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLMSOFTWAREClassesInterface{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLMSOFTWAREClassesInterface{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLMSOFTWAREClassesTypeLib{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLMSOFTWAREClassesTypeLib{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCUSoftwareanchorfree
Key Deleted : HKCUSoftwareAPN DTX
Key Deleted : HKCUSoftwareAPN PIP
Key Deleted : HKCUSoftwareBabylon
Key Deleted : HKCUSoftwareConduit
Key Deleted : HKCUSoftwaredistromatic
Key Deleted : HKCUSoftwareEscolade
Key Deleted : HKCUSoftwarefilescout
Key Deleted : HKCUSoftwareNCH Software
Key Deleted : HKCUSoftwareParetoLogic
Key Deleted : HKCUSoftwarepowerpack
Key Deleted : HKCUSoftwareSafetyNut
Key Deleted : HKCUSoftwareSoftonic
Key Deleted : HKCUSoftwareSomoto
Key Deleted : HKCUSoftwareWEDLMNGR
Key Deleted : HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCUSoftwareAppDataLowSoftwareLyricsFinder
Key Deleted : HKCUSoftwareAppDataLowSoftwarePriceGong
Key Deleted : HKCUSoftwareAppDataLowSoftwareSmartBar
Key Deleted : HKLMSoftware{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLMSoftware{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLMSoftwareBabylon
Key Deleted : HKLMSoftwareConduit
Key Deleted : HKLMSoftwareInstallCore
Key Deleted : HKLMSoftwareInstallIQ
Key Deleted : HKLMSoftwareNCH Software
Key Deleted : HKLMSoftwareParetoLogic
Key Deleted : HKLMSoftwarePIP
Key Deleted : HKLMSoftwareSP Global
Key Deleted : HKLMSoftwareSProtector
Key Deleted : HKLMSoftwareTarma Installer
Key Deleted : HKLMSoftwarevisualbee
Key Deleted : HKLMSoftwareVittalia
Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallbi_uninstaller
Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallFilesFrog Update Checker
Key Deleted : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
- Internet Explorer v10.0.9200.16750
 
Setting Restored : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page]
 
- Mozilla Firefox v19.0.2 (en-US)
 
[ File : C:UsersdieasAppDataRoamingMozillaFirefoxProfiles0prefs.js ]
 
 
[ File : C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultprefs.js ]
 
Line Deleted : user_pref("CT3287804.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3287804.1000082.state", "{"state":"stopped","text":"Californi...","description":"California Rock - Rock","url":"hxxp://www.feedlive.net/california.asx"}");
Line Deleted : user_pref("CT3287804.ENABALE_HISTORY", "{"dataType":"string","data":"true"}");
Line Deleted : user_pref("CT3287804.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{"dataType":"string","data":"true"}");
Line Deleted : user_pref("CT3287804.Facebook_Mode.enc", "Mg==");
Line Deleted : user_pref("CT3287804.Facebook_User_Locale.enc", "ZW4=");
Line Deleted : user_pref("CT3287804.FirstTime", "true");
Line Deleted : user_pref("CT3287804.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3287804.PG_ENABLE.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287804.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3287804.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3287804.SF_USER_ID.enc", "Y2lkXzk1MjAxMzE5NTMyMjI4MTYxMzk=");
Line Deleted : user_pref("CT3287804.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287804&SearchSource=2&CUI=UN16075096603168327&UM=UM_ID&q=");
Line Deleted : user_pref("CT3287804.UserID", "UN04006430234674429");
Line Deleted : user_pref("CT3287804.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3287804.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3287804.defaultSearch", "true");
Line Deleted : user_pref("CT3287804.embeddedsData", "[{"appId":"130058504608371967","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"insta[...]
Line Deleted : user_pref("CT3287804.enableAlerts", "always");
Line Deleted : user_pref("CT3287804.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3287804.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3287804.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3287804.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3287804.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3287804.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3287804.fixUrls", true);
Line Deleted : user_pref("CT3287804.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Deleted : user_pref("CT3287804.installId", "stub.exe");
Line Deleted : user_pref("CT3287804.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3287804.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3287804.isEnableAllDialogs", "{"dataType":"string","data":"true"}");
Line Deleted : user_pref("CT3287804.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3287804.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3287804.isToolbarShrinked", "{"dataType":"string","data":"false"}");
Line Deleted : user_pref("CT3287804.keyword", true);
Line Deleted : user_pref("CT3287804.lastNewTabSettings", "{"isEnabled":true,"newTabUrl":"hxxp://search.conduit.com/?ctid=CT3287804&octid=CT3287804&SearchSource=15&CUI=UN04006430234674429&SSPV=EB_SSPV&Lay=1&UM=U[...]
Line Deleted : user_pref("CT3287804.lastVersion", "10.14.65.43");
Line Deleted : user_pref("CT3287804.mam_gk_appStateReportTime.enc", "MTM2ODE1NDM4MzM2NQ==");
Line Deleted : user_pref("CT3287804.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3287804.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3287804.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3287804.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3287804.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3287804.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3287804.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3287804.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIxM2RhYWE2YS02NzYwLTQ0NDAtOTJhMy1hYmEwNzliNzI4ZjAiLCJ[...]
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=103&systemid=473&v=a9397-200&apn_dtid=BND473&apn_ptnrs=AG1&apn_uid=5191330570284252&o=APN10640&q=");
Line Deleted :                                                                                                                                                                                                         [...]
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=103&systemid=473&v=a9397-200&apn_dtid=BND473&apn_ptnrs=AG1&apn_uid=5191330570284252&o=APN10640&q=");
 
- Google Chrome v32.0.1700.72
 
[ File : C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultpreferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [24310 octets] - [12/01/2014 14:15:13]
AdwCleaner[S0].txt - [24408 octets] - [12/01/2014 14:15:59]
 
########## EOF - C:AdwCleanerAdwCleaner[S0].txt - [24469 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by dieas on Sun 01/12/2014 at 14:23:00.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTyt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTyt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{37211D63-CCE9-4780-B182-96538CFC6FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{8B9C4F32-044E-491C-893E-362CB8A679D5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{CF2BF214-9D1E-4803-9AEB-38552615FD40}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternetRegistryREGISTRYUSERS-1-5-21-2188790374-365846068-1736179643-1000Softwaresweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingbackupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingbackupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypesetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypesetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypeuninstall_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypeuninstall_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypeupdate_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingetypeupdate_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingmconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingmconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingpricepeep_02042013_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftTracingpricepeep_02042013_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{08D6BFA9-1751-4E72-BF44-3AD519110A15}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{12A81A22-CECF-4DFE-9963-387A79A0A73A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{52db1893-8a90-4192-aede-08e00b8f8473}
Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{5FDC426C-5105-41AB-B682-9DC6056C5F4B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{52db1893-8a90-4192-aede-08e00b8f8473}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:WindowsSystem32TasksUpdater21058.exe
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:Usersdieasappdatalocalcre"
Successfully deleted: [Folder] "C:Usersdieasappdatalocalsolid savings"
Successfully deleted: [Folder] "C:Usersdieasappdatalocallowbeemp3"
Successfully deleted: [Folder] "C:Usersdieasappdatalocallowdatamngr"
Successfully deleted: [Folder] "C:Program Filesfree youtube downloader"
Successfully deleted: [Folder] "C:ProgramDataMicrosoftWindowsStart MenuProgramsbeemp3"
Successfully deleted: [Folder] "C:Windowssystem32ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:UsersdieasAppDataRoamingmozillafirefoxprofiless1rs6wdf.defaultprefs.js
 
d3cuc29jaWFsZ3Jvd3RodGVjaG5vbG9naWVzLmNvbS9jb3Vwb25idWRkeV92MDAzL2luZGV4LnBocD9jdGlkPUVCVE9PTEJBUklEIiwib3B0aW9uc0RpYWxvZyI6eyJkaXNwbGF5TmFtZSI6IkNvdXBvbkJ1ZGR5IiwiYXBwRGVzYyI
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/12/2014 at 14:25:01.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Edited by Timmy, 12 January 2014 - 05:29 PM.


#5 Timmy

Timmy

    Member

  • Members
  • 18 posts

Posted 12 January 2014 - 05:31 PM

First of all, i'd like to thank you for helping me out! So the Bad image error was not there when the computer restarted after the first scan but I did have the same problem occurring with the Blue screen error too and i'll let you know by tomorrow or Tuesday whether or not the problem has been fixed. Thanks a lot again!



#6 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,080 posts
  • Gender:Female


Posted 12 January 2014 - 08:18 PM

That was a lot of adware/malware removed from this machine. My gut instinct tells me theres more.

experience the blue screen error

Next time it happens can you note down the error message?
 
Let's do this:
 
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions.  If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


Please download Farbar Recovery Scan Tool and save it to your Desktop.

(use correct version for your system.....Which system am I using?)


Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#7 Timmy

Timmy

    Member

  • Members
  • 18 posts

Posted 12 January 2014 - 09:07 PM

While I was scanning the Farbar recovery I crashed and it said Bad_Pool_Header but there was a file on the desktop for the scan heres the scan for

Rkill and I couldn't find the Addition.txt I think that might have been because I got the blue screen error while scanning on Farbar.

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/12/2014 05:35:41 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:Windowssystem32UTSCSI.EXE (PID: 636) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/12/2014 05:36:30 PM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)
==================================================
SCAN FOR Farbar
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2014 01
Ran by dieas (administrator) on DIEAS-PC on 12-01-2014 17:38:24
Running from C:UsersdieasDesktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(AMD) C:WindowsSystem32atiesrxx.exe
(AMD) C:WindowsSystem32atieclxx.exe
(Advanced Micro Devices, Inc.) C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
(Apple Inc.) C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
(Malwarebytes Corporation) C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
() C:WindowsSystem32PnkBstrA.exe
(Cisco Consumer Products LLC) C:Program FilesCisco SystemsCisco Valet ConnectorCiscoAdapterSvc.exe
(Skype Technologies S.A.) C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe
(TeamViewer GmbH) C:Program FilesTeamViewerVersion8TeamViewer_Service.exe
(Microsoft Corp.) C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE
(Yahoo! Inc.) C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
(Microsoft Corp.) C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE
(Oracle Corporation) C:Program FilesCommon FilesJavaJava Updatejusched.exe
(Microsoft Corporation) C:Program FilesWindows Sidebarsidebar.exe
() C:Program FilesPando NetworksMedia BoosterPMB.exe
(Skype Technologies S.A.) C:Program FilesSkypePhoneSkype.exe
(Microsoft Corporation) C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM...Run: [QuickTime Task] - C:Program FilesQuickTimeQTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM...Run: [StartCCC] - C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM...Run: [AMD AVT] - C:Program FilesAMD AVTbinkdbsync.exe [20992 2012-03-19] ()
HKLM...Run: [SunJavaUpdateSched] - C:Program FilesCommon FilesJavaJava Updatejusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU...Run: [Pando Media Booster] - C:Program FilesPando NetworksMedia BoosterPMB.exe [4287536 2013-11-07] ()
HKCU...Run: [Facebook Update] - C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe [138096 2013-12-10] (Facebook Inc.)
HKCU...Run: [Skype] - C:Program FilesSkypePhoneSkype.exe [18705664 2013-01-08] (Skype Technologies S.A.)
HKCU...PoliciesExplorer: [NoStartBanner] 0x01
HKCU...PoliciesExplorer: [NoInstrumentation] 0x01
MountPoints2: {74d9f555-1d82-11e3-b94b-001bb9daca70} - J:AUTORUN.EXE
MountPoints2: {b49d22a4-7c40-11e2-a5e5-001bb9daca70} - I:OriginInstaller.exe
IFEOrjatydimofu.exe: [Debugger] tasklist.exe
Startup: C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 127.0.0.1:834
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 0xA0E7B45C7E09CE01
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {97D8FBB1-D540-4CB8-B501-64E76714EB05} URL = http://search.zoneal...Id=&ver=&&r=431
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies)
TcpipParameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
 
FireFox:
========
FF ProfilePath: C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.default
FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:Windowssystem32AdobeDirectornp32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:Windowssystem32npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:Program FilesYahoo!SharednpYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:Program FilesMicrosoft Silverlight5.1.20913.0npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)
FF Plugin: @raidcall.en/RCplugin - C:UsersdieasAppDataRoamingraidcallpluginsnprcplugin.dll (Raidcall)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:Program FilesSkypeWebPluginnpSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 - C:Program FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:Program FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:UsersdieasAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:UsersdieasAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)
FF Extension: FTdownloader V3.0 - C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: Skype Click to Call - C:Program FilesMozilla Firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-24]
FF Extension: No Name - C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2013-03-25]
FF Extension: Skype Click to Call - C:Program FilesMozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-24]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:Program FilesGoogleChromeApplication32.0.1700.72PepperFlashpepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:Program FilesGoogleChromeApplication32.0.1700.72ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:Program FilesGoogleChromeApplication32.0.1700.72pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:Program FilesGoogleUpdate1.3.21.153npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:UsersdieasAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Raidcall plugin) - C:UsersdieasAppDataRoamingraidcallpluginsnprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave for Director) - C:Windowssystem32AdobeDirectornp32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:Windowssystem32MacromedFlashNPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:Windowssystem32npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll No File
CHR Extension: (AdBlock) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom2.6.16_0 [2013-11-30]
CHR Extension: (Google Wallet) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda0.0.6.0_0 [2014-01-12]
CHR Extension: (ShopperPro) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsojhagnahfpegocdhlopgljpaafeogmcc1.0.1.1_0 [2014-01-02]
CHR HKLM...ChromeExtension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx [2014-01-02]
CHR HKLM...ChromeExtension: [elnbpjcckofijioeebipepekepoceodh] - C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx [2014-01-02]
CHR HKLM...ChromeExtension: [hekjaeahnjpgfmfbmiboahofcnefofkp] - C:ProgramDataBeeMP3hekjaeahnjpgfmfbmiboahofcnefofkp.crx [2014-01-02]
CHR HKLM...ChromeExtension: [ibclbohbddcmmaaobgjamgbfbchjdfae] - C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx [2014-01-02]
CHR HKLM...ChromeExtension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx [2014-01-02]
CHR HKLM...ChromeExtension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:Program FilesSkypeToolbarsSkype for Chromiumskype_chrome_extension.crx [2014-01-02]
CHR HKLM...ChromeExtension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx [2014-01-02]
CHR HKLM...ChromeExtension: [oleomanaehojaiigacblenknbkhfdicd] - C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx [2014-01-02]
CHR HKCU...ChromeExtension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx [2014-01-02]
CHR HKCU...ChromeExtension: [elnbpjcckofijioeebipepekepoceodh] - C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx [2014-01-02]
CHR HKCU...ChromeExtension: [ibclbohbddcmmaaobgjamgbfbchjdfae] - C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx [2014-01-02]
CHR HKCU...ChromeExtension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx [2014-01-02]
CHR HKCU...ChromeExtension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx [2014-01-02]
CHR HKCU...ChromeExtension: [oleomanaehojaiigacblenknbkhfdicd] - C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx [2014-01-02]
CHR HKLMSOFTWAREPoliciesGoogle: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [291840 2012-07-04] (Advanced Micro Devices, Inc.)
S3 Disc Soft Bus Service; C:Program FilesDAEMON Tools UltraDiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd)
R2 MBAMScheduler; C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 OpenVPNAccessClient; C:Program FilesOpenVPN TechnologiesPrivateTunnelcorecapiws.exe [24064 2012-12-14] ()
R2 PnkBstrA; C:Windowssystem32PnkBstrA.exe [76888 2013-07-02] ()
R2 RaAutoInstSrv_AM10; C:Program FilesCisco SystemsCisco Valet ConnectorCiscoAdapterSvc.exe [529024 2010-05-28] (Cisco Consumer Products LLC)
R2 Skype C2C Service; C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
S2 UTSCSI; C:Windowssystem32UTSCSI.EXE [45056 2013-08-12] ()
 
==================== Drivers (Whitelisted) ====================
 
R3 AM10; C:WindowsSystem32DRIVERSam10w7.sys [841504 2010-03-22] (Ralink Technology Corp.)
R3 dtscsibus; C:WindowsSystem32DRIVERSdtscsibus.sys [24704 2013-09-14] (Disc Soft Ltd)
S3 hamachi; C:WindowsSystem32DRIVERShamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 LUsbFilt; C:WindowsSystem32DriversLUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
S3 ManyCam; C:WindowsSystem32DRIVERSmcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:Windowssystem32driversmbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:WindowsSystem32driversmcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
S3 SCREAMINGBDRIVER; C:WindowsSystem32driversScreamingBAudio.sys [34896 2012-07-31] (Screaming Bee LLC)
R3 tap0901; C:WindowsSystem32DRIVERStap0901.sys [26624 2011-07-01] (The OpenVPN Project)
S3 taphss6; C:WindowsSystem32DRIVERStaphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
S3 tenCapture; C:WindowsSystem32DRIVERStenCapture.sys [20664 2012-07-20] (Hajo Krabbenhöft)
R3 VCSVADHWSer; C:WindowsSystem32DRIVERSvcsvad.sys [17792 2008-12-26] (Avnex)
S3 EagleXNt; ??C:Windowssystem32driversEagleXNt.sys [x]
S3 XDva405; ??C:Windowssystem32XDva405.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-12 17:38 - 2014-01-12 17:38 - 00016912 _____ C:UsersdieasDesktopFRST.txt
2014-01-12 17:38 - 2014-01-12 17:38 - 00000000 ____D C:FRST
2014-01-12 17:35 - 2014-01-12 17:36 - 00002116 _____ C:UsersdieasDesktopRkill.txt
2014-01-12 17:35 - 2014-01-12 17:34 - 01219584 _____ (Farbar) C:UsersdieasDesktopFRST.exe
2014-01-12 17:34 - 2014-01-12 17:34 - 01219584 _____ (Farbar) C:UsersdieasDownloadsFRST.exe
2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDownloadsrkill.exe
2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDesktoprkill.exe
2014-01-12 14:25 - 2014-01-12 14:25 - 00005111 _____ C:UsersdieasDesktopJRT.txt
2014-01-12 14:22 - 2014-01-12 14:22 - 00000000 ____D C:WindowsERUNT
2014-01-12 14:15 - 2014-01-12 14:16 - 00000000 ____D C:AdwCleaner
2014-01-12 14:14 - 2014-01-12 14:14 - 01236282 _____ C:UsersdieasDownloadsadwcleaner (1).exe
2014-01-12 13:05 - 2014-01-12 13:06 - 00144136 _____ C:WindowsMinidump011214-26535-01.dmp
2014-01-08 19:46 - 2014-01-12 12:56 - 00000000 __SHD C:found.000
2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDownloadsJRT.exe
2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDesktopJRT.exe
2014-01-08 15:52 - 2014-01-08 15:52 - 01233962 _____ C:UsersdieasDownloadsAdwCleaner.exe
2014-01-08 15:49 - 2014-01-12 14:10 - 00000000 ____D C:UsersdieasDesktopArticles
2014-01-08 07:25 - 2014-01-08 07:25 - 00144136 _____ C:WindowsMinidump010814-18610-01.dmp
2014-01-07 08:37 - 2014-01-07 08:38 - 00131072 _____ C:WindowsMinidump010714-20311-01.dmp
2014-01-06 23:13 - 2013-10-24 20:45 - 01767936 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll
2014-01-06 23:13 - 2013-10-24 20:45 - 00042496 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe
2014-01-06 23:13 - 2013-10-24 20:44 - 14356992 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll
2014-01-06 23:13 - 2013-10-24 20:44 - 01140736 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 13761536 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 02877952 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 02049024 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00690688 _____ (Microsoft Corporation) C:Windowssystem32jscript.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00493056 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00391168 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00109056 _____ (Microsoft Corporation) C:Windowssystem32iesysprep.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00061440 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00039424 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00033280 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll
2014-01-06 23:13 - 2013-10-24 19:41 - 02706432 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb
2014-01-06 23:13 - 2013-10-24 18:49 - 00071680 _____ (Microsoft Corporation) C:Windowssystem32RegisterIEPKEYs.exe
2014-01-06 20:53 - 2014-01-06 20:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:UsersdieasDownloadsmbam-setup-1.75.0.1300.exe
2014-01-06 20:42 - 2014-01-12 17:38 - 00000000 ____D C:UsersdieasAppDataLocalPMB Files
2014-01-05 20:31 - 2014-01-05 20:37 - 67919957 _____ C:UsersdieasDownloadsFamily.Guy.S12E09.HDTV.x264-LOL.mp4
2014-01-05 20:23 - 2014-01-12 14:11 - 00000000 ____D C:UsersdieasDesktopMovies
2014-01-03 23:00 - 2014-01-03 23:00 - 00005309 _____ C:UsersdieasDownloadsfree ebookkk.txt
2014-01-03 17:11 - 2014-01-03 17:17 - 00000000 ____D C:UsersdieasDesktopRegCure Pro 3.1.6.0
2014-01-03 14:23 - 2014-01-03 14:23 - 00039424 ___SH C:UsersdieasAppDataRoamingThumbs.db
2014-01-02 00:18 - 2014-01-03 13:54 - 00000000 ____D C:UsersPublicDocumentsGOOBZO
2014-01-02 00:17 - 2014-01-03 13:55 - 00000000 ____D C:Program FilesShopperPro
2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:UsersdieasDocumentsMy Received Files
2013-12-29 20:07 - 2014-01-06 20:36 - 00000000 ____D C:Program FilesCommon FilesSkype
2013-12-29 20:07 - 2013-12-29 20:07 - 00002503 _____ C:UsersPublicDesktopSkype.lnk
2013-12-29 19:34 - 2013-12-29 19:34 - 20717568 _____ C:UsersdieasDownloadsSkypeSetup_6.1.0.129.msi
2013-12-29 19:33 - 2013-10-08 06:51 - 00873384 _____ (Oracle Corporation) C:Windowssystem32npDeployJava1.dll
2013-12-29 19:33 - 2013-10-08 06:51 - 00796072 _____ (Oracle Corporation) C:Windowssystem32deployJava1.dll
2013-12-29 19:33 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:Windowssystem32javaws.exe
2013-12-29 19:33 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:Windowssystem32javaw.exe
2013-12-29 19:33 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:Windowssystem32java.exe
2013-12-29 19:31 - 2013-12-29 19:32 - 31175144 _____ (Oracle Corporation) C:UsersdieasDownloadsjre-7u7-windows-i586.exe
2013-12-29 19:21 - 2013-12-29 19:21 - 18124080 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x86-enu.exe
2013-12-29 19:20 - 2013-12-29 19:20 - 36380976 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x64-enu.exe
2013-12-24 01:18 - 2014-01-12 13:06 - 00000470 _____ C:WindowsTasksParetoLogic Update Version3 Startup Task.job
 
==================== One Month Modified Files and Folders =======
 
2014-01-12 17:38 - 2014-01-12 17:38 - 00016912 _____ C:UsersdieasDesktopFRST.txt
2014-01-12 17:38 - 2014-01-12 17:38 - 00000000 ____D C:FRST
2014-01-12 17:38 - 2014-01-06 20:42 - 00000000 ____D C:UsersdieasAppDataLocalPMB Files
2014-01-12 17:37 - 2013-08-28 10:43 - 00000000 ____D C:UsersdieasAppDataLocalGC
2014-01-12 17:36 - 2014-01-12 17:35 - 00002116 _____ C:UsersdieasDesktopRkill.txt
2014-01-12 17:34 - 2014-01-12 17:35 - 01219584 _____ (Farbar) C:UsersdieasDesktopFRST.exe
2014-01-12 17:34 - 2014-01-12 17:34 - 01219584 _____ (Farbar) C:UsersdieasDownloadsFRST.exe
2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDownloadsrkill.exe
2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDesktoprkill.exe
2014-01-12 17:30 - 2013-02-16 15:09 - 00000884 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job
2014-01-12 17:30 - 2013-02-16 15:09 - 00000880 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job
2014-01-12 17:27 - 2013-02-16 16:09 - 00000830 _____ C:WindowsTasksAdobe Flash Player Updater.job
2014-01-12 17:27 - 2013-02-12 15:53 - 01320139 _____ C:WindowsWindowsUpdate.log
2014-01-12 15:40 - 2013-12-10 21:35 - 00000928 _____ C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000UA.job
2014-01-12 14:25 - 2014-01-12 14:25 - 00005111 _____ C:UsersdieasDesktopJRT.txt
2014-01-12 14:24 - 2009-07-13 20:34 - 00014544 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 14:24 - 2009-07-13 20:34 - 00014544 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 14:22 - 2014-01-12 14:22 - 00000000 ____D C:WindowsERUNT
2014-01-12 14:22 - 2013-02-12 15:58 - 00795378 _____ C:Windowssystem32PerfStringBackup.INI
2014-01-12 14:18 - 2013-03-10 11:54 - 00000000 ____D C:UsersdieasAppDataRoamingSkype
2014-01-12 14:17 - 2013-09-28 06:14 - 00008568 _____ C:Windowssetupact.log
2014-01-12 14:17 - 2009-07-13 20:53 - 00000006 ____H C:WindowsTasksSA.DAT
2014-01-12 14:16 - 2014-01-12 14:15 - 00000000 ____D C:AdwCleaner
2014-01-12 14:16 - 2013-05-26 17:14 - 00000000 ____D C:UsersdieasAppDataRoamingCheckPoint
2014-01-12 14:14 - 2014-01-12 14:14 - 01236282 _____ C:UsersdieasDownloadsadwcleaner (1).exe
2014-01-12 14:11 - 2014-01-05 20:23 - 00000000 ____D C:UsersdieasDesktopMovies
2014-01-12 14:11 - 2013-12-01 12:09 - 00000000 ____D C:UsersdieasDesktopFireworks
2014-01-12 14:11 - 2013-07-13 16:27 - 00000000 ____D C:UsersdieasDesktopFolders
2014-01-12 14:10 - 2014-01-08 15:49 - 00000000 ____D C:UsersdieasDesktopArticles
2014-01-12 13:06 - 2014-01-12 13:05 - 00144136 _____ C:WindowsMinidump011214-26535-01.dmp
2014-01-12 13:06 - 2013-12-24 01:18 - 00000470 _____ C:WindowsTasksParetoLogic Update Version3 Startup Task.job
2014-01-12 13:05 - 2013-10-11 15:21 - 273350697 _____ C:WindowsMEMORY.DMP
2014-01-12 13:05 - 2013-03-16 19:46 - 00000000 ____D C:WindowsMinidump
2014-01-12 12:58 - 2013-08-26 15:42 - 00000000 ____D C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsHyperCam 2
2014-01-12 12:58 - 2013-02-12 15:57 - 00000000 ____D C:Usersdieas
2014-01-12 12:56 - 2014-01-08 19:46 - 00000000 __SHD C:found.000
2014-01-12 12:56 - 2013-09-02 20:53 - 00000000 ____D C:ProgramDataPMB Files
2014-01-12 12:56 - 2013-06-30 17:22 - 00000000 ____D C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsImage-Line
2014-01-12 12:56 - 2013-06-08 13:28 - 00000000 ____D C:Program FilesRaidCall
2014-01-12 12:56 - 2013-03-28 13:51 - 00000000 ____D C:Program FilesMalwarebytes' Anti-Malware
2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowssystem32wfp
2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowsrescache
2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowsregistration
2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:WindowsAppCompat
2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Program FilesCommon Filesmicrosoft shared
2014-01-10 22:01 - 2013-05-29 14:39 - 00000000 ____D C:UsersdieasAppDataLocalCrashDumps
2014-01-09 15:43 - 2013-09-18 20:30 - 00000000 ____D C:UsersdieasDesktopSchool
2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDownloadsJRT.exe
2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDesktopJRT.exe
2014-01-08 15:52 - 2014-01-08 15:52 - 01233962 _____ C:UsersdieasDownloadsAdwCleaner.exe
2014-01-08 07:25 - 2014-01-08 07:25 - 00144136 _____ C:WindowsMinidump010814-18610-01.dmp
2014-01-07 21:50 - 2013-12-10 21:35 - 00000906 _____ C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000Core.job
2014-01-07 08:38 - 2014-01-07 08:37 - 00131072 _____ C:WindowsMinidump010714-20311-01.dmp
2014-01-07 06:57 - 2013-09-28 06:13 - 00178498 _____ C:WindowsPFRO.log
2014-01-07 06:57 - 2009-07-13 20:52 - 00000000 ____D C:Windowsaddins
2014-01-06 20:55 - 2013-03-28 13:51 - 00001027 _____ C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk
2014-01-06 20:53 - 2014-01-06 20:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:UsersdieasDownloadsmbam-setup-1.75.0.1300.exe
2014-01-06 20:43 - 2013-02-19 20:31 - 00000000 ____D C:UsersdieasAppDataRoaminguTorrent
2014-01-06 20:38 - 2013-09-14 21:01 - 00000000 ____D C:Program FilesDAEMON Tools Ultra
2014-01-06 20:36 - 2013-12-29 20:07 - 00000000 ____D C:Program FilesCommon FilesSkype
2014-01-06 20:36 - 2013-11-05 00:29 - 00000000 ____D C:Program FilesSkypeWebPlugin
2014-01-06 20:36 - 2013-11-02 13:25 - 00000000 ___RD C:Program FilesSkype
2014-01-06 20:36 - 2013-10-09 21:14 - 00000000 ____D C:Program FilesProject64 2.0
2014-01-06 20:36 - 2013-10-05 12:23 - 00000000 ____D C:Usersdieasjagexcache
2014-01-06 20:36 - 2013-09-28 12:03 - 00000000 ____D C:Program FilesRegistry Winner
2014-01-06 20:36 - 2013-09-14 21:01 - 00000000 ____D C:UsersdieasAppDataRoamingDAEMON Tools Ultra
2014-01-06 20:36 - 2013-09-02 20:53 - 00000000 ____D C:UsersdieasAppDataRoamingRiot Games
2014-01-06 20:36 - 2013-08-26 15:42 - 00000000 ____D C:Program FilesHyperCam 2
2014-01-06 20:36 - 2013-08-20 21:37 - 00000000 ____D C:Usersdieas.PowerScape
2014-01-06 20:36 - 2013-08-11 00:13 - 00000000 ____D C:Usersdieasrs3cachev4
2014-01-06 20:36 - 2013-06-30 17:22 - 00000000 ____D C:Program FilesVstPlugins
2014-01-06 20:36 - 2013-06-30 17:22 - 00000000 ____D C:Program FilesOutsim
2014-01-06 20:36 - 2013-06-16 12:34 - 00000000 ____D C:Program FilesMicrosoft Expression
2014-01-06 20:36 - 2013-05-28 18:04 - 00000000 ____D C:UsersdieasAppDataRoamingBANDISOFT
2014-01-06 20:36 - 2013-05-28 18:02 - 00000000 ____D C:Program FilesBandicam
2014-01-06 20:36 - 2013-05-26 17:15 - 00000000 ____D C:Fraps
2014-01-06 20:36 - 2013-03-31 16:17 - 00000000 ____D C:Program FilesSecurityKISS Tunnel
2014-01-06 20:36 - 2013-03-10 11:53 - 00000000 ____D C:ProgramDataSkype
2014-01-06 20:36 - 2013-02-19 20:06 - 00000000 ____D C:Program FilesPando Networks
2014-01-06 20:36 - 2013-02-16 16:02 - 00000000 ____D C:UsersdieasAppDataRoaming.minecraft
2014-01-06 20:33 - 2009-07-13 18:37 - 00000000 ___RD C:UsersPublic
2014-01-06 20:29 - 2013-08-26 12:31 - 00000000 ____D C:Program FilesOpenVPN Technologies
2014-01-06 20:29 - 2013-05-29 14:21 - 00000000 ____D C:Program FilesWindows Live
2014-01-06 20:28 - 2013-06-30 17:17 - 00000000 ____D C:Program FilesImage-Line
2014-01-06 20:27 - 2013-05-29 14:19 - 00000000 ____D C:Program FilesCommon FilesWindows Live
2014-01-06 20:01 - 2013-05-29 14:27 - 00000000 ____D C:UsersdieasTracing
2014-01-05 20:37 - 2014-01-05 20:31 - 67919957 _____ C:UsersdieasDownloadsFamily.Guy.S12E09.HDTV.x264-LOL.mp4
2014-01-03 23:00 - 2014-01-03 23:00 - 00005309 _____ C:UsersdieasDownloadsfree ebookkk.txt
2014-01-03 17:17 - 2014-01-03 17:11 - 00000000 ____D C:UsersdieasDesktopRegCure Pro 3.1.6.0
2014-01-03 14:23 - 2014-01-03 14:23 - 00039424 ___SH C:UsersdieasAppDataRoamingThumbs.db
2014-01-03 14:19 - 2013-02-19 16:25 - 00000000 ____D C:UsersdieasDocumentsMy Games
2014-01-03 13:55 - 2014-01-02 00:17 - 00000000 ____D C:Program FilesShopperPro
2014-01-03 13:54 - 2014-01-02 00:18 - 00000000 ____D C:UsersPublicDocumentsGOOBZO
2014-01-03 13:24 - 2013-10-09 20:19 - 00006466 _____ C:Usersdieasovpntray.log
2013-12-31 19:27 - 2013-10-05 12:23 - 00000024 _____ C:Usersdieasrandom.dat
2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:UsersdieasDocumentsMy Received Files
2013-12-30 22:46 - 2013-05-29 14:20 - 00000000 ____D C:UsersdieasAppDataLocalWindows Live
2013-12-29 20:07 - 2013-12-29 20:07 - 00002503 _____ C:UsersPublicDesktopSkype.lnk
2013-12-29 19:34 - 2013-12-29 19:34 - 20717568 _____ C:UsersdieasDownloadsSkypeSetup_6.1.0.129.msi
2013-12-29 19:32 - 2013-12-29 19:31 - 31175144 _____ (Oracle Corporation) C:UsersdieasDownloadsjre-7u7-windows-i586.exe
2013-12-29 19:32 - 2013-03-05 23:18 - 00000000 ____D C:Program FilesJava
2013-12-29 19:21 - 2013-12-29 19:21 - 18124080 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x86-enu.exe
2013-12-29 19:20 - 2013-12-29 19:20 - 36380976 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x64-enu.exe
2013-12-29 15:02 - 2013-05-26 17:34 - 00007168 _____ C:UsersdieasAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-29 14:10 - 2013-11-07 17:08 - 00000000 ____D C:UsersdieasDocumentsCamtasia Studio
2013-12-29 01:18 - 2013-09-28 12:03 - 00000404 _____ C:WindowsTasksRegistry Winner Schedule.job

============================================================================================================



#8 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,080 posts
  • Gender:Female


Posted 13 January 2014 - 05:50 AM

We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.
Our colleague miekiemoes has an excellent writeup here
http://miekiemoes.bl...weaking_13.html

We suggest uninstalling them via Add or Remove Programs in your Control Panel.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

P2P software/programs are a major contributor to infections. I see you have uTorrent. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
MountPoints2: {74d9f555-1d82-11e3-b94b-001bb9daca70} - J:AUTORUN.EXE
MountPoints2: {b49d22a4-7c40-11e2-a5e5-001bb9daca70} - I:OriginInstaller.exe
IFEOrjatydimofu.exe: [Debugger] tasklist.exe
SearchScopes: HKLM - DefaultScope value is missing
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
CHR Extension: (ShopperPro) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsojhagnahfpegocdhlopgljpaafeogmcc1.0.1.1_0 [2014-01-02]
CHR HKLM...ChromeExtension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx [2014-01-02]
CHR HKLM...ChromeExtension: [elnbpjcckofijioeebipepekepoceodh] - C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx [2014-01-02]
CHR HKLM...ChromeExtension: [hekjaeahnjpgfmfbmiboahofcnefofkp] - C:ProgramDataBeeMP3hekjaeahnjpgfmfbmiboahofcnefofkp.crx [2014-01-02]
CHR HKLM...ChromeExtension: [ibclbohbddcmmaaobgjamgbfbchjdfae] - C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx [2014-01-02]
CHR HKLM...ChromeExtension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx [2014-01-02]
CHR HKLM...ChromeExtension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx [2014-01-02]
CHR HKLM...ChromeExtension: [oleomanaehojaiigacblenknbkhfdicd] - C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx [2014-01-02]
CHR HKCU...ChromeExtension: [cpoooaodibfldhiobnmnjliddplmekeb] - C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx [2014-01-02]
CHR HKCU...ChromeExtension: [elnbpjcckofijioeebipepekepoceodh] - C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx [2014-01-02]
CHR HKCU...ChromeExtension: [ibclbohbddcmmaaobgjamgbfbchjdfae] - C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx [2014-01-02]
CHR HKCU...ChromeExtension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx [2014-01-02]
CHR HKCU...ChromeExtension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx [2014-01-02]
CHR HKCU...ChromeExtension: [oleomanaehojaiigacblenknbkhfdicd] - C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx [2014-01-02]
CHR HKLMSOFTWAREPoliciesGoogle: Policy restriction <======= ATTENTION
C:Program FilesShopperPro
C:UsersdieasAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:WindowsTasksRegistry Winner Schedule.job
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please post the log created for my review.
Tell me what the computer is doing now.
Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#9 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,080 posts
  • Gender:Female


Posted 13 January 2014 - 11:08 AM

also, please see if you can find Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#10 Timmy

Timmy

    Member

  • Members
  • 18 posts

Posted 13 January 2014 - 06:53 PM

also, please see if you can find Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

I don't really use uTorrent it is just there I really never used it except for a few times. Also can you post a screenshot to tell me where to find the Addition.txt because I don't really know what you are talking about it'd be a great help. Here is the fixlog for FRST---

 
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{74d9f555-1d82-11e3-b94b-001bb9daca70} => Key deleted successfully.
HKCRCLSID{74d9f555-1d82-11e3-b94b-001bb9daca70} => Key not found.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{b49d22a4-7c40-11e2-a5e5-001bb9daca70} => Key deleted successfully.
HKCRCLSID{b49d22a4-7c40-11e2-a5e5-001bb9daca70} => Key not found.
HKLMSoftwaremicrosoftwindows ntcurrentversionImage File Execution Optionsrjatydimofu.exe => Key deleted successfully.
HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope => Value was restored successfully.
HKCRPROTOCOLSHandlerlivecall => Key deleted successfully.
HKCRCLSID{828030A1-22C1-4009-854F-8E305202313F} => Key deleted successfully.
HKCRPROTOCOLSHandlermsnim => Key deleted successfully.
HKCRCLSID{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsojhagnahfpegocdhlopgljpaafeogmcc directory not found.
HKLMSOFTWAREGoogleChromeExtensionscpoooaodibfldhiobnmnjliddplmekeb => Key deleted successfully.
"C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx" => File/Directory not found.
HKLMSOFTWAREGoogleChromeExtensionselnbpjcckofijioeebipepekepoceodh => Key deleted successfully.
"C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx" => File/Directory not found.
HKLMSOFTWAREGoogleChromeExtensionshekjaeahnjpgfmfbmiboahofcnefofkp => Key deleted successfully.
"C:ProgramDataBeeMP3hekjaeahnjpgfmfbmiboahofcnefofkp.crx" => File/Directory not found.
HKLMSOFTWAREGoogleChromeExtensionsibclbohbddcmmaaobgjamgbfbchjdfae => Key deleted successfully.
"C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx" => File/Directory not found.
HKLMSOFTWAREGoogleChromeExtensionsklibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully.
"C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
HKLMSOFTWAREGoogleChromeExtensionslonndllmbldmmoefheenkmgkencnkdkh => Key deleted successfully.
"C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx" => File/Directory not found.
HKLMSOFTWAREGoogleChromeExtensionsoleomanaehojaiigacblenknbkhfdicd => Key deleted successfully.
"C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx" => File/Directory not found.
HKCUSOFTWAREGoogleChromeExtensionscpoooaodibfldhiobnmnjliddplmekeb => Key deleted successfully.
"C:UsersdieasAppDataLocalCREcpoooaodibfldhiobnmnjliddplmekeb.crx" => File/Directory not found.
HKCUSOFTWAREGoogleChromeExtensionselnbpjcckofijioeebipepekepoceodh => Key deleted successfully.
"C:UsersdieasAppDataLocalCREelnbpjcckofijioeebipepekepoceodh.crx" => File/Directory not found.
HKCUSOFTWAREGoogleChromeExtensionsibclbohbddcmmaaobgjamgbfbchjdfae => Key deleted successfully.
"C:UsersdieasAppDataLocalCREibclbohbddcmmaaobgjamgbfbchjdfae.crx" => File/Directory not found.
HKCUSOFTWAREGoogleChromeExtensionsklibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully.
"C:UsersdieasAppDataLocalCREklibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
HKCUSOFTWAREGoogleChromeExtensionslonndllmbldmmoefheenkmgkencnkdkh => Key deleted successfully.
"C:UsersdieasAppDataLocalCRElonndllmbldmmoefheenkmgkencnkdkh.crx" => File/Directory not found.
HKCUSOFTWAREGoogleChromeExtensionsoleomanaehojaiigacblenknbkhfdicd => Key deleted successfully.
"C:UsersdieasAppDataLocalCREoleomanaehojaiigacblenknbkhfdicd.crx" => File/Directory not found.
HKLMSOFTWAREPoliciesGoogle => Key deleted successfully.
C:Program FilesShopperPro => Moved successfully.
C:UsersdieasAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:WindowsTasksRegistry Winner Schedule.job => Moved successfully.
 
==== End of Fixlog ====
 
=============================================================
 
ALSO MY COMPUTER HAD BEEN CRASHING YESTERDAY BUT I'LL GIVE YOU A REPORT THE NEXT TIME MY COMPUTER CRASHES.


#11 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,080 posts
  • Gender:Female


Posted 13 January 2014 - 07:04 PM

When FRST is first run 2 logs should had been created FRST.txt and Addition.txt.
I guess it's possible yours didn't create.

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then restart the computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
This next scan can take quite a while to run and scan your computer. Please be patient.

Go here to run an online scanner from ESET.

No need to download the Free Trial offer
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#12 Timmy

Timmy

    Member

  • Members
  • 18 posts

Posted 14 January 2014 - 01:04 AM

When FRST is first run 2 logs should had been created FRST.txt and Addition.txt.
I guess it's possible yours didn't create.

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then restart the computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
This next scan can take quite a while to run and scan your computer. Please be patient.

Go [color=#FF0000;]here[/color] to run an online scanner from [color=#0000FF;]ESET.[/color]

No need to download the Free Trial offer


    [*]Turn off the real time scanner of any existing antivirus program while performing the online scan
    [*]Tick the box next to YES, I accept the Terms of Use.
    [*]Click Start
    [*]When asked, allow the activeX control to install
    [*]Click Start
    [*]Make sure that the option Remove found threats is [color=#FF0000;]unticked[/color] and the Scan Archives option is ticked.
    [*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    [*]Click Scan
    [*]Wait for the scan to finish
    [*]When the scan completes, press the LIST OF THREATS FOUND button
    [*]Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    [*]Include the contents of this report in your next reply.
    [*]Press the BACK button.
    [*]Press Finish
    [/list]

     

I have to do the online scanner tom I cant run anything without crashing :S



#13 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,080 posts
  • Gender:Female


Posted 14 January 2014 - 05:22 AM

Have you experimented to see if it crashes in safe mode too? Please run FRST again for fresh review. Thanks.

Edited by Juliet, 14 January 2014 - 05:34 AM.

Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#14 Timmy

Timmy

    Member

  • Members
  • 18 posts

Posted 14 January 2014 - 09:22 PM

Once it was crashing really bad and I tried it in safe mode it didn't crash I restored computer at that point than. I found the Addition.txt it wasn't made the first time I did the scan i'll repost both of the logs here Addition.txt first---

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2014
Ran by dieas at 2014-01-14 18:18:27
Running from C:UsersdieasDesktopComputer Fix
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.5.146 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.30424 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80424.1301 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ASIO4ALL (Version: 2.11 Beta2 - Michael Tippach)
Camtasia Studio 8 (Version: 8.1.2.1327 - TechSmith Corporation)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden
CINEMA 4D R14 (Version:  - )
Cisco Valet Connector (Version: 1.2.10148.2 - Cisco Consumer Products LLC)
Combat Arms (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (Version:  - )
Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited)
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0 - )
Fraps (remove only) (Version:  - )
Free YouTube Downloader 3.5.138 (Version:  - HOW Inc.)
FSFDT FSCopilot (Version:  - )
FSFDT FSInn (Version:  - )
GC (Version:  - )
Google Chrome (Version: 32.0.1700.72 - Google Inc.)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Gyazo 1.2 (Version:  - Nota Inc. & Toshiyuki Masui)
iTunes (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java 7 Update 7 (Version: 7.0.70 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (Version: 6.0.240 - Oracle)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden
MixPad (Version:  - NCH Software)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2 - Mozilla)
Mozilla Maintenance Service (Version: 19.0.2 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nexon Game Manager (Version:  - )
Nexon Launcher (Version: 1.1.1 - Nexon)
PDFCreator (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Project 64 version 2.0.0.14 (Version: 2.0.0.14 - )
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RaidCall (Version: 7.2.4-1.0.7299.14 - raidcall.com)
Realtek High Definition Audio Driver (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
SecurityKISS Tunnel v0.3.0 (Version:  - )
Skype Web Plugin (Version: 2.3.12417.17599 - Skype Technologies S.A.)
Speccy (Version: 1.22 - Piriform)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (Version: 6.0.7.0 - Husdawg, LLC)
Unity Web Player (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Vegas Pro 11.0 (Version: 11.0.700 - Sony)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Messenger (Version:  - Yahoo! Inc.)
Yahoo! Software Update (Version:  - )
Yahoo! Toolbar (Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
09-01-2014 03:56:33 Windows Backup
09-01-2014 03:58:25 Restore Operation
09-01-2014 04:10:18 Windows Update
09-01-2014 07:54:12 Windows Update
12-01-2014 02:24:47 Restore Operation
12-01-2014 21:11:34 Windows Update
13-01-2014 03:26:02 Windows Backup
13-01-2014 23:56:50 Removed PrivateTunnel
13-01-2014 23:58:00 Removed Skype™ 6.1
14-01-2014 00:02:20 Removed PrivateTunnel
14-01-2014 00:05:24 Removed Skype Click to Call
 
==================== Hosts content: ==========================
 
2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:Windowssystem32Driversetchosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0C66642B-DC2E-4235-9963-C92CFCA2D672} - System32Tasks{4DA66A93-4C4C-4FF7-A4FF-3DDB1A55CB88} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon)
Task: {13853900-3EEE-451C-A8D9-D6CAAF9768D8} - System32Tasks{1D8BBB79-4EA5-461F-95BC-7744D67E6168} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe
Task: {13C1926F-B32E-4468-A7DA-AD30415EEC01} - System32TasksGamesUpdateCheck_S-1-5-21-2188790374-365846068-1736179643-1000
Task: {1981DE7D-ED4E-4C4A-A7D5-7341807528AB} - System32TasksGoogleUpdateTaskMachineCore => C:Program FilesGoogleUpdateGoogleUpdate.exe [2013-02-16] (Google Inc.)
Task: {1E35865C-05F8-417B-986A-F3DC4C9BD397} - System32Tasks{C2EDC902-8D59-4CDB-B81F-4A2841C571F5} => C:UsersdieasDesktopPerX by xKickAss.exe
Task: {1EB551CD-D264-4568-BC1C-94A7DB9E09B0} - System32TasksGoogleUpdateTaskMachineUA => C:Program FilesGoogleUpdateGoogleUpdate.exe [2013-02-16] (Google Inc.)
Task: {200C5013-85B0-4E24-A7C0-FD45C0C8F171} - System32Tasks{C4529400-B010-44DD-9BA4-7B130AFA217A} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon)
Task: {292B3DD4-3C9F-4D5D-BF28-D1E673BA519C} - System32Tasks{E6C8CAD1-9FD1-46D8-AC11-F7B43BEDB2AD} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe
Task: {2B37B6C5-7237-48B9-9BDF-954DD82A9B59} - System32Tasks{162A617B-C611-4702-88A1-BEDD41E02764} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon)
Task: {30D46FEB-E127-4EBB-9C40-45E0226D6697} - System32Tasks{1594C41D-1C98-4B14-B840-AE74D52FC106} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe
Task: {331309E0-D1AF-44CA-BC0F-D3315CA6B4F7} - System32TasksUP_Scheduler => %LOCALAPPDATA%GCupdater.exe
Task: {3A43B77D-154F-4E04-83F9-BC0D0D4334BB} - System32TasksOpen URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NICMJNDJCMKJBJ"
Task: {3CA73F88-0AEF-452E-940E-F38D5793658A} - System32TasksRun RoboForm TaskBar Icon => C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe
Task: {4BD0D6A2-A628-44F1-8A8C-37D790287AAF} - System32Tasks{360B0BA4-EA8A-4226-B7F4-90B57AAA6053} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe
Task: {6A294E74-DB17-4CCA-9A39-17D12ABF4C5A} - System32Tasks{AD04FF78-0403-429F-AC78-30B1D40BF84B} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon)
Task: {6C2B686E-877F-49FD-9B94-0E0015F168F7} - System32Tasks{EE799576-FECE-41DF-AAC0-6F3DD888D836} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon)
Task: {6E48A0F5-09C0-40DE-AD4C-175F90F7D5DB} - System32Tasks{2EF9160C-DD0F-4F10-9DD5-4C4223347F82} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe
Task: {7021CF3D-FCC1-47C7-975F-6A25DC241B6E} - System32Tasks{231A8FB3-BDFC-482C-BF02-377AA9FCCBF8} => C:Program FilesBattlefield 3__Installervcvc2008sp1redistvcredist_x64.exe
Task: {704B855B-B193-49B0-B49D-D1FA2E09223D} - System32Tasks{4E15776C-4FA4-4FA3-9DB2-4312F7F1893D} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe
Task: {72A48A62-5491-4F48-9CE8-1D34538F14AD} - System32TasksRegistry Winner Schedule => C:Program FilesRegistry WinnerRegistryWinner.exe [2013-09-28] (RegistryWinner.com)
Task: {86B0F660-5404-464E-B9E1-9D053CBC3808} - System32Tasks{4248BB50-CAE8-4357-8980-D834A4E934B5} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe
Task: {8F0F262F-58DD-457C-9415-110D65F709B0} - System32Tasks{92311F1F-40E3-4225-8A2D-EEC160F61CB0} => C:Program FilesSkypePhoneSkype.exe
Task: {91BD9435-99D6-4E0D-94A5-F71A83FA53A6} - System32TasksGC_Scheduler => %LOCALAPPDATA%GCRunner.exe
Task: {9F511446-D6A9-4F7D-9E62-7B84B55F374D} - System32TasksMicrosoftWindowsWindowsBackupAutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A32F1E3E-547E-4E9E-BF8E-6315CDC524BA} - System32TasksAppleAppleSoftwareUpdate => C:Program FilesApple Software UpdateSoftwareUpdate.exe
Task: {A85AB784-637D-4EBC-8441-4AB023BACD75} - System32TasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000UA => C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe [2013-12-10] (Facebook Inc.)
Task: {ABC26DF4-CA60-4464-932F-7642B3DC9324} - System32Tasks{73F5F1AE-13CA-4DE8-9B7F-07AFCCF32A53} => C:NexonCombat ArmsCombatArms.exe [2013-12-18] (Nexon)
Task: {B08685C3-5DE5-4945-8225-A675D3886B1A} - System32TasksAdobe Flash Player Updater => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {C5B65B3E-4283-4262-9AC0-4E462C3AB53F} - System32Tasks{3A7CB76E-F10B-4F8B-8459-808AF231B123} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {D5A87DBD-6E23-4DB5-896E-C6BFC320CA45} - Updater21058.exe No Task File
Task: {D7B21C18-43D1-4E36-B591-402CDCD6C488} - System32TasksVisualBeeRecovery => C:UsersdieasAppDataLocalVisualBeeExeVisualBeeRecovery.exe
Task: {D82E69E2-3280-470C-B632-6E075CEA1568} - System32TasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000Core => C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe [2013-12-10] (Facebook Inc.)
Task: {D90D7D27-F598-4406-B6E8-91D5CF19A502} - System32TasksRegCure Pro => C:Program FilesParetoLogicRegCure ProRegCurePro.exe
Task: {DD7BEAC7-9792-494D-A90F-A2E9345CA02E} - System32Tasks{3071F574-5DEA-4638-98AC-3772F6766744} => C:Program FilesMicrosoft GamesHalo Trialhalo.exe
Task: {E405E5E5-FD04-4795-A34B-E1A4DEF5CBF7} - System32Tasks{D83DA259-FABA-4B38-A142-218559BE89EE} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: C:WindowsTasksAdobe Flash Player Updater.job => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
Task: C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000Core.job => C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe
Task: C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000UA.job => C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe
Task: C:WindowsTasksGoogleUpdateTaskMachineCore.job => C:Program FilesGoogleUpdateGoogleUpdate.exe
Task: C:WindowsTasksGoogleUpdateTaskMachineUA.job => C:Program FilesGoogleUpdateGoogleUpdate.exe
Task: C:WindowsTasksParetoLogic Update Version3 Startup Task.job => C:Program FilesCommon FilesParetoLogicUUS3Pareto_Update3.exe
Task: C:WindowsTasksRegCure Pro.job => C:Program FilesParetoLogicRegCure ProRegCurePro.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:ProgramDataTEMP:373E1720
AlternateDataStreams: C:ProgramDataTEMP:56E2E879
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/13/2014 03:57:07 PM) (Source: MsiInstaller) (User: dieas-PC)
Description: Product: PrivateTunnel -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.
 
 
System errors:
=============
Error: (01/14/2014 04:15:54 PM) (Source: BugCheck) (User: )
Description: 0x0000008e (0xc0000005, 0x82f674c1, 0x9ae39a9c, 0x00000000)C:WindowsMEMORY.DMP
 
Error: (01/14/2014 04:15:52 PM) (Source: BugCheck) (User: )
Description: 
 
Error: (01/14/2014 04:15:51 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:41:06 PM on ‎1/‎14/‎2014 was unexpected.
 
Error: (01/14/2014 03:40:12 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:37:45 PM on ‎1/‎14/‎2014 was unexpected.
 
Error: (01/14/2014 07:55:58 AM) (Source: BugCheck) (User: )
Description: 0x0000007e (0xc000001d, 0x91ac10cf, 0x8ee63bc4, 0x8ee637a0)C:WindowsMEMORY.DMP
 
Error: (01/14/2014 07:55:58 AM) (Source: BugCheck) (User: )
Description: 
 
Error: (01/14/2014 07:55:52 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:37:42 AM on ‎1/‎14/‎2014 was unexpected.
 
Error: (01/13/2014 10:11:29 PM) (Source: BugCheck) (User: )
Description: 0x00000050 (0xfffffd80, 0x00000000, 0x82ee07ee, 0x00000000)C:WindowsMEMORY.DMP
 
Error: (01/13/2014 10:11:29 PM) (Source: BugCheck) (User: )
Description: 
 
Error: (01/13/2014 10:11:28 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:08:58 PM on ‎1/‎13/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-26 22:33:46.117
  Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume2Program FilesCheckPointZAForceFieldPluginsISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 25%
Total physical RAM: 3070.48 MB
Available physical RAM: 2283.69 MB
Total Pagefile: 6139.24 MB
Available Pagefile: 5115.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:97.72 GB) NTFS
Drive i: () (Removable) (Total:0.12 GB) (Free:0.06 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 9E839E83)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 124 MB) (Disk ID: 91F72D24)
Partition 1: (Not Active) - (Size=124 MB) - (Type=06)
 
==================== End Of Log ============================
 
Heres the other one again just to show it.----
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014
Ran by dieas (administrator) on DIEAS-PC on 14-01-2014 18:18:01
Running from C:UsersdieasDesktopComputer Fix
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official downoad link fo FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(AMD) C:WindowsSystem32atiesrxx.exe
(AMD) C:WindowsSystem32atieclxx.exe
(Advanced Micro Devices, Inc.) C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
(Apple Inc.) C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
(Malwarebytes Corporation) C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
() C:WindowsSystem32PnkBstrA.exe
(Cisco Consumer Products LLC) C:Program FilesCisco SystemsCisco Valet ConnectorCiscoAdapterSvc.exe
() C:WindowsSystem32UTSCSI.EXE
(Microsoft Corp.) C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE
(Yahoo! Inc.) C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
(Microsoft Corp.) C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE
(Oracle Corporation) C:Program FilesCommon FilesJavaJava Updatejusched.exe
(Microsoft Corporation) C:Program FilesWindows Sidebarsidebar.exe
(Microsoft Corporation) C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM...Run: [QuickTime Task] - C:Program FilesQuickTimeQTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM...Run: [StartCCC] - C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM...Run: [AMD AVT] - C:Program FilesAMD AVTbinkdbsync.exe [20992 2012-03-19] ()
HKLM...Run: [SunJavaUpdateSched] - C:Program FilesCommon FilesJavaJava Updatejusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU...Run: [Facebook Update] - C:UsersdieasAppDataLocalFacebookUpdateFacebookUpdate.exe [138096 2013-12-10] (Facebook Inc.)
HKCU...PoliciesExplorer: [NoStartBanner] 0x01
HKCU...PoliciesExplorer: [NoInstrumentation] 0x01
Startup: C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 127.0.0.1:834
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://ca.msn.com/?r...opt=0&ocid=iehp
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 0xA0E7B45C7E09CE01
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {97D8FBB1-D540-4CB8-B501-64E76714EB05} URL = http://search.zoneal...Id=&ver=&&r=431
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation)
TcpipParameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
 
FireFox:
========
FF ProfilePath: C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.default
FF user.js: detected! => C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultuser.js
FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:Windowssystem32AdobeDirectornp32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:Windowssystem32npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:Program FilesYahoo!SharednpYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:Program FilesMicrosoft Silverlight5.1.20913.0npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll No File
FF Plugin: @raidcall.en/RCplugin - C:UsersdieasAppDataRoamingraidcallpluginsnprcplugin.dll (Raidcall)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:Program FilesSkypeWebPluginnpSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 - C:Program FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:Program FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:UsersdieasAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:UsersdieasAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsconduit-search.xml
FF Extension: FTdownloader V3.0 - C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultExtensionsftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: No Name - C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2013-03-25]
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR Plugin: (Shockwave Flash) - C:Program FilesGoogleChromeApplication32.0.1700.72PepperFlashpepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:Program FilesGoogleChromeApplication32.0.1700.72ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:Program FilesGoogleChromeApplication32.0.1700.72pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:Program FilesQuickTimepluginsnpqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:Program FilesGoogleUpdate1.3.21.153npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll No File
CHR Plugin: (Photo Gallery) - C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:UsersdieasAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Raidcall plugin) - C:UsersdieasAppDataRoamingraidcallpluginsnprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave for Director) - C:Windowssystem32AdobeDirectornp32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:Windowssystem32MacromedFlashNPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:Windowssystem32npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll No File
CHR Extension: (AdBlock) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom2.6.16_0 [2013-11-30]
CHR Extension: (Google Wallet) - C:UsersdieasAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda0.0.6.0_0 [2014-01-12]
 
========================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [291840 2012-07-04] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:Windowssystem32PnkBstrA.exe [76888 2013-07-02] ()
R2 RaAutoInstSrv_AM10; C:Program FilesCisco SystemsCisco Valet ConnectorCiscoAdapterSvc.exe [529024 2010-05-28] (Cisco Consumer Products LLC)
R2 UTSCSI; C:Windowssystem32UTSCSI.EXE [45056 2013-08-12] ()
 
==================== Drivers (Whitelisted) ====================
 
R3 AM10; C:WindowsSystem32DRIVERSam10w7.sys [841504 2010-03-22] (Ralink Technology Corp.)
S3 hamachi; C:WindowsSystem32DRIVERShamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 LUsbFilt; C:WindowsSystem32DriversLUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
S3 ManyCam; C:WindowsSystem32DRIVERSmcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:Windowssystem32driversmbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:WindowsSystem32driversmcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
S3 SCREAMINGBDRIVER; C:WindowsSystem32driversScreamingBAudio.sys [34896 2012-07-31] (Screaming Bee LLC)
R3 tap0901; C:WindowsSystem32DRIVERStap0901.sys [26624 2011-07-01] (The OpenVPN Project)
S3 taphss6; C:WindowsSystem32DRIVERStaphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
S3 tenCapture; C:WindowsSystem32DRIVERStenCapture.sys [20664 2012-07-20] (Hajo Krabbenhöft)
R3 VCSVADHWSer; C:WindowsSystem32DRIVERSvcsvad.sys [17792 2008-12-26] (Avnex)
S3 EagleXNt; ??C:Windowssystem32driversEagleXNt.sys [x]
S3 XDva405; ??C:Windowssystem32XDva405.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-13 20:57 - 2014-01-13 20:57 - 290585982 _____ C:UsersdieasDownloadsTeen.Wolf.S03E14.720p.HDTV.x264-REMARKABLE.mkv (1).crdownload
2014-01-13 20:52 - 2014-01-13 20:52 - 00148248 _____ C:WindowsMinidump011314-32900-01.dmp
2014-01-13 20:44 - 2014-01-13 20:44 - 468057342 _____ C:UsersdieasDownloadsTeen.Wolf.S03E14.720p.HDTV.x264-REMARKABLE.mkv.crdownload
2014-01-13 19:59 - 2014-01-13 19:59 - 00000000 ____D C:Program FilesESET
2014-01-13 19:58 - 2014-01-13 19:58 - 02347384 _____ (ESET) C:UsersdieasDownloadsesetsmartinstaller_enu.exe
2014-01-13 18:05 - 2014-01-13 18:05 - 00448512 _____ (OldTimer Tools) C:UsersdieasDownloadsTFC.exe
2014-01-13 18:05 - 2014-01-13 18:05 - 00448512 _____ (OldTimer Tools) C:UsersdieasDesktopTFC.exe
2014-01-13 17:10 - 2014-01-13 17:10 - 02467287 _____ C:UsersdieasDownloads768689_4227725.mp4
2014-01-13 16:07 - 2014-01-14 18:18 - 00000000 ____D C:UsersdieasDesktopComputer Fix
2014-01-12 21:52 - 2014-01-12 21:52 - 00148296 _____ C:WindowsMinidump011214-35880-01.dmp
2014-01-12 19:31 - 2014-01-12 19:31 - 00000000 ____D C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsPutLockerDownloader.com
2014-01-12 19:31 - 2014-01-12 19:31 - 00000000 ____D C:UsersdieasAppDataLocalCool_Mirage
2014-01-12 17:46 - 2014-01-12 17:47 - 00144136 _____ C:WindowsMinidump011214-21262-01.dmp
2014-01-12 17:38 - 2014-01-14 18:17 - 00000000 ____D C:FRST
2014-01-12 17:34 - 2014-01-12 17:34 - 01219584 _____ (Farbar) C:UsersdieasDownloadsFRST.exe
2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDownloadsrkill.exe
2014-01-12 14:22 - 2014-01-12 14:22 - 00000000 ____D C:WindowsERUNT
2014-01-12 14:15 - 2014-01-12 14:16 - 00000000 ____D C:AdwCleaner
2014-01-12 14:14 - 2014-01-12 14:14 - 01236282 _____ C:UsersdieasDownloadsadwcleaner (1).exe
2014-01-12 13:05 - 2014-01-12 13:06 - 00144136 _____ C:WindowsMinidump011214-26535-01.dmp
2014-01-08 19:46 - 2014-01-12 12:56 - 00000000 __SHD C:found.000
2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDownloadsJRT.exe
2014-01-08 15:52 - 2014-01-08 15:52 - 01233962 _____ C:UsersdieasDownloadsAdwCleaner.exe
2014-01-08 07:25 - 2014-01-08 07:25 - 00144136 _____ C:WindowsMinidump010814-18610-01.dmp
2014-01-07 08:37 - 2014-01-07 08:38 - 00131072 _____ C:WindowsMinidump010714-20311-01.dmp
2014-01-06 23:13 - 2013-10-24 20:45 - 01767936 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll
2014-01-06 23:13 - 2013-10-24 20:45 - 00042496 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe
2014-01-06 23:13 - 2013-10-24 20:44 - 14356992 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll
2014-01-06 23:13 - 2013-10-24 20:44 - 01140736 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 13761536 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 02877952 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 02049024 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00690688 _____ (Microsoft Corporation) C:Windowssystem32jscript.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00493056 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00391168 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00109056 _____ (Microsoft Corporation) C:Windowssystem32iesysprep.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00061440 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00039424 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll
2014-01-06 23:13 - 2013-10-24 20:43 - 00033280 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll
2014-01-06 23:13 - 2013-10-24 19:41 - 02706432 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb
2014-01-06 23:13 - 2013-10-24 18:49 - 00071680 _____ (Microsoft Corporation) C:Windowssystem32RegisterIEPKEYs.exe
2014-01-06 20:53 - 2014-01-06 20:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:UsersdieasDownloadsmbam-setup-1.75.0.1300.exe
2014-01-05 20:31 - 2014-01-05 20:37 - 67919957 _____ C:UsersdieasDownloadsFamily.Guy.S12E09.HDTV.x264-LOL.mp4
2014-01-03 23:00 - 2014-01-03 23:00 - 00005309 _____ C:UsersdieasDownloadsfree ebookkk.txt
2014-01-03 14:23 - 2014-01-03 14:23 - 00039424 ___SH C:UsersdieasAppDataRoamingThumbs.db
2014-01-02 00:18 - 2014-01-03 13:54 - 00000000 ____D C:UsersPublicDocumentsGOOBZO
2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:UsersdieasDocumentsMy Received Files
2013-12-29 19:34 - 2013-12-29 19:34 - 20717568 _____ C:UsersdieasDownloadsSkypeSetup_6.1.0.129.msi
2013-12-29 19:33 - 2013-10-08 06:51 - 00873384 _____ (Oracle Corporation) C:Windowssystem32npDeployJava1.dll
2013-12-29 19:33 - 2013-10-08 06:51 - 00796072 _____ (Oracle Corporation) C:Windowssystem32deployJava1.dll
2013-12-29 19:33 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:Windowssystem32javaws.exe
2013-12-29 19:33 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:Windowssystem32javaw.exe
2013-12-29 19:33 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:Windowssystem32java.exe
2013-12-29 19:31 - 2013-12-29 19:32 - 31175144 _____ (Oracle Corporation) C:UsersdieasDownloadsjre-7u7-windows-i586.exe
2013-12-29 19:21 - 2013-12-29 19:21 - 18124080 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x86-enu.exe
2013-12-29 19:20 - 2013-12-29 19:20 - 36380976 _____ (Microsoft Corporation) C:UsersdieasDownloadsIE9-Windows7-x64-enu.exe
2013-12-24 01:18 - 2014-01-12 13:06 - 00000470 _____ C:WindowsTasksParetoLogic Update Version3 Startup Task.job
 
==================== One Month Modified Files and Folders =======
 
2014-01-14 18:18 - 2014-01-13 16:07 - 00000000 ____D C:UsersdieasDesktopComputer Fix
2014-01-14 18:17 - 2014-01-12 17:38 - 00000000 ____D C:FRST
2014-01-14 18:16 - 2013-08-28 10:43 - 00000000 ____D C:UsersdieasAppDataLocalGC
2014-01-14 18:16 - 2013-02-16 16:09 - 00000830 _____ C:WindowsTasksAdobe Flash Player Updater.job
2014-01-14 18:16 - 2013-02-16 15:09 - 00000884 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job
2014-01-14 18:16 - 2013-02-16 15:09 - 00000880 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job
2014-01-14 18:16 - 2013-02-12 15:53 - 01526288 _____ C:WindowsWindowsUpdate.log
2014-01-14 16:23 - 2009-07-13 20:34 - 00014544 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 16:23 - 2009-07-13 20:34 - 00014544 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 16:15 - 2013-10-11 15:21 - 240308425 _____ C:WindowsMEMORY.DMP
2014-01-14 16:15 - 2013-09-28 06:14 - 00009688 _____ C:Windowssetupact.log
2014-01-14 16:15 - 2013-03-16 19:46 - 00000000 ____D C:WindowsMinidump
2014-01-14 16:15 - 2009-07-13 20:53 - 00000006 ____H C:WindowsTasksSA.DAT
2014-01-14 15:40 - 2009-07-13 20:53 - 00032558 _____ C:WindowsTasksSCHEDLGU.TXT
2014-01-14 15:36 - 2013-12-10 21:35 - 00000928 _____ C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000UA.job
2014-01-13 20:57 - 2014-01-13 20:57 - 290585982 _____ C:UsersdieasDownloadsTeen.Wolf.S03E14.720p.HDTV.x264-REMARKABLE.mkv (1).crdownload
2014-01-13 20:52 - 2014-01-13 20:52 - 00148248 _____ C:WindowsMinidump011314-32900-01.dmp
2014-01-13 20:44 - 2014-01-13 20:44 - 468057342 _____ C:UsersdieasDownloadsTeen.Wolf.S03E14.720p.HDTV.x264-REMARKABLE.mkv.crdownload
2014-01-13 20:30 - 2013-02-18 16:32 - 00113640 _____ C:UsersdieasAppDataLocalGDIPFONTCACHEV1.DAT
2014-01-13 19:59 - 2014-01-13 19:59 - 00000000 ____D C:Program FilesESET
2014-01-13 19:58 - 2014-01-13 19:58 - 02347384 _____ (ESET) C:UsersdieasDownloadsesetsmartinstaller_enu.exe
2014-01-13 18:07 - 2013-09-28 06:13 - 00194010 _____ C:WindowsPFRO.log
2014-01-13 18:07 - 2013-02-19 20:06 - 00000000 ____D C:Program FilesPando Networks
2014-01-13 18:05 - 2014-01-13 18:05 - 00448512 _____ (OldTimer Tools) C:UsersdieasDownloadsTFC.exe
2014-01-13 18:05 - 2014-01-13 18:05 - 00448512 _____ (OldTimer Tools) C:UsersdieasDesktopTFC.exe
2014-01-13 18:04 - 2009-07-13 18:37 - 00000000 ____D C:WindowsBranding
2014-01-13 17:10 - 2014-01-13 17:10 - 02467287 _____ C:UsersdieasDownloads768689_4227725.mp4
2014-01-13 16:07 - 2013-07-13 16:27 - 00000000 ____D C:UsersdieasDesktopFolders
2014-01-13 16:05 - 2013-03-10 11:53 - 00000000 ____D C:ProgramDataSkype
2014-01-13 16:05 - 2013-02-12 16:06 - 00000000 ____D C:Program FilesMozilla Firefox
2014-01-13 16:03 - 2013-02-12 15:58 - 00795378 _____ C:Windowssystem32PerfStringBackup.INI
2014-01-13 16:00 - 2009-07-13 20:33 - 00434032 _____ C:Windowssystem32FNTCACHE.DAT
2014-01-13 15:58 - 2013-09-28 12:03 - 00000000 ____D C:Program FilesRegistry Winner
2014-01-13 15:58 - 2013-03-10 11:54 - 00000000 ____D C:UsersdieasAppDataRoamingSkype
2014-01-13 15:56 - 2013-08-26 15:42 - 00000000 ____D C:Program FilesHyperCam 2
2014-01-13 15:54 - 2013-02-19 20:31 - 00000000 ____D C:UsersdieasAppDataRoaminguTorrent
2014-01-12 21:52 - 2014-01-12 21:52 - 00148296 _____ C:WindowsMinidump011214-35880-01.dmp
2014-01-12 21:40 - 2013-12-10 21:35 - 00000906 _____ C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2188790374-365846068-1736179643-1000Core.job
2014-01-12 19:31 - 2014-01-12 19:31 - 00000000 ____D C:UsersdieasAppDataRoamingMicrosoftWindowsStart MenuProgramsPutLockerDownloader.com
2014-01-12 19:31 - 2014-01-12 19:31 - 00000000 ____D C:UsersdieasAppDataLocalCool_Mirage
2014-01-12 17:47 - 2014-01-12 17:46 - 00144136 _____ C:WindowsMinidump011214-21262-01.dmp
2014-01-12 17:34 - 2014-01-12 17:34 - 01219584 _____ (Farbar) C:UsersdieasDownloadsFRST.exe
2014-01-12 17:31 - 2014-01-12 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:UsersdieasDownloadsrkill.exe
2014-01-12 14:22 - 2014-01-12 14:22 - 00000000 ____D C:WindowsERUNT
2014-01-12 14:16 - 2014-01-12 14:15 - 00000000 ____D C:AdwCleaner
2014-01-12 14:16 - 2013-05-26 17:14 - 00000000 ____D C:UsersdieasAppDataRoamingCheckPoint
2014-01-12 14:14 - 2014-01-12 14:14 - 01236282 _____ C:UsersdieasDownloadsadwcleaner (1).exe
2014-01-12 13:06 - 2014-01-12 13:05 - 00144136 _____ C:WindowsMinidump011214-26535-01.dmp
2014-01-12 13:06 - 2013-12-24 01:18 - 00000470 _____ C:WindowsTasksParetoLogic Update Version3 Startup Task.job
2014-01-12 12:58 - 2013-02-12 15:57 - 00000000 ____D C:Usersdieas
2014-01-12 12:56 - 2014-01-08 19:46 - 00000000 __SHD C:found.000
2014-01-12 12:56 - 2013-06-08 13:28 - 00000000 ____D C:Program FilesRaidCall
2014-01-12 12:56 - 2013-03-28 13:51 - 00000000 ____D C:Program FilesMalwarebytes' Anti-Malware
2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowssystem32wfp
2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowsrescache
2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Windowsregistration
2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:WindowsAppCompat
2014-01-12 12:56 - 2009-07-13 18:37 - 00000000 ____D C:Program FilesCommon Filesmicrosoft shared
2014-01-10 22:01 - 2013-05-29 14:39 - 00000000 ____D C:UsersdieasAppDataLocalCrashDumps
2014-01-08 15:53 - 2014-01-08 15:53 - 01037068 _____ (Thisisu) C:UsersdieasDownloadsJRT.exe
2014-01-08 15:52 - 2014-01-08 15:52 - 01233962 _____ C:UsersdieasDownloadsAdwCleaner.exe
2014-01-08 07:25 - 2014-01-08 07:25 - 00144136 _____ C:WindowsMinidump010814-18610-01.dmp
2014-01-07 08:38 - 2014-01-07 08:37 - 00131072 _____ C:WindowsMinidump010714-20311-01.dmp
2014-01-07 06:57 - 2009-07-13 20:52 - 00000000 ____D C:Windowsaddins
2014-01-06 20:55 - 2013-03-28 13:51 - 00001027 _____ C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk
2014-01-06 20:53 - 2014-01-06 20:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:UsersdieasDownloadsmbam-setup-1.75.0.1300.exe
2014-01-06 20:36 - 2013-11-05 00:29 - 00000000 ____D C:Program FilesSkypeWebPlugin
2014-01-06 20:36 - 2013-10-09 21:14 - 00000000 ____D C:Program FilesProject64 2.0
2014-01-06 20:36 - 2013-10-05 12:23 - 00000000 ____D C:Usersdieasjagexcache
2014-01-06 20:36 - 2013-09-14 21:01 - 00000000 ____D C:UsersdieasAppDataRoamingDAEMON Tools Ultra
2014-01-06 20:36 - 2013-09-02 20:53 - 00000000 ____D C:UsersdieasAppDataRoamingRiot Games
2014-01-06 20:36 - 2013-08-20 21:37 - 00000000 ____D C:Usersdieas.PowerScape
2014-01-06 20:36 - 2013-08-11 00:13 - 00000000 ____D C:Usersdieasrs3cachev4
2014-01-06 20:36 - 2013-06-16 12:34 - 00000000 ____D C:Program FilesMicrosoft Expression
2014-01-06 20:36 - 2013-05-28 18:04 - 00000000 ____D C:UsersdieasAppDataRoamingBANDISOFT
2014-01-06 20:36 - 2013-05-26 17:15 - 00000000 ____D C:Fraps
2014-01-06 20:36 - 2013-03-31 16:17 - 00000000 ____D C:Program FilesSecurityKISS Tunnel
2014-01-06 20:36 - 2013-02-16 16:02 - 00000000 ____D C:UsersdieasAppDataRoaming.minecraft
2014-01-06 20:33 - 2009-07-13 18:37 - 00000000 ___RD C:UsersPublic
2014-01-06 20:29 - 2013-05-29 14:21 - 00000000 ____D C:Program FilesWindows Live
2014-01-06 20:28 - 2013-06-30 17:17 - 00000000 ____D C:Program FilesImage-Line
2014-01-06 20:27 - 2013-05-29 14:19 - 00000000 ____D C:Program FilesCommon FilesWindows Live
2014-01-06 20:01 - 2013-05-29 14:27 - 00000000 ____D C:UsersdieasTracing
2014-01-05 20:37 - 2014-01-05 20:31 - 67919957 _____ C:UsersdieasDownloadsFamily.Guy.S12E09.HDTV.x264-LOL.mp4
2014-01-03 23:00 - 2014-01-03 23:00 - 00005309 _____ C:UsersdieasDownloadsfree ebookkk.txt
2014-01-03 14:23 - 2014-01-03 14:23 - 00039424 ___SH C:UsersdieasAppDataRoamingThumbs.db
2014-01-03 14:19 - 2013-02-19 16:25 - 00000000 ____D C:UsersdieasDocumentsMy Games
2014-01-03 13:54 - 2014-01-02 00:18 - 00000000 ____D C:UsersPublicDocumentsGOOBZO
2014-01-03 13:24 - 2013-10-09 20:19 - 00006466 _____ C:Usersdieasovpntray.log
2013-12-31 19:27 - 2013-10-05 12:23 - 00000024 _____ C:Usersdieasrandom.dat
2013-12-31 16:44 - 2013-12-31 16:44 - 00000000 ____D C:UsersdieasDocumentsMy Received Files
2013-12-30 22:46 - 2013-05-29 14:20 - 00000000 ____D C:UsersdieasAppDataLocalWindows Live
2013-12-29 19:34 - 2013-12-29 19:34 - 20717568 _____ C:UsersdieasDownloadsSkypeSetup_6.1.0.129.msi
2013-12-29 19:32 - 2013-12-29 19:31 - 31175144 _____ (Oracle Corporation) C:UsersdieasDownloadsjre-7u7-windows-i586.exe
2013-12-29 19:32 - 2013-03-05 23:18 - 00000000 ____D C:Program FilesJava
2013-12-29

#15 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,080 posts
  • Gender:Female


Posted 15 January 2014 - 05:42 AM

The log was cut off but I can see quite a bit and we'll continue.

Were you able to run Eset online scanner?

PutLockerDownloader utility has been known to install large amounts of adware/malware and useless addons.
I suggest you uninstall it.

~~~~~~~~~~~~~~~~`

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
AlternateDataStreams: C:ProgramDataTEMP:373E1720
AlternateDataStreams: C:ProgramDataTEMP:56E2E879
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
FF Plugin: @pandonetworks.com/PandoWebPlugin- C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll No File
FF SearchPlugin: C:UsersdieasAppDataRoamingMozillaFirefoxProfiless1rs6wdf.defaultsearchpluginsconduit-search.xml
C:UsersdieasAppDataRoaminguTorrent
C:Usersdieasrandom.dat
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

~~~~~~~~~~~~~~~~~~~~~~`
Please uninstall Java from your control panel add/remove list.
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java 7 Update 7 (Version: 7.0.70 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 24 (Version: 6.0.240 - Oracle)

Now, download the newest version from the link below

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
    ~~~~~~~~~~~~~~~~~~~~~~

    In your next reply post
    Frst.txt

    How's the computer now?
  • [/list]

Edited by Juliet, 16 January 2014 - 06:39 AM.
typo

Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#16 Timmy

Timmy

    Member

  • Members
  • 18 posts

Posted 15 January 2014 - 11:09 PM

Every time I use ESET my computer starts crashing and never stops, i'm removing all junk from the computer and will do the other steps first thing tomorrow and post the logs here than.



#17 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,080 posts
  • Gender:Female


Posted 16 January 2014 - 06:48 AM

See if you can do my instructions from previous post first, then please try to do:

If possible print out these instructions or save to note pad, the window will close and you may need to read over the notes carefully.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application
    tdss%20start.JPG
  • ~~~~~~~~~~~~~~
  • Then click on Change parameters.

    tdss%20Change%20param.JPG
  • ~~~~~~~~~~~`
  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss%20threat.JPG
  • ~~~~~~~~~~~~~
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    tdss%20report.JPG
  • ~~~~~~~~~~~~
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#18 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,080 posts
  • Gender:Female


Posted 16 January 2014 - 06:53 AM

Download blue screen viewer from the link below and install and run it to read the dump files created by windows.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

http://www.nirsoft.n...creen_view.html
Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#19 Timmy

Timmy

    Member

  • Members
  • 18 posts

Posted 16 January 2014 - 09:38 PM

This is the report for the BSOD --- 

==================================================
Dump File         : 011614-49249-01.dmp
Crash Time        : 1/16/2014 8:04:54 AM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0x04170023
Parameter 2       : 0x00000002
Parameter 3       : 0x00000000
Parameter 4       : 0x8af36820
Caused By Driver  : Wdf01000.sys
Caused By Address : Wdf01000.sys+8820
File Description  : Kernel Mode Driver Framework Runtime
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 1.11.9200.16648 (win8_gdr.130621-1503)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40b6f
Stack Address 1   : Wdf01000.sys+8820
Stack Address 2   : Wdf01000.sys+86b6
Stack Address 3   : Wdf01000.sys+423c9
Computer Name     : 
Full Path         : C:\Windows\Minidump\011614-49249-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 182,600
Dump File Time    : 1/16/2014 3:24:05 PM
==================================================
 
==================================================
Dump File         : 011514-22479-01.dmp
Crash Time        : 1/15/2014 9:03:08 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0x0001001c
Parameter 2       : 0x00000002
Parameter 3       : 0x00000000
Parameter 4       : 0x8af7fa15
Caused By Driver  : 
Caused By Address : 
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : 32-bit
Crash Address     : 
Stack Address 1   : ntkrnlpa.exe+772cd
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\011514-22479-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 131,072
Dump File Time    : 1/15/2014 10:17:13 PM
==================================================
 
==================================================
Dump File         : 011514-26005-01.dmp
Crash Time        : 1/15/2014 7:34:42 PM
Bug Check String  : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000007e
Parameter 1       : 0xc000000d
Parameter 2       : 0x918ce0cf
Parameter 3       : 0x8ee63bc4
Parameter 4       : 0x8ee637a0
Caused By Driver  : Unknown_Module_00000000
Caused By Address : 
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : 32-bit
Crash Address     : 
Stack Address 1   : ntkrnlpa.exe+772cd
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\011514-26005-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 131,072
Dump File Time    : 1/15/2014 7:37:40 PM
==================================================
 
==================================================
Dump File         : 011214-35880-01.dmp
Crash Time        : 1/12/2014 9:50:41 PM
Bug Check String  : BAD_POOL_CALLER
Bug Check Code    : 0x000000c2
Parameter 1       : 0x00000099
Parameter 2       : 0x858ff040
Parameter 3       : 0x00000000
Parameter 4       : 0x00000000
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+debfc
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+debfc
Stack Address 1   : ntkrnlpa.exe+336f03
Stack Address 2   : ntkrnlpa.exe+f0247
Stack Address 3   : ntkrnlpa.exe+120ff9
Computer Name     : 
Full Path         : C:\Windows\Minidump\011214-35880-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 148,296
Dump File Time    : 1/12/2014 9:52:20 PM
==================================================
 
==================================================
Dump File         : 011214-21262-01.dmp
Crash Time        : 1/12/2014 5:44:28 PM
Bug Check String  : BAD_POOL_HEADER
Bug Check Code    : 0x00000019
Parameter 1       : 0x00000020
Parameter 2       : 0x8a12e408
Parameter 3       : 0x8a12e4a0
Parameter 4       : 0x0a130403
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+120c6b
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+120c6b
Stack Address 1   : ntkrnlpa.exe+24147d
Stack Address 2   : ntkrnlpa.exe+265969
Stack Address 3   : ntkrnlpa.exe+24142d
Computer Name     : 
Full Path         : C:\Windows\Minidump\011214-21262-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 144,136
Dump File Time    : 1/12/2014 5:47:05 PM
==================================================
 
==================================================
Dump File         : 011214-26535-01.dmp
Crash Time        : 1/12/2014 12:59:24 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 0x7ff4f000
Parameter 2       : 0x00000002
Parameter 3       : 0x00000000
Parameter 4       : 0x82e8debc
Caused By Driver  : USBPORT.SYS
Caused By Address : USBPORT.SYS+15fb
File Description  : USB 1.1 & 2.0 Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40b7f
Stack Address 1   : ntkrnlpa.exe+78ebc
Stack Address 2   : ntkrnlpa.exe+79702
Stack Address 3   : ntkrnlpa.exe+79407
Computer Name     : 
Full Path         : C:\Windows\Minidump\011214-26535-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 144,136
Dump File Time    : 1/12/2014 1:06:03 PM
==================================================
 
==================================================
Dump File         : 010814-18610-01.dmp
Crash Time        : 1/8/2014 7:24:07 AM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 0xbeada597
Parameter 2       : 0x00000002
Parameter 3       : 0x00000000
Parameter 4       : 0x82ecbe3d
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+40b7f
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40b7f
Stack Address 1   : ntkrnlpa.exe+78e3d
Stack Address 2   : ntkrnlpa.exe+7cce6
Stack Address 3   : ntkrnlpa.exe+79465
Computer Name     : 
Full Path         : C:\Windows\Minidump\010814-18610-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 144,136
Dump File Time    : 1/8/2014 7:25:34 AM
==================================================
 
==================================================
Dump File         : 010714-20311-01.dmp
Crash Time        : 1/7/2014 7:09:31 AM
Bug Check String  : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000007e
Parameter 1       : 0xc000001d
Parameter 2       : 0x91cd20cf
Parameter 3       : 0x8f063bc4
Parameter 4       : 0x8f0637a0
Caused By Driver  : 
Caused By Address : 
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : 32-bit
Crash Address     : 
Stack Address 1   : ntkrnlpa.exe+772cd
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\010714-20311-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 131,072
Dump File Time    : 1/7/2014 8:38:01 AM
==================================================
 
==================================================
Dump File         : 120713-44179-01.dmp
Crash Time        : 12/7/2013 1:47:16 PM
Bug Check String  : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000007e
Parameter 1       : 0xc0000005
Parameter 2       : 0x92058568
Parameter 3       : 0x8d25ca5c
Parameter 4       : 0x8d25c640
Caused By Driver  : HDAudBus.sys
Caused By Address : HDAudBus.sys+9568
File Description  : High Definition Audio Bus Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor         : 32-bit
Crash Address     : HDAudBus.sys+9568
Stack Address 1   : HDAudBus.sys+c30c
Stack Address 2   : RTKVHDA.sys+18c6d9
Stack Address 3   : RTKVHDA.sys+a68
Computer Name     : 
Full Path         : C:\Windows\Minidump\120713-44179-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 144,168
Dump File Time    : 12/7/2013 1:48:58 PM
==================================================
 
==================================================
Dump File         : 103113-26395-01.dmp
Crash Time        : 10/31/2013 7:13:10 AM
Bug Check String  : BAD_POOL_HEADER
Bug Check Code    : 0x00000019
Parameter 1       : 0x00000020
Parameter 2       : 0x88262ed8
Parameter 3       : 0x88262ef0
Parameter 4       : 0x08030008
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+120c6b
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+120c6b
Stack Address 1   : ntkrnlpa.exe+82edd
Stack Address 2   : ntkrnlpa.exe+77dd3
Stack Address 3   : USBPORT.SYS+430d
Computer Name     : 
Full Path         : C:\Windows\Minidump\103113-26395-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 182,608
Dump File Time    : 10/31/2013 8:15:03 PM
==================================================
 
==================================================
Dump File         : 102413-62852-01.dmp
Crash Time        : 10/24/2013 6:49:24 AM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0x82c50415
Parameter 3       : 0x807e28cc
Parameter 4       : 0x00000000
Caused By Driver  : USBPORT.SYS
Caused By Address : USBPORT.SYS+1100
File Description  : USB 1.1 & 2.0 Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+41415
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\102413-62852-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 182,488
Dump File Time    : 10/24/2013 2:12:22 PM
==================================================
 
==================================================
Dump File         : 102313-37097-01.dmp
Crash Time        : 10/23/2013 6:55:40 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 0x00000001
Parameter 2       : 0x00000002
Parameter 3       : 0x00000000
Parameter 4       : 0x82cb640b
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+40b7f
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40b7f
Stack Address 1   : ntkrnlpa.exe+7940b
Stack Address 2   : ntkrnlpa.exe+7933a
Stack Address 3   : ntkrnlpa.exe+774ce
Computer Name     : 
Full Path         : C:\Windows\Minidump\102313-37097-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 131,072
Dump File Time    : 10/23/2013 6:57:15 PM
==================================================
 
==================================================
Dump File         : 101213-17596-01.dmp
Crash Time        : 10/12/2013 9:35:47 AM
Bug Check String  : DRIVER_CORRUPTED_EXPOOL
Bug Check Code    : 0x000000c5
Parameter 1       : 0xd0858588
Parameter 2       : 0x00000002
Parameter 3       : 0x00000001
Parameter 4       : 0x82d754c1
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+40b7f
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40b7f
Stack Address 1   : ntkrnlpa.exe+1204c1
Stack Address 2   : USBPORT.SYS+3a9e
Stack Address 3   : USBPORT.SYS+8a9e
Computer Name     : 
Full Path         : C:\Windows\Minidump\101213-17596-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 131,072
Dump File Time    : 10/12/2013 11:05:07 AM
==================================================
 


#20 Timmy

Timmy

    Member

  • Members
  • 18 posts

Posted 16 January 2014 - 09:41 PM

For the Kaspersky scan there was no cure but 1 object was infected and this report is going to be really big.

 

18:30:38.0991 0x0228  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
18:30:41.0600 0x0228  ============================================================
18:30:41.0600 0x0228  Current date / time: 2014/01/16 18:30:41.0600
18:30:41.0600 0x0228  SystemInfo:
18:30:41.0600 0x0228  
18:30:41.0600 0x0228  OS Version: 6.1.7601 ServicePack: 1.0
18:30:41.0600 0x0228  Product type: Workstation
18:30:41.0600 0x0228  ComputerName: DIEAS-PC
18:30:41.0600 0x0228  UserName: dieas
18:30:41.0600 0x0228  Windows directory: C:\Windows
18:30:41.0600 0x0228  System windows directory: C:\Windows
18:30:41.0600 0x0228  Processor architecture: Intel x86
18:30:41.0601 0x0228  Number of processors: 2
18:30:41.0601 0x0228  Page size: 0x1000
18:30:41.0601 0x0228  Boot type: Normal boot
18:30:41.0601 0x0228  ============================================================
18:30:42.0505 0x0228  KLMD registered as C:\Windows\system32\drivers\46220166.sys
18:30:42.0702 0x0228  System UUID: {4FFF5E3A-4B87-89AE-F513-64CDD32C6110}
18:30:43.0293 0x0228  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
18:30:43.0309 0x0228  Drive \Device\Harddisk5\DR5 - Size: 0x7C00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:30:43.0310 0x0228  ============================================================
18:30:43.0310 0x0228  \Device\Harddisk0\DR0:
18:30:43.0310 0x0228  MBR partitions:
18:30:43.0310 0x0228  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:30:43.0310 0x0228  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
18:30:43.0310 0x0228  \Device\Harddisk5\DR5:
18:30:43.0311 0x0228  MBR partitions:
18:30:43.0311 0x0228  \Device\Harddisk5\DR5\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DFE0
18:30:43.0311 0x0228  ============================================================
18:30:43.0455 0x0228  C: <-> \Device\Harddisk0\DR0\Partition2
18:30:43.0456 0x0228  ============================================================
18:30:43.0456 0x0228  Initialize success
18:30:43.0456 0x0228  ============================================================
18:31:11.0701 0x0e9c  ============================================================
18:31:11.0701 0x0e9c  Scan started
18:31:11.0701 0x0e9c  Mode: Manual; SigCheck; TDLFS; 
18:31:11.0701 0x0e9c  ============================================================
18:31:11.0701 0x0e9c  KSN ping started
18:31:14.0499 0x0e9c  KSN ping finished: true
18:31:15.0180 0x0e9c  ================ Scan system memory ========================
18:31:15.0180 0x0e9c  System memory - ok
18:31:15.0181 0x0e9c  ================ Scan services =============================
18:31:15.0398 0x0e9c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:31:15.0481 0x0e9c  1394ohci - ok
18:31:15.0545 0x0e9c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:31:15.0569 0x0e9c  ACPI - ok
18:31:15.0608 0x0e9c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:31:15.0659 0x0e9c  AcpiPmi - ok
18:31:15.0787 0x0e9c  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:31:15.0819 0x0e9c  AdobeARMservice - ok
18:31:15.0908 0x0e9c  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:31:15.0925 0x0e9c  AdobeFlashPlayerUpdateSvc - ok
18:31:15.0974 0x0e9c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:31:16.0003 0x0e9c  adp94xx - ok
18:31:16.0018 0x0e9c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:31:16.0034 0x0e9c  adpahci - ok
18:31:16.0053 0x0e9c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:31:16.0066 0x0e9c  adpu320 - ok
18:31:16.0097 0x0e9c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:31:16.0223 0x0e9c  AeLookupSvc - ok
18:31:16.0283 0x0e9c  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
18:31:16.0321 0x0e9c  AFD - ok
18:31:16.0359 0x0e9c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
18:31:16.0383 0x0e9c  agp440 - ok
18:31:16.0427 0x0e9c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
18:31:16.0455 0x0e9c  aic78xx - ok
18:31:16.0500 0x0e9c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
18:31:16.0557 0x0e9c  ALG - ok
18:31:16.0612 0x0e9c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:31:16.0626 0x0e9c  aliide - ok
18:31:16.0702 0x0e9c  [ 9067A7689D108C4F15ED2FCF2C572B5C, EB601682719EB338AC56515982AD3C3ABF86823B01F8891243797E204BEFD6AF ] AM10            C:\Windows\system32\DRIVERS\am10w7.sys
18:31:16.0756 0x0e9c  AM10 - ok
18:31:16.0823 0x0e9c  [ F9491B157A8CD70557745FA0312C1EEE, CA91E1E136ED6AE3E16883E465D4AEB47260416ABCF14D58ADB395AE2368B418 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:31:16.0884 0x0e9c  AMD External Events Utility - ok
18:31:17.0019 0x0e9c  AMD FUEL Service - ok
18:31:17.0061 0x0e9c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:31:17.0070 0x0e9c  amdagp - ok
18:31:17.0119 0x0e9c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:31:17.0143 0x0e9c  amdide - ok
18:31:17.0203 0x0e9c  [ FF258424F0B2EF25EB98F04EE386E6E3, 09DC3854BF0D52FB80AB08DC4E0DD4A9E37ACAA500083A56F9836C837EBCFA82 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
18:31:17.0224 0x0e9c  amdiox86 - ok
18:31:17.0267 0x0e9c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:31:17.0294 0x0e9c  AmdK8 - ok
18:31:17.0656 0x0e9c  [ F53B89A4B976B534DAA8AEDAFEAF8EA3, 1973FC771B69ADEE17A3405B7961958B8DF135506D60554BD233325EC1C46AA6 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:31:18.0113 0x0e9c  amdkmdag - ok
18:31:18.0187 0x0e9c  [ 3DEA9B1D1B274C739C9367FB1E56185F, ACE1520FE4754DB61F6C1726C2B6859ABA322115DF8FB43660A0D964019039CA ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:31:18.0226 0x0e9c  amdkmdap - ok
18:31:18.0257 0x0e9c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:31:18.0285 0x0e9c  AmdPPM - ok
18:31:18.0331 0x0e9c  [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:31:18.0341 0x0e9c  amdsata - ok
18:31:18.0368 0x0e9c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:31:18.0381 0x0e9c  amdsbs - ok
18:31:18.0399 0x0e9c  [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:31:18.0408 0x0e9c  amdxata - ok
18:31:18.0458 0x0e9c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
18:31:18.0534 0x0e9c  AppID - ok
18:31:18.0583 0x0e9c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:31:18.0611 0x0e9c  AppIDSvc - ok
18:31:18.0649 0x0e9c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
18:31:18.0693 0x0e9c  Appinfo - ok
18:31:18.0778 0x0e9c  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:31:18.0786 0x0e9c  Apple Mobile Device - ok
18:31:18.0827 0x0e9c  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:31:18.0879 0x0e9c  AppMgmt - ok
18:31:18.0919 0x0e9c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:31:18.0930 0x0e9c  arc - ok
18:31:18.0945 0x0e9c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:31:18.0957 0x0e9c  arcsas - ok
18:31:19.0086 0x0e9c  [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:31:19.0119 0x0e9c  aspnet_state - ok
18:31:19.0144 0x0e9c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:31:19.0243 0x0e9c  AsyncMac - ok
18:31:19.0291 0x0e9c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:31:19.0302 0x0e9c  atapi - ok
18:31:19.0680 0x0e9c  [ F53B89A4B976B534DAA8AEDAFEAF8EA3, 1973FC771B69ADEE17A3405B7961958B8DF135506D60554BD233325EC1C46AA6 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:31:19.0942 0x0e9c  atikmdag - ok
18:31:20.0019 0x0e9c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:31:20.0071 0x0e9c  AudioEndpointBuilder - ok
18:31:20.0110 0x0e9c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:31:20.0141 0x0e9c  Audiosrv - ok
18:31:20.0204 0x0e9c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:31:20.0283 0x0e9c  AxInstSV - ok
18:31:20.0334 0x0e9c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
18:31:20.0405 0x0e9c  b06bdrv - ok
18:31:20.0452 0x0e9c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
18:31:20.0475 0x0e9c  b57nd60x - ok
18:31:20.0530 0x0e9c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
18:31:20.0555 0x0e9c  BDESVC - ok
18:31:20.0571 0x0e9c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:31:20.0608 0x0e9c  Beep - ok
18:31:20.0677 0x0e9c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
18:31:20.0731 0x0e9c  BFE - ok
18:31:20.0803 0x0e9c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
18:31:20.0885 0x0e9c  BITS - ok
18:31:20.0919 0x0e9c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:31:20.0947 0x0e9c  blbdrive - ok
18:31:21.0033 0x0e9c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:31:21.0053 0x0e9c  Bonjour Service - ok
18:31:21.0095 0x0e9c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:31:21.0108 0x0e9c  bowser - ok
18:31:21.0126 0x0e9c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:31:21.0150 0x0e9c  BrFiltLo - ok
18:31:21.0173 0x0e9c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:31:21.0199 0x0e9c  BrFiltUp - ok
18:31:21.0263 0x0e9c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
18:31:21.0329 0x0e9c  Browser - ok
18:31:21.0382 0x0e9c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:31:21.0445 0x0e9c  Brserid - ok
18:31:21.0465 0x0e9c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:31:21.0496 0x0e9c  BrSerWdm - ok
18:31:21.0520 0x0e9c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:31:21.0531 0x0e9c  BrUsbMdm - ok
18:31:21.0538 0x0e9c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:31:21.0578 0x0e9c  BrUsbSer - ok
18:31:21.0598 0x0e9c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:31:21.0627 0x0e9c  BTHMODEM - ok
18:31:21.0676 0x0e9c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
18:31:21.0714 0x0e9c  bthserv - ok
18:31:21.0748 0x0e9c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:31:21.0791 0x0e9c  cdfs - ok
18:31:21.0856 0x0e9c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:31:21.0908 0x0e9c  cdrom - ok
18:31:21.0983 0x0e9c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:31:22.0043 0x0e9c  CertPropSvc - ok
18:31:22.0080 0x0e9c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:31:22.0099 0x0e9c  circlass - ok
18:31:22.0141 0x0e9c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
18:31:22.0164 0x0e9c  CLFS - ok
18:31:22.0222 0x0e9c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:31:22.0232 0x0e9c  clr_optimization_v2.0.50727_32 - ok
18:31:22.0292 0x0e9c  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:31:22.0305 0x0e9c  clr_optimization_v4.0.30319_32 - ok
18:31:22.0419 0x0e9c  [ C669A972248A5DE9708A01B992E13F42, 40BF8A74B0CCD31011EAA0557EACD15C58213A1810B5805A70ACF21F5AC427DC ] CltMngSvc       C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
18:31:22.0619 0x0e9c  CltMngSvc - ok
18:31:22.0644 0x0e9c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:31:22.0671 0x0e9c  CmBatt - ok
18:31:22.0693 0x0e9c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:31:22.0703 0x0e9c  cmdide - ok
18:31:22.0760 0x0e9c  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
18:31:22.0792 0x0e9c  CNG - ok
18:31:22.0807 0x0e9c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:31:22.0817 0x0e9c  Compbatt - ok
18:31:22.0880 0x0e9c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:31:22.0914 0x0e9c  CompositeBus - ok
18:31:22.0935 0x0e9c  COMSysApp - ok
18:31:22.0962 0x0e9c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:31:22.0971 0x0e9c  crcdisk - ok
18:31:23.0028 0x0e9c  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:31:23.0092 0x0e9c  CryptSvc - ok
18:31:23.0143 0x0e9c  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
18:31:23.0193 0x0e9c  CSC - ok
18:31:23.0241 0x0e9c  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
18:31:23.0280 0x0e9c  CscService - ok
18:31:23.0314 0x0e9c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:31:23.0364 0x0e9c  DcomLaunch - ok
18:31:23.0403 0x0e9c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
18:31:23.0451 0x0e9c  defragsvc - ok
18:31:23.0511 0x0e9c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:31:23.0553 0x0e9c  DfsC - ok
18:31:23.0619 0x0e9c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:31:23.0690 0x0e9c  Dhcp - ok
18:31:23.0713 0x0e9c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
18:31:23.0754 0x0e9c  discache - ok
18:31:23.0797 0x0e9c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:31:23.0806 0x0e9c  Disk - ok
18:31:23.0844 0x0e9c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:31:23.0894 0x0e9c  Dnscache - ok
18:31:23.0935 0x0e9c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:31:23.0980 0x0e9c  dot3svc - ok
18:31:24.0036 0x0e9c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
18:31:24.0081 0x0e9c  DPS - ok
18:31:24.0121 0x0e9c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:31:24.0140 0x0e9c  drmkaud - ok
18:31:24.0195 0x0e9c  [ 651554E483712B708EDE864D0CA1AA73, A016C03D630A2FF7FC44B826DEA890F5AC09DD270588CEAD05F63A5A0AC79249 ] DrvAgent32      C:\Windows\system32\Drivers\DrvAgent32.sys
18:31:24.0224 0x0e9c  DrvAgent32 - detected UnsignedFile.Multi.Generic ( 1 )
18:31:27.0055 0x0e9c  Detect skipped due to KSN trusted
18:31:27.0056 0x0e9c  DrvAgent32 - ok
18:31:27.0144 0x0e9c  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:31:27.0197 0x0e9c  DXGKrnl - ok
18:31:27.0234 0x0e9c  EagleXNt - ok
18:31:27.0271 0x0e9c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
18:31:27.0323 0x0e9c  EapHost - ok
18:31:27.0468 0x0e9c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
18:31:27.0677 0x0e9c  ebdrv - ok
18:31:27.0717 0x0e9c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS             C:\Windows\System32\lsass.exe
18:31:27.0762 0x0e9c  EFS - ok
18:31:27.0855 0x0e9c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:31:27.0968 0x0e9c  ehRecvr - ok
18:31:28.0007 0x0e9c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
18:31:28.0075 0x0e9c  ehSched - ok
18:31:28.0195 0x0e9c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:31:28.0258 0x0e9c  elxstor - ok
18:31:28.0293 0x0e9c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:31:28.0343 0x0e9c  ErrDev - ok
18:31:28.0403 0x0e9c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
18:31:28.0451 0x0e9c  EventSystem - ok
18:31:28.0506 0x0e9c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:31:28.0571 0x0e9c  exfat - ok
18:31:28.0614 0x0e9c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:31:28.0726 0x0e9c  fastfat - ok
18:31:28.0876 0x0e9c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
18:31:29.0066 0x0e9c  Fax - ok
18:31:29.0124 0x0e9c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:31:29.0227 0x0e9c  fdc - ok
18:31:29.0476 0x0e9c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
18:31:29.0544 0x0e9c  fdPHost - ok
18:31:29.0568 0x0e9c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:31:29.0635 0x0e9c  FDResPub - ok
18:31:29.0676 0x0e9c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:31:29.0717 0x0e9c  FileInfo - ok
18:31:29.0789 0x0e9c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:31:30.0010 0x0e9c  Filetrace - ok
18:31:30.0036 0x0e9c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:31:30.0097 0x0e9c  flpydisk - ok
18:31:30.0129 0x0e9c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:31:30.0144 0x0e9c  FltMgr - ok
18:31:30.0270 0x0e9c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
18:31:30.0654 0x0e9c  FontCache - ok
18:31:30.0783 0x0e9c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:31:30.0793 0x0e9c  FontCache3.0.0.0 - ok
18:31:30.0902 0x0e9c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:31:30.0918 0x0e9c  FsDepends - ok
18:31:31.0123 0x0e9c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:31:31.0144 0x0e9c  Fs_Rec - ok
18:31:31.0316 0x0e9c  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:31:31.0357 0x0e9c  fvevol - ok
18:31:31.0616 0x0e9c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:31:31.0661 0x0e9c  gagp30kx - ok
18:31:31.0717 0x0e9c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:31:31.0727 0x0e9c  GEARAspiWDM - ok
18:31:31.0804 0x0e9c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:31:31.0970 0x0e9c  gpsvc - ok
18:31:32.0123 0x0e9c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:31:32.0143 0x0e9c  gupdate - ok
18:31:32.0178 0x0e9c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:31:32.0202 0x0e9c  gupdatem - ok
18:31:32.0307 0x0e9c  [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
18:31:32.0316 0x0e9c  hamachi - ok
18:31:32.0352 0x0e9c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:31:32.0392 0x0e9c  hcw85cir - ok
18:31:32.0459 0x0e9c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:31:32.0510 0x0e9c  HdAudAddService - ok
18:31:32.0536 0x0e9c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:31:32.0550 0x0e9c  HDAudBus - ok
18:31:32.0575 0x0e9c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:31:32.0585 0x0e9c  HidBatt - ok
18:31:32.0599 0x0e9c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:31:32.0627 0x0e9c  HidBth - ok
18:31:32.0658 0x0e9c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:31:32.0684 0x0e9c  HidIr - ok
18:31:32.0725 0x0e9c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
18:31:32.0767 0x0e9c  hidserv - ok
18:31:32.0836 0x0e9c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:31:32.0881 0x0e9c  HidUsb - ok
18:31:32.0935 0x0e9c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:31:32.0988 0x0e9c  hkmsvc - ok
18:31:33.0031 0x0e9c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:31:33.0059 0x0e9c  HomeGroupListener - ok
18:31:33.0100 0x0e9c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:31:33.0149 0x0e9c  HomeGroupProvider - ok
18:31:33.0245 0x0e9c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:31:33.0282 0x0e9c  HpSAMD - ok
18:31:33.0383 0x0e9c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:31:33.0429 0x0e9c  HTTP - ok
18:31:33.0500 0x0e9c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:31:33.0508 0x0e9c  hwpolicy - ok
18:31:33.0552 0x0e9c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:31:33.0636 0x0e9c  i8042prt - ok
18:31:33.0726 0x0e9c  [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:31:33.0763 0x0e9c  iaStorV - ok
18:31:33.0872 0x0e9c  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:31:33.0924 0x0e9c  idsvc - ok
18:31:33.0972 0x0e9c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:31:33.0982 0x0e9c  iirsp - ok
18:31:34.0050 0x0e9c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:31:34.0127 0x0e9c  IKEEXT - ok
18:31:34.0404 0x0e9c  [ 3914EA9111DBEFFAF1C68200817768AD, 56ECF70477CB0E4630ADEE2E5ECEEBC34F3DAF7CB73AB227BD7DD876170A21CA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:31:34.0600 0x0e9c  IntcAzAudAddService - ok
18:31:34.0656 0x0e9c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:31:34.0666 0x0e9c  intelide - ok
18:31:34.0701 0x0e9c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:31:34.0713 0x0e9c  intelppm - ok
18:31:34.0738 0x0e9c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:31:34.0779 0x0e9c  IPBusEnum - ok
18:31:34.0805 0x0e9c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:31:34.0843 0x0e9c  IpFilterDriver - ok
18:31:34.0926 0x0e9c  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:31:34.0982 0x0e9c  iphlpsvc - ok
18:31:35.0017 0x0e9c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:31:35.0029 0x0e9c  IPMIDRV - ok
18:31:35.0056 0x0e9c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:31:35.0100 0x0e9c  IPNAT - ok
18:31:35.0174 0x0e9c  [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:31:35.0211 0x0e9c  iPod Service - ok
18:31:35.0252 0x0e9c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:31:35.0264 0x0e9c  IRENUM - ok
18:31:35.0287 0x0e9c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:31:35.0298 0x0e9c  isapnp - ok
18:31:35.0342 0x0e9c  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:31:35.0357 0x0e9c  iScsiPrt - ok
18:31:35.0389 0x0e9c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:31:35.0400 0x0e9c  kbdclass - ok
18:31:35.0431 0x0e9c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:31:35.0459 0x0e9c  kbdhid - ok
18:31:35.0481 0x0e9c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso          C:\Windows\system32\lsass.exe
18:31:35.0491 0x0e9c  KeyIso - ok
18:31:35.0532 0x0e9c  [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:31:35.0547 0x0e9c  KSecDD - ok
18:31:35.0569 0x0e9c  [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:31:35.0583 0x0e9c  KSecPkg - ok
18:31:35.0623 0x0e9c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:31:35.0676 0x0e9c  KtmRm - ok
18:31:35.0709 0x0e9c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:31:35.0761 0x0e9c  LanmanServer - ok
18:31:35.0791 0x0e9c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:31:35.0830 0x0e9c  LanmanWorkstation - ok
18:31:35.0872 0x0e9c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:31:35.0912 0x0e9c  lltdio - ok
18:31:35.0948 0x0e9c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:31:35.0979 0x0e9c  lltdsvc - ok
18:31:36.0000 0x0e9c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:31:36.0040 0x0e9c  lmhosts - ok
18:31:36.0077 0x0e9c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:31:36.0089 0x0e9c  LSI_FC - ok
18:31:36.0102 0x0e9c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:31:36.0113 0x0e9c  LSI_SAS - ok
18:31:36.0127 0x0e9c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:31:36.0137 0x0e9c  LSI_SAS2 - ok
18:31:36.0144 0x0e9c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:31:36.0156 0x0e9c  LSI_SCSI - ok
18:31:36.0173 0x0e9c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:31:36.0215 0x0e9c  luafv - ok
18:31:36.0282 0x0e9c  [ 144011D14BD35F4E36136AE057B1AADD, 63917B1E00FE5C320259A03E52A8E4A22E1B3C08E69EF3DEDD3B9F5043994291 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
18:31:36.0295 0x0e9c  LUsbFilt - ok
18:31:36.0351 0x0e9c  [ D8C0B2EB928D57C928522EFF500C4BA8, B7261AB2DD262140489087C1A8F1A1DA5EE6373D453E5BC8A3F7B93A5540CE6C ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv.sys
18:31:36.0393 0x0e9c  ManyCam - ok
18:31:36.0457 0x0e9c  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:31:36.0482 0x0e9c  MBAMProtector - ok
18:31:36.0578 0x0e9c  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:31:36.0606 0x0e9c  MBAMScheduler - ok
18:31:36.0650 0x0e9c  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:31:36.0678 0x0e9c  MBAMService - ok
18:31:36.0728 0x0e9c  [ DFAA87E30868FE4CB7D335837A4BF39C, 7BB65D4DC5CA2A4B4FE531F23E217CFA8BCFFE20E78BF18B04486345FC1E0B6E ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv.sys
18:31:36.0768 0x0e9c  mcaudrv_simple - ok
18:31:36.0805 0x0e9c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:31:36.0818 0x0e9c  Mcx2Svc - ok
18:31:36.0841 0x0e9c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:31:36.0850 0x0e9c  megasas - ok
18:31:36.0890 0x0e9c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:31:36.0916 0x0e9c  MegaSR - ok
18:31:37.0015 0x0e9c  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:31:37.0040 0x0e9c  Microsoft Office Groove Audit Service - ok
18:31:37.0073 0x0e9c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
18:31:37.0124 0x0e9c  MMCSS - ok
18:31:37.0144 0x0e9c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
18:31:37.0185 0x0e9c  Modem - ok
18:31:37.0223 0x0e9c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:31:37.0263 0x0e9c  monitor - ok
18:31:37.0296 0x0e9c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:31:37.0306 0x0e9c  mouclass - ok
18:31:37.0372 0x0e9c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:31:37.0406 0x0e9c  mouhid - ok
18:31:37.0459 0x0e9c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:31:37.0471 0x0e9c  mountmgr - ok
18:31:37.0559 0x0e9c  [ 8A7C8F4C713E70D73946833D76B77035, 75D07F56B8F7D50E85F6576427E8DAA3A27384F53AC31753B6213CBD011C1DEF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:31:37.0595 0x0e9c  MozillaMaintenance - ok
18:31:37.0646 0x0e9c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:31:37.0662 0x0e9c  mpio - ok
18:31:37.0697 0x0e9c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:31:37.0741 0x0e9c  mpsdrv - ok
18:31:37.0853 0x0e9c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:31:37.0981 0x0e9c  MpsSvc - ok
18:31:38.0022 0x0e9c  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:31:38.0042 0x0e9c  MRxDAV - ok
18:31:38.0090 0x0e9c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:31:38.0218 0x0e9c  mrxsmb - ok
18:31:38.0327 0x0e9c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:31:38.0367 0x0e9c  mrxsmb10 - ok
18:31:38.0436 0x0e9c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:31:38.0489 0x0e9c  mrxsmb20 - ok
18:31:38.0560 0x0e9c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:31:38.0578 0x0e9c  msahci - ok
18:31:38.0623 0x0e9c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:31:38.0635 0x0e9c  msdsm - ok
18:31:38.0659 0x0e9c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
18:31:38.0745 0x0e9c  MSDTC - ok
18:31:38.0833 0x0e9c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:31:38.0886 0x0e9c  Msfs - ok
18:31:38.0928 0x0e9c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:31:38.0955 0x0e9c  mshidkmdf - ok
18:31:39.0011 0x0e9c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:31:39.0044 0x0e9c  msisadrv - ok
18:31:39.0095 0x0e9c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:31:39.0150 0x0e9c  MSiSCSI - ok
18:31:39.0159 0x0e9c  msiserver - ok
18:31:39.0199 0x0e9c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:31:39.0241 0x0e9c  MSKSSRV - ok
18:31:39.0282 0x0e9c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:31:39.0318 0x0e9c  MSPCLOCK - ok
18:31:39.0347 0x0e9c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:31:39.0369 0x0e9c  MSPQM - ok
18:31:39.0394 0x0e9c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:31:39.0409 0x0e9c  MsRPC - ok
18:31:39.0459 0x0e9c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:31:39.0468 0x0e9c  mssmbios - ok
18:31:39.0488 0x0e9c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:31:39.0509 0x0e9c  MSTEE - ok
18:31:39.0553 0x0e9c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:31:39.0589 0x0e9c  MTConfig - ok
18:31:39.0624 0x0e9c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:31:39.0647 0x0e9c  Mup - ok
18:31:39.0689 0x0e9c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
18:31:39.0727 0x0e9c  napagent - ok
18:31:39.0769 0x0e9c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:31:39.0790 0x0e9c  NativeWifiP - ok
18:31:39.0850 0x0e9c  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:31:39.0889 0x0e9c  NDIS - ok
18:31:39.0915 0x0e9c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:31:39.0949 0x0e9c  NdisCap - ok
18:31:39.0983 0x0e9c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:31:40.0025 0x0e9c  NdisTapi - ok
18:31:40.0055 0x0e9c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:31:40.0106 0x0e9c  Ndisuio - ok
18:31:40.0151 0x0e9c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:31:40.0241 0x0e9c  NdisWan - ok
18:31:40.0278 0x0e9c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:31:40.0306 0x0e9c  NDProxy - ok
18:31:40.0349 0x0e9c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:31:40.0395 0x0e9c  NetBIOS - ok
18:31:40.0435 0x0e9c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:31:40.0479 0x0e9c  NetBT - ok
18:31:40.0504 0x0e9c  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon        C:\Windows\system32\lsass.exe
18:31:40.0513 0x0e9c  Netlogon - ok
18:31:40.0541 0x0e9c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
18:31:40.0573 0x0e9c  Netman - ok
18:31:40.0629 0x0e9c  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:31:40.0644 0x0e9c  NetMsmqActivator - ok
18:31:40.0654 0x0e9c  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:31:40.0666 0x0e9c  NetPipeActivator - ok
18:31:40.0697 0x0e9c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
18:31:40.0738 0x0e9c  netprofm - ok
18:31:40.0762 0x0e9c  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:31:40.0775 0x0e9c  NetTcpActivator - ok
18:31:40.0783 0x0e9c  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:31:40.0796 0x0e9c  NetTcpPortSharing - ok
18:31:40.0829 0x0e9c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:31:40.0839 0x0e9c  nfrd960 - ok
18:31:40.0889 0x0e9c  [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:31:40.0980 0x0e9c  NlaSvc - ok
18:31:41.0009 0x0e9c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:31:41.0055 0x0e9c  Npfs - ok
18:31:41.0089 0x0e9c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
18:31:41.0135 0x0e9c  nsi - ok
18:31:41.0172 0x0e9c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:31:41.0194 0x0e9c  nsiproxy - ok
18:31:41.0273 0x0e9c  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:31:41.0345 0x0e9c  Ntfs - ok
18:31:41.0359 0x0e9c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
18:31:41.0394 0x0e9c  Null - ok
18:31:41.0457 0x0e9c  [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
18:31:41.0520 0x0e9c  NVENETFD - ok
18:31:41.0549 0x0e9c  [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:31:41.0563 0x0e9c  nvraid - ok
18:31:41.0603 0x0e9c  [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:31




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users