# Regedit & Msconfig won't open...



## RushMaster (Jun 27, 2007)

Hello.

I'm having an issue opening my msconfig or regedit. After I click to open it, I get the loading icon for a few seconds, but nothing ends up happening. After doing so, my start menu locks up and I can't even get back into my run prompt or anything else for that matter, and I have to shut down my pc by using ctrl+alt+del. Briefly before my PC shuts down, I see an error screen come up that says "too many 16 bit applications are open to open regedit, close some before trying again" And I've went through in safe mode and turned off as many startup applications as I can see that I don't need, but the error is still happening in normal startup. I can only modify things in safe mode, which doesn't help me in the long haul. I've tried running malwarebytes, nothing gets found. I'm at a loss here. I reckon theres probably a virus of some sort, but its definitely not being picked up by my scans.

I should also note that even trying to uninstall some applications through my uninstall screen in the control panel, it ends up locking up during that as well. Then I get a message saying "please wait for the current application to uninstall before doing another one" But the current one never does end up uninstalling. So I'm confused. Please help! Thanks.


----------



## TheShooter93 (Jul 10, 2008)

It sounds like your operating system is corrupted. Why, I don't know - possibly malware. Have you had any symptoms other than these?

Also, do you have your operating system CD/DVD?


----------



## RushMaster (Jun 27, 2007)

I haven't noticed much else besides this. And yes i do.


----------



## TheShooter93 (Jul 10, 2008)

OK, good. :up:

Before we put the OS DVD to work, let's make sure that you cannot open these applications while in Safe Mode.

-----------------------------------------------------------------------------------

*Boot into Safe Mode*

While the computer is turning on, tap *F8* repeatedly until a black screen with white text appears.

Using your arrow keys highlight the option *Safe Mode* and hit Enter.


----------



## RushMaster (Jun 27, 2007)

Alright i'll try again in safe mode.

Side note: I've noticed that malwarebytes is finding 1 issue now called background container. conduit something or other. Some kind of rundll issue. I've removed it several times but malwarebytes keeps finding it. I'm going to attempt to remove an applicate via safe mode now. As well as see that msconfig and regedit still work in safe mode. 

I just located my windows disc in case i need it. Thanks for the help so far.


----------



## RushMaster (Jun 27, 2007)

Everything seems to be working normal in safe mode. Control panel is letting me uninstall applications again, I'm able to load regedit and msconfig.


----------



## blues_harp28 (Jan 9, 2005)

While waiting for TheShooter93 to return.

Start Malwarebytes again.
Click History > Application Logs.
Select the most recent scan log.
Click View.
Select Export >Text File.
Name it mbam > then save it on the desktop.
Copy and paste its contents in the reply box below.
======
Download AdwCleaner to your desktop.
http://www.bleepingcomputer.com/download/adwcleaner/
Click on the *Download Now @BleepingComputer * button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close any browsers that may be open - double click on the ADWCleaner icon on your desktop

Click on the *Scan* button.
Let it scan your Pc - when that is done click on the *Clean* button.
Allow it to clean and reboot your Pc.
The report will appear on your desktop - Copy and Paste it into your next post.


----------



## RushMaster (Jun 27, 2007)

Will try your suggestion now. mbam attached.


----------



## RushMaster (Jun 27, 2007)

Software didnt open. Loading icon for about 5 seconds, then nothing. Same as all my other small software. Only things that are working at the moment are malwarebytes, google chrome, and games. I can't even update itunes because it gets to the very end of installation and then just stops. Then I can't even close it or cancel it either. It's being very picky about what it will run and what it wont.


----------



## blues_harp28 (Jan 9, 2005)

What anti-virus program do you have installed - will that update and can you scan your pc?

Click on Start - Search - Type
cmd 
Right click on cmd select Run as Administrator. 
At the Command Prompt - Type 
sfc /scannow 
(Note space after sfc)

Press Enter. 
Let it run to completion - but do not close the cmd window.

To save the log file.
Copy and Paste the following command in Command Prompt.
Press Enter

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

On your desktop you will see a text file called sfcdetails.txt
Copy and Paste into your next post.


----------



## RushMaster (Jun 27, 2007)

http://tinypic.com/r/2r5x550/8

So that message is the one that comes up whenever I go to **** down, so i attempted to do what it suggested, and randomly when I opened sysconfig and randomly certain applications started working again.


----------



## RushMaster (Jun 27, 2007)

Also it brought up that AdwCleaner program so I ran it, only to find that it decided amongst itself to delete programs off my PC that I didn't want rid of. What kind of software is that? Now I have to reinstall VUZE and a couple other ones.


----------



## RushMaster (Jun 27, 2007)

blues_harp28 said:


> What anti-virus program do you have installed - will that update and can you scan your pc?
> 
> Click on Start - Search - Type
> cmd
> ...


I can't use the type box in my start menu its not working. All icons and the text box on my start menu are not functioning or anything.


----------



## RushMaster (Jun 27, 2007)

adwcleaner log.


----------



## blues_harp28 (Jan 9, 2005)

Please post the log files - easier for all to see 

# AdwCleaner v3.208 - Report created 15/05/2014 at 17:21:27
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Millar - CRAIG
# Running from : C:\Users\Millar\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Millar\AppData\Local\AppsHat Mobile Apps
Folder Deleted : C:\Users\Millar\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Millar\AppData\Local\Conduit
Folder Deleted : C:\Users\Millar\AppData\Local\genienext
Folder Deleted : C:\Users\Millar\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Millar\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Millar\AppData\Local\webplayer
Folder Deleted : C:\Users\Millar\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Millar\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Millar\AppData\LocalLow\Vuze_Remote
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DA69494-FF13-420E-B5C9-0173357FF55A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN57518500816707361&ctid=CT3311875&UM=2
Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
Deleted [Extension] : mpcknfcdcgpffjddjeceioobdelceffo

*************************

AdwCleaner[R0].txt - [5558 octets] - [15/05/2014 17:20:24]
AdwCleaner[S0].txt - [5709 octets] - [15/05/2014 17:21:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5769 octets] ##########


----------



## blues_harp28 (Jan 9, 2005)

AdwCleaner has a quarantine folder if you need a program that it has removed.
C:\AdwCleaner
Vuze is a torrent download software and may leave you open to infections.

What anti-virus program do you have installed - will that update and can you scan your pc?
If you can download Security Check by screen317 from.
http://screen317.spywareinfoforum.org/
Or
http://www.bleepingcomputer.com/download/securitycheck/dl/123/

Save it to your Desktop.
Double click the install icon.
If using Vista - Win 7 - right click the install icon and select "Run as Administrator"
A command Prompt window will open.
Let it scan the Pc - press any key when asked.
It should now open in Notepad.
Copy and Paste the result of the scan in the reply box below.


----------



## RushMaster (Jun 27, 2007)

Would it be an idea to run combo fix in safe mode? Scans aren't coming up with anything.


----------



## RushMaster (Jun 27, 2007)

blues_harp28 said:


> AdwCleaner has a quarantine folder if you need a program that it has removed.
> C:\AdwCleaner
> Vuze is a torrent download software and may leave you open to infections.
> 
> ...


That won't open either.


----------



## blues_harp28 (Jan 9, 2005)

Combofix should only be run with help from a Malware Expert. I am not a Malware Expert.
If Combofix is run incorrectly the system may become unstable and can even refuse to restart.

I will ask a Malware Expert to check your post but they are very busy and it may take some time for them to help you

This still needs to be answered.
'What anti-virus program do you have installed - will that update and can you scan your pc?'

Edit.
Message has been sent to a Malware Expert.


----------



## RushMaster (Jun 27, 2007)

Avg. Updated and scanned. No results


----------



## blues_harp28 (Jan 9, 2005)

RushMaster said:


> Avg. Updated and scanned. No results


:up:


----------



## TheShooter93 (Jul 10, 2008)

Posted for the benefit of the OP:

Only Trusted Advisors







and Malware Removal Specialists







are allowed to analyze HijackThis logs or help with malware removal of any kind.

If anyone without these designations offers advice on malware removal, do *not* follow them and report their post.


----------



## RushMaster (Jun 27, 2007)

Ok no problem. So what's the next step here guys. I have a good feeling about doing a repair with the installation cd. However I want to keep all settings and programs etc. I read up on a inside repair it's called. Can we give that a go?


----------



## TheShooter93 (Jul 10, 2008)

Hey guys, sorry my delay in responding, *RushMaster*. 



RushMaster said:


> Side note: I've noticed that malwarebytes is finding 1 issue now called background container. conduit something or other.


I'm currently in training to become a malware removal specialist, and while I can't help remove the infection, I can further advise seeking help from one of the Malware Removal Specialists here as I am familiar with the infection. While this type of infection is just Adware, it is malicious nonetheless.



RushMaster said:


> Everything seems to be working normal in safe mode. Control panel is letting me uninstall applications again, I'm able to load regedit and msconfig.


This indicates that something that is running in Windows normally that is not in Safe Mode is preventing you from launching native applications within Windows - sounds like you may have something more than a Conduit infection, but it really isn't for me to say for sure.



RushMaster said:


> Ok no problem. So what's the next step here guys. I have a good feeling about doing a repair with the installation cd. However I want to keep all settings and programs etc. I read up on a inside repair it's called. Can we give that a go?


You can try this process, yes. But given the symptoms you're reporting (especially the fact that everything functions fine within Safe Mode), I'm leaning towards malware interference, and Repair Install would just replace Windows files.


----------



## Mark1956 (May 7, 2011)

Hi RushMaster, I will have this moved to the Malware forum while we check your system for infections.

Please run this scan and post both of the logs produced, it is best run in Normal Mode, but if it won't then please use Safe Mode. Please also run Adwcleaner again, just the same way as you did before and post the new log. Please always Copy & Paste logs into your replies.

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note:* If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click on FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the* Scan* button. *DO NOT* check any of the Optional Scan options unless requested.
It will make a log (*FRST.txt*) in the same directory the tool is run from. Please copy and paste it into your next reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.


----------



## RushMaster (Jun 27, 2007)

Won't open in normal mode. Tried to restart to go into safe mode and it takes a very long time to shut down, and just before it does i get that error message again about too many 16 bit applications running. Makes no sense. Going to try and run both programs in safe mode.


----------



## RushMaster (Jun 27, 2007)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Millar (administrator) on CRAIG on 16-05-2014 09:21:23
Running from C:\Users\Millar\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Lycosa] => C:\Program Files (x86)\Razer\Lycosa\razerhid.exe [147456 2007-11-20] (Razer USA Ltd.)
HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [159744 2007-05-07] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4256569920-867320557-3977783850-1000\...\MountPoints2: {d36fb75e-59b3-11e2-af15-806e6f6e6963} - D:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x68A5B9966615CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {97345471-0A63-4773-971B-337FFE5335A2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN36252780597309719&UM=2
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{D3103DA3-9219-4F5A-A448-A88473116F6A}: [NameServer]192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR HomePage: chrome://apps/
CHR StartupUrls: "chrome://apps/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (YouTube) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-07]
CHR Extension: (Facebook) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-01-07]
CHR Extension: (Twitter for Chrome) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdoinklelehcpndgmcddkkdhibpoglnk [2014-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-01-07]
CHR Extension: (Google Search) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-07]
CHR Extension: (Crackle) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-02-03]
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2013-06-14]
CHR Extension: (Google Wallet) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Outlook.com) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-01-07]
CHR Extension: (Gmail) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-07]
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Millar\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-03]
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Millar\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-03]

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited)
S2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( )
S2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( )
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-01-22] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1309696 2014-01-22] (Research In Motion Limited)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-04-25] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [142424 2013-04-25] (SlySoft, Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2011-08-08] (BIOSTAR Group)
S1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2011-08-08] (BIOSTAR Group)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [33408 2013-01-12] (B.H.A Corporation)
R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [13824 2007-04-12] (Razer (Asia-Pacific) Pte Ltd)
R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [55136 2013-11-08] (VSO Software)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-01-22] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-16 09:21 - 2014-05-16 09:21 - 00010887 _____ () C:\Users\Millar\Desktop\FRST.txt
2014-05-16 09:20 - 2014-05-16 09:21 - 00000000 ____D () C:\FRST
2014-05-16 09:12 - 2014-05-16 09:12 - 02067456 _____ (Farbar) C:\Users\Millar\Desktop\FRST64.exe
2014-05-15 17:59 - 2014-05-15 17:59 - 00854367 _____ () C:\Users\Millar\Downloads\SecurityCheck.exe
2014-05-15 17:31 - 2014-05-15 17:31 - 00005865 _____ () C:\Users\Millar\Desktop\AdwCleaner[S0].txt
2014-05-15 17:20 - 2014-05-15 17:22 - 00000000 ____D () C:\AdwCleaner
2014-05-15 17:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-15 17:15 - 2014-05-15 17:16 - 05200050 _____ (Swearware) C:\Users\Millar\Downloads\ComboFix.exe
2014-05-15 17:12 - 2014-05-15 17:13 - 01325827 _____ () C:\Users\Millar\Downloads\AdwCleaner.exe
2014-05-15 17:10 - 2014-05-15 17:10 - 00002334 _____ () C:\Users\Millar\Downloads\mbam.txt
2014-05-15 17:08 - 2014-05-15 17:08 - 00002334 _____ () C:\Users\Millar\Desktop\mbam.txt
2014-05-15 16:59 - 2014-05-15 16:59 - 00921512 _____ (Oracle Corporation) C:\Users\Millar\Downloads\chromeinstall-7u55.exe
2014-05-15 16:51 - 2014-05-15 16:51 - 00000000 ____D () C:\$WINDOWS.~BT
2014-05-15 16:45 - 2014-05-15 16:46 - 27769568 _____ (Microsoft Corporation) C:\Users\Millar\Downloads\Windows-KB890830-x64-V5.12.exe
2014-05-15 16:44 - 2014-05-15 16:54 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-15 16:44 - 2014-05-15 16:54 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-15 16:42 - 2014-05-15 16:42 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Millar\Downloads\tdsskiller.exe
2014-05-15 16:38 - 2014-05-15 16:38 - 00347816 _____ (Microsoft Corporation) C:\Users\Millar\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.150323617025196072.2.2.Run.exe
2014-05-15 16:37 - 2014-05-15 16:37 - 00347816 _____ (Microsoft Corporation) C:\Users\Millar\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.150323617025196072.2.1.Run.exe
2014-05-15 14:39 - 2014-05-15 14:42 - 112623440 _____ (Apple Inc.) C:\Users\Millar\Downloads\iTunes64Setup.exe
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieUserList
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieSiteList
2014-05-14 20:02 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 20:02 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 20:02 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 20:02 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 20:02 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 20:02 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 13:35 - 2014-05-14 13:35 - 01642566 _____ () C:\Users\Millar\Downloads\Snap-2_0_0_2.bar
2014-05-14 13:24 - 2014-05-14 13:24 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
2014-05-14 13:24 - 2014-05-14 13:24 - 00000000 ____D () C:\Users\Millar\AppData\Local\AOL
2014-05-14 13:22 - 2014-05-14 13:22 - 04126645 _____ () C:\Users\Millar\Downloads\com.snapchat.android.apk
2014-05-14 12:42 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 12:42 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 12:42 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 12:42 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 12:42 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 12:42 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 12:42 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 12:42 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 12:42 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 12:42 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 12:42 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 12:42 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 12:42 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 12:42 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:42 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 12:42 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 12:42 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 12:42 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 12:42 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 12:42 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 12:42 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 12:42 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 12:42 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 12:42 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 12:42 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 12:42 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 12:42 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:42 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 12:42 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:42 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 12:42 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 12:42 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 12:42 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 12:42 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-09 13:05 - 2014-05-09 13:05 - 00021040 _____ () C:\Users\Millar\Documents\Track 4 - 1.sfk
2014-05-09 13:04 - 2014-05-09 13:05 - 05371906 _____ () C:\Users\Millar\Documents\Track 4 - 1.wav
2014-05-09 13:04 - 2014-05-09 13:04 - 00033792 _____ () C:\Users\Millar\Documents\Track 3 - 6.sfk
2014-05-09 13:03 - 2014-05-09 13:04 - 08637226 _____ () C:\Users\Millar\Documents\Track 3 - 6.wav
2014-05-09 13:03 - 2014-05-09 13:03 - 03270694 _____ () C:\Users\Millar\Documents\Track 3 - 5.wav
2014-05-09 13:03 - 2014-05-09 13:03 - 00033584 _____ () C:\Users\Millar\Documents\Track 3 - 4.sfk
2014-05-09 13:03 - 2014-05-09 13:03 - 00012832 _____ () C:\Users\Millar\Documents\Track 3 - 5.sfk
2014-05-09 13:02 - 2014-05-09 13:03 - 08583286 _____ () C:\Users\Millar\Documents\Track 3 - 4.wav
2014-05-09 13:02 - 2014-05-09 13:02 - 00016688 _____ () C:\Users\Millar\Documents\Track 3 - 3.sfk
2014-05-09 13:01 - 2014-05-09 13:02 - 04256918 _____ () C:\Users\Millar\Documents\Track 3 - 3.wav
2014-05-09 13:01 - 2014-05-09 13:01 - 00757154 _____ () C:\Users\Millar\Documents\Track 3 - 2.wav
2014-05-09 13:01 - 2014-05-09 13:01 - 00003016 _____ () C:\Users\Millar\Documents\Track 3 - 2.sfk
2014-05-09 12:57 - 2014-05-09 12:57 - 00260832 _____ () C:\Users\Millar\Documents\Track 2 - 1.sfk
2014-05-09 12:50 - 2014-05-09 12:57 - 66759542 _____ () C:\Users\Millar\Documents\Track 2 - 1.wav
2014-05-09 12:49 - 2014-05-09 12:49 - 06446582 _____ () C:\Users\Millar\Documents\Track 3 - 1.wav
2014-05-09 12:49 - 2014-05-09 12:49 - 00025240 _____ () C:\Users\Millar\Documents\Track 3 - 1.sfk
2014-05-08 13:20 - 2014-05-08 13:20 - 00011422 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e22.hdtv.x264.lol.ettv.torrent
2014-05-08 13:17 - 2014-05-08 13:17 - 00031846 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e07.pdtv.x264.lol.ettv.torrent
2014-05-08 13:17 - 2014-05-08 13:17 - 00016755 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e08.pdtv.x264.lol.eztv.torrent
2014-05-08 13:07 - 2014-05-08 13:07 - 00071974 _____ () C:\Users\Millar\Downloads\[kickass.to]spiderman.1994.complete.animated.series.season.1.2.3.4.5.dvdrip (2).torrent
2014-05-06 20:00 - 2014-05-14 20:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 19:47 - 2014-05-06 19:47 - 00071974 _____ () C:\Users\Millar\Downloads\[kickass.to]spiderman.1994.complete.animated.series.season.1.2.3.4.5.dvdrip (1).torrent
2014-05-06 18:41 - 2014-05-06 18:41 - 00071974 _____ () C:\Users\Millar\Downloads\[kickass.to]spiderman.1994.complete.animated.series.season.1.2.3.4.5.dvdrip.torrent
2014-04-28 13:34 - 2014-04-28 13:34 - 00006439 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e20.hdtv.x264.lol.eztv.torrent
2014-04-28 13:34 - 2014-04-28 13:34 - 00006325 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e19.hdtv.x264.lol.eztv.torrent
2014-04-28 13:34 - 2014-04-28 13:34 - 00006138 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e21.hdtv.x264.lol.eztv.torrent
2014-04-28 13:33 - 2014-04-28 13:33 - 00013004 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e16.hdtv.x264.lol.ettv.torrent
2014-04-28 13:33 - 2014-04-28 13:33 - 00007132 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e18.hdtv.x264.lol.eztv.torrent
2014-04-28 13:33 - 2014-04-28 13:33 - 00005885 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e17.hdtv.x264.lol.eztv.torrent
2014-04-28 13:31 - 2014-04-28 13:31 - 00028766 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e06.pdtv.x264.lol.ettv.torrent
2014-04-28 13:30 - 2014-04-28 13:30 - 00016775 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e05.pdtv.x264.lol.eztv.torrent
2014-04-28 13:30 - 2014-04-28 13:30 - 00014439 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e04.pdtv.x264.lol.eztv.torrent
2014-04-28 13:29 - 2014-04-28 13:29 - 00030746 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e03.pdtv.x264.lol.ettv.torrent
2014-04-28 13:24 - 2014-04-28 13:24 - 00032103 _____ () C:\Users\Millar\Downloads\[kickass.to]the.ren.and.stimpy.show.complete.season1.5.mp4.torrent
2014-04-21 12:14 - 2014-04-21 12:14 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 01:27 - 2014-04-21 01:27 - 00011927 _____ () C:\Users\Millar\Downloads\[kickass.to]youre.next.2011.repack.720p.brrip.x264.ac3.jyk.torrent
2014-04-21 00:59 - 2014-04-21 00:59 - 00019857 _____ () C:\Users\Millar\Downloads\[kickass.to]you.re.next.2011.bluray.720p.dts.x264.mgb.etrg.torrent
2014-04-21 00:50 - 2014-04-21 00:50 - 00015011 _____ () C:\Users\Millar\Downloads\[kickass.to]a.haunted.house.2013.720p.brrip.x264.yify.torrent
2014-04-21 00:43 - 2014-04-21 00:43 - 00017097 _____ () C:\Users\Millar\Downloads\[kickass.to]the.40.year.old.virgin.2005.unrated.720p.x264.800mb.yify.torrent
2014-04-21 00:42 - 2014-04-21 00:42 - 00008274 _____ () C:\Users\Millar\Downloads\[kickass.to]ride.along.2014.720p.brrip.x264.yify.torrent
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 17:12 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-17 17:12 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-17 17:12 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-17 17:12 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-17 17:12 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-17 17:12 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-17 17:12 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-17 17:12 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-17 17:11 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-17 17:11 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-17 17:11 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-17 17:11 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-17 17:11 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-17 17:11 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-17 17:11 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-17 17:11 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-17 17:11 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-17 17:11 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-17 17:11 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-17 17:11 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-17 17:11 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-17 17:11 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-17 17:11 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-17 17:11 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-17 17:11 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-17 17:11 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-17 17:11 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-17 17:11 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-17 17:11 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-17 17:11 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-17 17:11 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-17 17:11 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-17 17:11 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-17 17:11 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-17 17:11 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-17 17:11 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-17 17:11 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-17 17:11 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-17 17:11 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-17 17:11 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-17 17:11 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-17 17:11 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-17 17:11 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-17 17:11 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-17 15:52 - 2014-04-17 15:52 - 00030503 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e02.pdtv.x264.lol.ettv.torrent
2014-04-17 15:46 - 2014-04-17 15:46 - 00018522 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.3.dark.of.the.moon.2011.1080p.brrip.1.7gb.yify (4).torrent
2014-04-17 15:45 - 2014-04-17 15:45 - 00018522 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.3.dark.of.the.moon.2011.1080p.brrip.1.7gb.yify (3).torrent
2014-04-17 15:45 - 2014-04-17 15:45 - 00018522 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.3.dark.of.the.moon.2011.1080p.brrip.1.7gb.yify (2).torrent
2014-04-17 15:45 - 2014-04-17 15:45 - 00018522 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.3.dark.of.the.moon.2011.1080p.brrip.1.7gb.yify (1).torrent
2014-04-17 15:44 - 2014-04-17 15:44 - 00019116 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.revenge.of.the.fallen.2009.1080p.bluray.yify.torrent
2014-04-17 15:44 - 2014-04-17 15:44 - 00018522 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.3.dark.of.the.moon.2011.1080p.brrip.1.7gb.yify.torrent
2014-04-17 14:40 - 2014-04-17 14:40 - 00016522 _____ () C:\Users\Millar\Downloads\[kickass.to]300.2006.1080p.bluray.x264.1.5gb.yify.torrent
2014-04-17 13:33 - 2014-04-17 13:33 - 00030066 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e01.return.to.amys.baking.co.pdtv.x264.2hd.ettv.torrent
2014-04-17 13:32 - 2014-04-17 13:32 - 00008883 _____ () C:\Users\Millar\Downloads\[kickass.to]paranormal.activity.the.marked.ones.2014.720p.brrip.x264.yify.torrent
2014-04-16 16:22 - 2014-04-16 16:22 - 00015014 _____ () C:\Users\Millar\Downloads\[kickass.to]hells.kitchen.us.s12e05.pdtv.x264.lol.eztv.torrent

==================== One Month Modified Files and Folders =======

2014-05-16 09:21 - 2014-05-16 09:21 - 00010887 _____ () C:\Users\Millar\Desktop\FRST.txt
2014-05-16 09:21 - 2014-05-16 09:20 - 00000000 ____D () C:\FRST
2014-05-16 09:16 - 2013-01-07 09:58 - 01536657 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 09:16 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 09:16 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 09:14 - 2013-01-07 23:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-16 09:12 - 2014-05-16 09:12 - 02067456 _____ (Farbar) C:\Users\Millar\Desktop\FRST64.exe
2014-05-16 09:09 - 2013-01-07 22:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-16 09:08 - 2013-01-07 22:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-16 09:08 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 09:08 - 2009-07-14 00:51 - 00001619 _____ () C:\Windows\setupact.log
2014-05-15 17:59 - 2014-05-15 17:59 - 00854367 _____ () C:\Users\Millar\Downloads\SecurityCheck.exe
2014-05-15 17:31 - 2014-05-15 17:31 - 00005865 _____ () C:\Users\Millar\Desktop\AdwCleaner[S0].txt
2014-05-15 17:31 - 2013-01-07 22:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-15 17:26 - 2010-11-20 23:47 - 00244782 _____ () C:\Windows\PFRO.log
2014-05-15 17:22 - 2014-05-15 17:20 - 00000000 ____D () C:\AdwCleaner
2014-05-15 17:21 - 2013-11-08 17:59 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-05-15 17:16 - 2014-05-15 17:15 - 05200050 _____ (Swearware) C:\Users\Millar\Downloads\ComboFix.exe
2014-05-15 17:15 - 2013-01-08 09:01 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-05-15 17:13 - 2014-05-15 17:12 - 01325827 _____ () C:\Users\Millar\Downloads\AdwCleaner.exe
2014-05-15 17:10 - 2014-05-15 17:10 - 00002334 _____ () C:\Users\Millar\Downloads\mbam.txt
2014-05-15 17:08 - 2014-05-15 17:08 - 00002334 _____ () C:\Users\Millar\Desktop\mbam.txt
2014-05-15 17:02 - 2013-01-08 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-05-15 16:59 - 2014-05-15 16:59 - 00921512 _____ (Oracle Corporation) C:\Users\Millar\Downloads\chromeinstall-7u55.exe
2014-05-15 16:54 - 2014-05-15 16:44 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-15 16:54 - 2014-05-15 16:44 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-15 16:51 - 2014-05-15 16:51 - 00000000 ____D () C:\$WINDOWS.~BT
2014-05-15 16:46 - 2014-05-15 16:45 - 27769568 _____ (Microsoft Corporation) C:\Users\Millar\Downloads\Windows-KB890830-x64-V5.12.exe
2014-05-15 16:44 - 2009-07-14 00:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 16:42 - 2014-05-15 16:42 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Millar\Downloads\tdsskiller.exe
2014-05-15 16:38 - 2014-05-15 16:38 - 00347816 _____ (Microsoft Corporation) C:\Users\Millar\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.150323617025196072.2.2.Run.exe
2014-05-15 16:37 - 2014-05-15 16:37 - 00347816 _____ (Microsoft Corporation) C:\Users\Millar\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.150323617025196072.2.1.Run.exe
2014-05-15 14:50 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 14:42 - 2014-05-15 14:39 - 112623440 _____ (Apple Inc.) C:\Users\Millar\Downloads\iTunes64Setup.exe
2014-05-15 13:40 - 2013-01-07 23:35 - 00000000 ____D () C:\ProgramData\Apple
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieUserList
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieSiteList
2014-05-15 13:05 - 2013-01-08 12:38 - 00000000 ____D () C:\Users\Millar\AppData\Local\PMB Files
2014-05-15 11:06 - 2013-01-07 23:41 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Skype
2014-05-15 11:04 - 2013-01-07 10:00 - 00000000 ___RD () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 11:03 - 2014-04-15 22:17 - 00000000 ___RD () C:\Users\Millar\Dropbox
2014-05-15 10:50 - 2013-04-21 14:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 22:44 - 2013-01-07 10:00 - 00000000 ___RD () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 20:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 20:18 - 2014-05-06 20:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 20:02 - 2013-08-13 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 13:35 - 2014-05-14 13:35 - 01642566 _____ () C:\Users\Millar\Downloads\Snap-2_0_0_2.bar
2014-05-14 13:24 - 2014-05-14 13:24 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
2014-05-14 13:24 - 2014-05-14 13:24 - 00000000 ____D () C:\Users\Millar\AppData\Local\AOL
2014-05-14 13:22 - 2014-05-14 13:22 - 04126645 _____ () C:\Users\Millar\Downloads\com.snapchat.android.apk
2014-05-09 13:05 - 2014-05-09 13:05 - 00021040 _____ () C:\Users\Millar\Documents\Track 4 - 1.sfk
2014-05-09 13:05 - 2014-05-09 13:04 - 05371906 _____ () C:\Users\Millar\Documents\Track 4 - 1.wav
2014-05-09 13:04 - 2014-05-09 13:04 - 00033792 _____ () C:\Users\Millar\Documents\Track 3 - 6.sfk
2014-05-09 13:04 - 2014-05-09 13:03 - 08637226 _____ () C:\Users\Millar\Documents\Track 3 - 6.wav
2014-05-09 13:03 - 2014-05-09 13:03 - 03270694 _____ () C:\Users\Millar\Documents\Track 3 - 5.wav
2014-05-09 13:03 - 2014-05-09 13:03 - 00033584 _____ () C:\Users\Millar\Documents\Track 3 - 4.sfk
2014-05-09 13:03 - 2014-05-09 13:03 - 00012832 _____ () C:\Users\Millar\Documents\Track 3 - 5.sfk
2014-05-09 13:03 - 2014-05-09 13:02 - 08583286 _____ () C:\Users\Millar\Documents\Track 3 - 4.wav
2014-05-09 13:02 - 2014-05-09 13:02 - 00016688 _____ () C:\Users\Millar\Documents\Track 3 - 3.sfk
2014-05-09 13:02 - 2014-05-09 13:01 - 04256918 _____ () C:\Users\Millar\Documents\Track 3 - 3.wav
2014-05-09 13:01 - 2014-05-09 13:01 - 00757154 _____ () C:\Users\Millar\Documents\Track 3 - 2.wav
2014-05-09 13:01 - 2014-05-09 13:01 - 00003016 _____ () C:\Users\Millar\Documents\Track 3 - 2.sfk
2014-05-09 12:57 - 2014-05-09 12:57 - 00260832 _____ () C:\Users\Millar\Documents\Track 2 - 1.sfk
2014-05-09 12:57 - 2014-05-09 12:50 - 66759542 _____ () C:\Users\Millar\Documents\Track 2 - 1.wav
2014-05-09 12:49 - 2014-05-09 12:49 - 06446582 _____ () C:\Users\Millar\Documents\Track 3 - 1.wav
2014-05-09 12:49 - 2014-05-09 12:49 - 00025240 _____ () C:\Users\Millar\Documents\Track 3 - 1.sfk
2014-05-09 10:04 - 2013-01-08 00:21 - 00000000 ____D () C:\Users\Millar\Torrents
2014-05-09 10:03 - 2013-01-08 00:24 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Azureus
2014-05-09 02:14 - 2014-05-14 12:42 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-14 12:42 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 18:26 - 2013-01-07 22:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 18:26 - 2013-01-07 22:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 13:20 - 2014-05-08 13:20 - 00011422 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e22.hdtv.x264.lol.ettv.torrent
2014-05-08 13:17 - 2014-05-08 13:17 - 00031846 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e07.pdtv.x264.lol.ettv.torrent
2014-05-08 13:17 - 2014-05-08 13:17 - 00016755 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e08.pdtv.x264.lol.eztv.torrent
2014-05-08 13:07 - 2014-05-08 13:07 - 00071974 _____ () C:\Users\Millar\Downloads\[kickass.to]spiderman.1994.complete.animated.series.season.1.2.3.4.5.dvdrip (2).torrent
2014-05-08 00:00 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\VidCoder
2014-05-08 00:00 - 2013-01-12 12:42 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\vlc
2014-05-07 21:48 - 2013-11-08 17:29 - 00000040 ___SH () C:\ProgramData\.zreglib
2014-05-06 19:47 - 2014-05-06 19:47 - 00071974 _____ () C:\Users\Millar\Downloads\[kickass.to]spiderman.1994.complete.animated.series.season.1.2.3.4.5.dvdrip (1).torrent
2014-05-06 18:41 - 2014-05-06 18:41 - 00071974 _____ () C:\Users\Millar\Downloads\[kickass.to]spiderman.1994.complete.animated.series.season.1.2.3.4.5.dvdrip.torrent
2014-05-06 00:40 - 2014-05-14 20:02 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-14 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-14 20:02 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-14 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-14 20:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 20:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 17:12 - 2013-01-07 22:48 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-28 13:34 - 2014-04-28 13:34 - 00006439 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e20.hdtv.x264.lol.eztv.torrent
2014-04-28 13:34 - 2014-04-28 13:34 - 00006325 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e19.hdtv.x264.lol.eztv.torrent
2014-04-28 13:34 - 2014-04-28 13:34 - 00006138 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e21.hdtv.x264.lol.eztv.torrent
2014-04-28 13:33 - 2014-04-28 13:33 - 00013004 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e16.hdtv.x264.lol.ettv.torrent
2014-04-28 13:33 - 2014-04-28 13:33 - 00007132 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e18.hdtv.x264.lol.eztv.torrent
2014-04-28 13:33 - 2014-04-28 13:33 - 00005885 _____ () C:\Users\Millar\Downloads\[kickass.to]the.big.bang.theory.s07e17.hdtv.x264.lol.eztv.torrent
2014-04-28 13:31 - 2014-04-28 13:31 - 00028766 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e06.pdtv.x264.lol.ettv.torrent
2014-04-28 13:30 - 2014-04-28 13:30 - 00016775 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e05.pdtv.x264.lol.eztv.torrent
2014-04-28 13:30 - 2014-04-28 13:30 - 00014439 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e04.pdtv.x264.lol.eztv.torrent
2014-04-28 13:29 - 2014-04-28 13:29 - 00030746 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e03.pdtv.x264.lol.ettv.torrent
2014-04-28 13:24 - 2014-04-28 13:24 - 00032103 _____ () C:\Users\Millar\Downloads\[kickass.to]the.ren.and.stimpy.show.complete.season1.5.mp4.torrent
2014-04-24 13:49 - 2014-04-14 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-21 12:17 - 2013-10-21 17:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 12:14 - 2014-04-21 12:14 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 12:14 - 2013-06-24 18:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-21 01:27 - 2014-04-21 01:27 - 00011927 _____ () C:\Users\Millar\Downloads\[kickass.to]youre.next.2011.repack.720p.brrip.x264.ac3.jyk.torrent
2014-04-21 00:59 - 2014-04-21 00:59 - 00019857 _____ () C:\Users\Millar\Downloads\[kickass.to]you.re.next.2011.bluray.720p.dts.x264.mgb.etrg.torrent
2014-04-21 00:50 - 2014-04-21 00:50 - 00015011 _____ () C:\Users\Millar\Downloads\[kickass.to]a.haunted.house.2013.720p.brrip.x264.yify.torrent
2014-04-21 00:43 - 2014-04-21 00:43 - 00017097 _____ () C:\Users\Millar\Downloads\[kickass.to]the.40.year.old.virgin.2005.unrated.720p.x264.800mb.yify.torrent
2014-04-21 00:42 - 2014-04-21 00:42 - 00008274 _____ () C:\Users\Millar\Downloads\[kickass.to]ride.along.2014.720p.brrip.x264.yify.torrent
2014-04-20 19:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 15:52 - 2014-04-17 15:52 - 00030503 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e02.pdtv.x264.lol.ettv.torrent
2014-04-17 15:46 - 2014-04-17 15:46 - 00018522 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.3.dark.of.the.moon.2011.1080p.brrip.1.7gb.yify (4).torrent
2014-04-17 15:45 - 2014-04-17 15:45 - 00018522 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.3.dark.of.the.moon.2011.1080p.brrip.1.7gb.yify (3).torrent
2014-04-17 15:45 - 2014-04-17 15:45 - 00018522 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.3.dark.of.the.moon.2011.1080p.brrip.1.7gb.yify (2).torrent
2014-04-17 15:45 - 2014-04-17 15:45 - 00018522 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.3.dark.of.the.moon.2011.1080p.brrip.1.7gb.yify (1).torrent
2014-04-17 15:44 - 2014-04-17 15:44 - 00019116 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.revenge.of.the.fallen.2009.1080p.bluray.yify.torrent
2014-04-17 15:44 - 2014-04-17 15:44 - 00018522 _____ () C:\Users\Millar\Downloads\[kickass.to]transformers.3.dark.of.the.moon.2011.1080p.brrip.1.7gb.yify.torrent
2014-04-17 14:40 - 2014-04-17 14:40 - 00016522 _____ () C:\Users\Millar\Downloads\[kickass.to]300.2006.1080p.bluray.x264.1.5gb.yify.torrent
2014-04-17 14:02 - 2013-09-16 22:58 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\dvdcss
2014-04-17 13:56 - 2013-11-08 18:00 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-04-17 13:33 - 2014-04-17 13:33 - 00030066 _____ () C:\Users\Millar\Downloads\[kickass.to]kitchen.nightmares.us.s07e01.return.to.amys.baking.co.pdtv.x264.2hd.ettv.torrent
2014-04-17 13:32 - 2014-04-17 13:32 - 00008883 _____ () C:\Users\Millar\Downloads\[kickass.to]paranormal.activity.the.marked.ones.2014.720p.brrip.x264.yify.torrent
2014-04-16 16:22 - 2014-04-16 16:22 - 00015014 _____ () C:\Users\Millar\Downloads\[kickass.to]hells.kitchen.us.s12e05.pdtv.x264.lol.eztv.torrent

Some content of TEMP:
====================
C:\Users\Millar\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 12:42] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-09 00:37

==================== End Of Log ============================


----------



## RushMaster (Jun 27, 2007)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by Millar at 2014-05-16 09:22:03
Running from C:\Users\Millar\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

abcAVI (HKLM-x32\...\abcavi_tag_editor_is1) (Version: - Alexander Sorkin aka Kibi)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIM for Windows (HKCU\...\AIM) (Version: - AOL Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.1.9.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
BlackBerry App World Browser Plugin (HKLM-x32\...\{14663620-53AC-4821-8E77-500732DD0F8E}) (Version: 4.3.0.43 - Research In Motion Limited)
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.3.23 - BlackBerry Ltd.)
BlackBerry Link (x32 Version: 1.2.3.23 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GoldWave v5.69 (HKLM-x32\...\GoldWave v5.69) (Version: 5.69 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nero Suite (HKLM-x32\...\NeroMultiInstaller!UninstallKey) (Version: - )
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 5.01 - Razer Inc.)
Razer Lycosa (HKLM-x32\...\{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}) (Version: 3.02 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VidCoder 1.4.25 (x86) (HKLM-x32\...\VidCoder_is1) (Version: 1.4.25 - RandomEngy)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.9.0.0 - Azureus Software, Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR (HKLM-x32\...\WinRAR) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Restore Points =========================

29-04-2014 15:43:32 Scheduled Checkpoint
06-05-2014 00:00:20 Windows Update
07-05-2014 00:00:11 Windows Update
14-05-2014 18:57:25 Scheduled Checkpoint
15-05-2014 00:00:22 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1246945F-C216-4985-9CA0-3D0B531332D2} - System32\Tasks\{980B2505-9853-4B72-9BB1-D37E7E796C0C} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {145B4988-EEC8-4C3D-A9F7-5B4288E1AEF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {2C94E484-DD07-4A09-8E68-40B07B6D90CD} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {6899E98D-3C5C-4619-AB17-325BDF0EC501} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
Task: {7F5CB189-D860-4EC8-8236-833FDA472300} - System32\Tasks\{6540A9C2-6C1A-42F0-8D07-CDF84293824B} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {84C8E2FF-6D67-421D-AA91-AB821AF7368E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {A5AC494A-D3A5-42BA-93F4-787949C418C2} - System32\Tasks\{59B4E182-74E5-4613-9D64-52FBE273629D} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {CBC3CFF3-9967-423E-AEBB-8D1FA3A11E5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CF87E7FC-D745-4B05-B4DC-534277C3EE06} - System32\Tasks\{9AF43481-0CD4-4AF0-99C1-03E88B2D692D} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {D1B8F665-E1AA-48D4-AB53-2048B3F898B4} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {E394CB81-C200-45D1-882D-1586EFC8AAA3} - System32\Tasks\{D31B8397-F95E-45F8-B182-E03F0434D0E7} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {F9C53CA0-862E-4DBF-8B9F-4E27E167675A} - System32\Tasks\{73373588-0A77-48E1-8E0B-FC76D782E5A5} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxbkbmgr.exe => "C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RIM PeerManager => "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2014 09:21:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 09:10:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 09:08:57 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (05/16/2014 09:08:57 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (05/16/2014 09:08:57 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (05/15/2014 05:58:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2014 05:27:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2014 05:20:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Java 7 Update 55; Error = 0x81000101).

Error: (05/15/2014 05:10:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Java 7 Update 55; Error = 0x81000101).

Error: (05/15/2014 04:31:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/16/2014 09:20:03 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/16/2014 09:20:03 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/16/2014 09:20:00 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/16/2014 09:19:52 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/16/2014 09:19:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgdiska
AVGIDSDriver
Avgldx64
BIOS
discache
ElbyCDIO
spldr
Wanarpv6

Error: (05/16/2014 09:19:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: 
%%31

Error: (05/16/2014 09:19:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/16/2014 09:19:27 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/16/2014 09:19:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/16/2014 09:16:40 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

Microsoft Office Sessions:
=========================
Error: (05/16/2014 09:21:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 09:10:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 09:08:57 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (05/16/2014 09:08:57 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (05/16/2014 09:08:57 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (05/15/2014 05:58:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2014 05:27:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2014 05:20:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Java 7 Update 550x81000101

Error: (05/15/2014 05:10:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Java 7 Update 550x81000101

Error: (05/15/2014 04:31:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2013-11-08 16:17:19.673
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-08 16:17:19.642
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-08 16:14:47.301
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-08 16:14:47.273
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 8157.07 MB
Available physical RAM: 6932.35 MB
Total Pagefile: 16312.31 MB
Available Pagefile: 15106.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:252.73 GB) NTFS
Drive d: (GSP1RMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4E235953)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## RushMaster (Jun 27, 2007)

# AdwCleaner v3.208 - Report created 16/05/2014 at 09:27:39
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Millar - CRAIG
# Running from : C:\Users\Millar\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN57518500816707361&ctid=CT3311875&UM=2

*************************

AdwCleaner[R0].txt - [5558 octets] - [15/05/2014 17:20:24]
AdwCleaner[R1].txt - [881 octets] - [16/05/2014 09:26:15]
AdwCleaner[S0].txt - [5865 octets] - [15/05/2014 17:21:27]
AdwCleaner[S1].txt - [1210 octets] - [16/05/2014 09:27:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1270 octets] ##########


----------



## RushMaster (Jun 27, 2007)

I noticed this within the logs above:

Task: {2C94E484-DD07-4A09-8E68-40B07B6D90CD} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {6899E98D-3C5C-4619-AB17-325BDF0EC501} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION

This be something perhaps?


----------



## Mark1956 (May 7, 2011)

Those two entries are Adware remnants which we will now remove along with a few other items. There is a service running that is incompatible with Windows 7 from B's Recorder Gold7 which you no longer appear to have installed.

There is no sign of any bad infections in the logs, but Adwcleaner is still showing some persistent Adware entries. None of the findings so far are likely to be responsible for your main issue.

We shall now use FRST to remove the items I found and then I'd like you to run the System File Checker.

Download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.

=============================================

*System File Checker*


Click on *Start* and type *cmd* in the search box. Right click on *cmd* in the popup menu and select *Run as Administrator*.
Another box will open, at the Command Prompt, type *sfc /scannow* and press Enter. (Note the gap between the c and the /)
Let the check run to completion. *DO NOT* reboot the PC or close the *cmd* window.
Copy & Paste the following command at the Command Prompt and press Enter:

* findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*


This will place a file on your desktop called *sfcdetails.txt* which contains the results of the scan.
Copy and Paste the contents of the file into your next post.


----------



## RushMaster (Jun 27, 2007)

Ok i will have to run it in safe mode as it won't open in normal mode. If my issue isn't being caused my malware would it do some good to try and repair windows? I feel like there is something wrong with msiexec or something related to opening programs not so much a malware issue. I will go ahead and run the scans though in the meantime.


----------



## Mark1956 (May 7, 2011)

Running a Repair Install on Windows will not remove any infections. Please don't do anything that I have not asked you to do, we will get there.


----------



## RushMaster (Jun 27, 2007)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by Millar at 2014-05-16 10:51:08 Run:1
Running from C:\Users\Millar\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [33408 2013-01-12] (B.H.A Corporation)
SearchScopes: HKCU - {97345471-0A63-4773-971B-337FFE5335A2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN3625278 0597309719&UM=2
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll No File
Task: {2C94E484-DD07-4A09-8E68-40B07B6D90CD} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {6899E98D-3C5C-4619-AB17-325BDF0EC501} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
C:\Windows\SysWow64\Drivers\cdrbsdrv.sys
*****************

cdrbsdrv => Service deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{97345471-0A63-4773-971B-337FFE5335A2} => Key deleted successfully.
HKCR\CLSID\{97345471-0A63-4773-971B-337FFE5335A2} => Key not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C94E484-DD07-4A09-8E68-40B07B6D90CD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C94E484-DD07-4A09-8E68-40B07B6D90CD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6899E98D-3C5C-4619-AB17-325BDF0EC501} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6899E98D-3C5C-4619-AB17-325BDF0EC501} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => Key deleted successfully.
C:\Windows\SysWow64\Drivers\cdrbsdrv.sys => Moved successfully.

==== End of Fixlog ====


----------



## RushMaster (Jun 27, 2007)

2014-05-16 10:56:54, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:56:54, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2014-05-16 10:56:57, Info CSI 0000000c [SR] Verify complete
2014-05-16 10:56:57, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:56:57, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2014-05-16 10:56:59, Info CSI 00000010 [SR] Verify complete
2014-05-16 10:56:59, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:56:59, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:01, Info CSI 00000014 [SR] Verify complete
2014-05-16 10:57:01, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:01, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:03, Info CSI 00000018 [SR] Verify complete
2014-05-16 10:57:03, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:03, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:04, Info CSI 0000001c [SR] Verify complete
2014-05-16 10:57:04, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:04, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:06, Info CSI 00000020 [SR] Verify complete
2014-05-16 10:57:07, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:07, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:09, Info CSI 00000024 [SR] Verify complete
2014-05-16 10:57:09, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:09, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:11, Info CSI 00000028 [SR] Verify complete
2014-05-16 10:57:11, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:11, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:13, Info CSI 0000002c [SR] Verify complete
2014-05-16 10:57:13, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:13, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:14, Info CSI 00000030 [SR] Verify complete
2014-05-16 10:57:15, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:15, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:16, Info CSI 00000034 [SR] Verify complete
2014-05-16 10:57:16, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:16, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:18, Info CSI 00000038 [SR] Verify complete
2014-05-16 10:57:18, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:18, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:19, Info CSI 0000003c [SR] Verify complete
2014-05-16 10:57:19, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:19, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:21, Info CSI 00000040 [SR] Verify complete
2014-05-16 10:57:21, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:21, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:24, Info CSI 00000045 [SR] Verify complete
2014-05-16 10:57:25, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:25, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:27, Info CSI 0000004c [SR] Verify complete
2014-05-16 10:57:27, Info CSI 0000004d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:27, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:29, Info CSI 00000050 [SR] Verify complete
2014-05-16 10:57:29, Info CSI 00000051 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:29, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:31, Info CSI 00000055 [SR] Verify complete
2014-05-16 10:57:31, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:31, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:33, Info CSI 0000005f [SR] Verify complete
2014-05-16 10:57:33, Info CSI 00000060 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:33, Info CSI 00000061 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:36, Info CSI 00000080 [SR] Verify complete
2014-05-16 10:57:37, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:37, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:39, Info CSI 00000084 [SR] Verify complete
2014-05-16 10:57:39, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:39, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:42, Info CSI 00000088 [SR] Verify complete
2014-05-16 10:57:42, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:42, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:44, Info CSI 0000008c [SR] Verify complete
2014-05-16 10:57:44, Info CSI 0000008d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:44, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:46, Info CSI 00000090 [SR] Verify complete
2014-05-16 10:57:46, Info CSI 00000091 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:46, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:49, Info CSI 00000094 [SR] Verify complete
2014-05-16 10:57:49, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:49, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:53, Info CSI 0000009a [SR] Verify complete
2014-05-16 10:57:53, Info CSI 0000009b [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:53, Info CSI 0000009c [SR] Beginning Verify and Repair transaction
2014-05-16 10:57:58, Info CSI 000000bd [SR] Verify complete
2014-05-16 10:57:58, Info CSI 000000be [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:57:58, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:03, Info CSI 000000c1 [SR] Verify complete
2014-05-16 10:58:03, Info CSI 000000c2 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:03, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:09, Info CSI 000000c7 [SR] Verify complete
2014-05-16 10:58:09, Info CSI 000000c8 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:09, Info CSI 000000c9 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:11, Info CSI 000000cb [SR] Verify complete
2014-05-16 10:58:11, Info CSI 000000cc [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:11, Info CSI 000000cd [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:12, Info CSI 000000cf [SR] Verify complete
2014-05-16 10:58:12, Info CSI 000000d0 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:12, Info CSI 000000d1 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:13, Info CSI 000000d3 [SR] Verify complete
2014-05-16 10:58:13, Info CSI 000000d4 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:13, Info CSI 000000d5 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:18, Info CSI 000000e8 [SR] Verify complete
2014-05-16 10:58:18, Info CSI 000000e9 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:18, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:18, Info CSI 000000ec [SR] Verify complete
2014-05-16 10:58:18, Info CSI 000000ed [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:18, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:20, Info CSI 000000f0 [SR] Verify complete
2014-05-16 10:58:20, Info CSI 000000f1 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:20, Info CSI 000000f2 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:21, Info CSI 000000f4 [SR] Verify complete
2014-05-16 10:58:21, Info CSI 000000f5 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:21, Info CSI 000000f6 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:25, Info CSI 000000f9 [SR] Verify complete
2014-05-16 10:58:25, Info CSI 000000fa [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:25, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:31, Info CSI 000000fe [SR] Verify complete
2014-05-16 10:58:31, Info CSI 000000ff [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:31, Info CSI 00000100 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:32, Info CSI 00000102 [SR] Verify complete
2014-05-16 10:58:33, Info CSI 00000103 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:33, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:33, Info CSI 00000106 [SR] Verify complete
2014-05-16 10:58:33, Info CSI 00000107 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:33, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:35, Info CSI 0000010a [SR] Verify complete
2014-05-16 10:58:36, Info CSI 0000010b [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:36, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:38, Info CSI 0000010e [SR] Verify complete
2014-05-16 10:58:38, Info CSI 0000010f [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:38, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:41, Info CSI 00000112 [SR] Verify complete
2014-05-16 10:58:42, Info CSI 00000113 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:42, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:45, Info CSI 0000012c [SR] Verify complete
2014-05-16 10:58:45, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:45, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:48, Info CSI 00000130 [SR] Verify complete
2014-05-16 10:58:48, Info CSI 00000131 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:48, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:53, Info CSI 00000134 [SR] Verify complete
2014-05-16 10:58:53, Info CSI 00000135 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:53, Info CSI 00000136 [SR] Beginning Verify and Repair transaction
2014-05-16 10:58:57, Info CSI 00000139 [SR] Verify complete
2014-05-16 10:58:57, Info CSI 0000013a [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:58:57, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:01, Info CSI 0000013d [SR] Verify complete
2014-05-16 10:59:01, Info CSI 0000013e [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:01, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:03, Info CSI 00000141 [SR] Verify complete
2014-05-16 10:59:03, Info CSI 00000142 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:03, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:06, Info CSI 00000145 [SR] Verify complete
2014-05-16 10:59:06, Info CSI 00000146 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:06, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:08, Info CSI 00000149 [SR] Verify complete
2014-05-16 10:59:08, Info CSI 0000014a [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:08, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:09, Info CSI 0000014f [SR] Verify complete
2014-05-16 10:59:09, Info CSI 00000150 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:09, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:17, Info CSI 00000153 [SR] Verify complete
2014-05-16 10:59:17, Info CSI 00000154 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:17, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:21, Info CSI 00000158 [SR] Verify complete
2014-05-16 10:59:21, Info CSI 00000159 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:21, Info CSI 0000015a [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:23, Info CSI 0000015c [SR] Verify complete
2014-05-16 10:59:24, Info CSI 0000015d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:24, Info CSI 0000015e [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:26, Info CSI 00000161 [SR] Verify complete
2014-05-16 10:59:26, Info CSI 00000162 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:26, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:31, Info CSI 00000166 [SR] Verify complete
2014-05-16 10:59:31, Info CSI 00000167 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:31, Info CSI 00000168 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:33, Info CSI 0000016a [SR] Verify complete
2014-05-16 10:59:33, Info CSI 0000016b [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:33, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:35, Info CSI 0000016e [SR] Verify complete
2014-05-16 10:59:35, Info CSI 0000016f [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:35, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:37, Info CSI 00000172 [SR] Verify complete
2014-05-16 10:59:37, Info CSI 00000173 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:37, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:40, Info CSI 00000177 [SR] Verify complete
2014-05-16 10:59:40, Info CSI 00000178 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:40, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:42, Info CSI 0000017b [SR] Verify complete
2014-05-16 10:59:42, Info CSI 0000017c [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:42, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:44, Info CSI 0000017f [SR] Verify complete
2014-05-16 10:59:44, Info CSI 00000180 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:44, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:47, Info CSI 00000184 [SR] Verify complete
2014-05-16 10:59:47, Info CSI 00000185 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:47, Info CSI 00000186 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:49, Info CSI 0000018a [SR] Verify complete
2014-05-16 10:59:49, Info CSI 0000018b [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:49, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:52, Info CSI 0000018e [SR] Verify complete
2014-05-16 10:59:52, Info CSI 0000018f [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:52, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:55, Info CSI 00000193 [SR] Verify complete
2014-05-16 10:59:55, Info CSI 00000194 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:55, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:58, Info CSI 00000197 [SR] Verify complete
2014-05-16 10:59:58, Info CSI 00000198 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:58, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2014-05-16 10:59:58, Info CSI 0000019b [SR] Verify complete
2014-05-16 10:59:58, Info CSI 0000019c [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 10:59:58, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:01, Info CSI 0000019f [SR] Verify complete
2014-05-16 11:00:01, Info CSI 000001a0 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:01, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:04, Info CSI 000001a3 [SR] Verify complete
2014-05-16 11:00:04, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:04, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:08, Info CSI 000001a7 [SR] Verify complete
2014-05-16 11:00:08, Info CSI 000001a8 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:08, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:10, Info CSI 000001ab [SR] Verify complete
2014-05-16 11:00:10, Info CSI 000001ac [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:10, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:11, Info CSI 000001af [SR] Verify complete
2014-05-16 11:00:12, Info CSI 000001b0 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:12, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:17, Info CSI 000001b3 [SR] Verify complete
2014-05-16 11:00:17, Info CSI 000001b4 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:17, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:24, Info CSI 000001b7 [SR] Verify complete
2014-05-16 11:00:25, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:25, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:26, Info CSI 000001bb [SR] Verify complete
2014-05-16 11:00:26, Info CSI 000001bc [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:26, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:29, Info  CSI 000001bf [SR] Verify complete
2014-05-16 11:00:29, Info CSI 000001c0 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:29, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:30, Info CSI 000001c3 [SR] Verify complete
2014-05-16 11:00:30, Info CSI 000001c4 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:30, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:32, Info CSI 000001c7 [SR] Verify complete
2014-05-16 11:00:32, Info CSI 000001c8 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:32, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:34, Info CSI 000001cb [SR] Verify complete
2014-05-16 11:00:34, Info CSI 000001cc [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:34, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:36, Info CSI 000001cf [SR] Verify complete
2014-05-16 11:00:36, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:36, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:37, Info CSI 000001d3 [SR] Verify complete
2014-05-16 11:00:37, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:37, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:40, Info CSI 000001dd [SR] Verify complete
2014-05-16 11:00:40, Info CSI 000001de [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:40, Info CSI 000001df [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:42, Info CSI 000001e1 [SR] Verify complete
2014-05-16 11:00:42, Info CSI 000001e2 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:42, Info CSI 000001e3 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:44, Info CSI 000001e5 [SR] Verify complete
2014-05-16 11:00:44, Info CSI 000001e6 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:44, Info CSI 000001e7 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:46, Info CSI 000001e9 [SR] Verify complete
2014-05-16 11:00:47, Info CSI 000001ea [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:47, Info CSI 000001eb [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:49, Info CSI 000001ed [SR] Verify complete
2014-05-16 11:00:49, Info CSI 000001ee [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:49, Info CSI 000001ef [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:53, Info CSI 000001f2 [SR] Verify complete
2014-05-16 11:00:53, Info CSI 000001f3 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:53, Info CSI 000001f4 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:55, Info CSI 000001f6 [SR] Verify complete
2014-05-16 11:00:55, Info CSI 000001f7 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:55, Info CSI 000001f8 [SR] Beginning Verify and Repair transaction
2014-05-16 11:00:55, Info CSI 000001fa [SR] Verify complete
2014-05-16 11:00:55, Info CSI 000001fb [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:00:55, Info CSI 000001fc [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:01, Info CSI 000001ff [SR] Verify complete
2014-05-16 11:01:01, Info CSI 00000200 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:01, Info CSI 00000201 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:07, Info CSI 00000206 [SR] Verify complete
2014-05-16 11:01:07, Info CSI 00000207 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:07, Info CSI 00000208 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:11, Info CSI 0000020c [SR] Verify complete
2014-05-16 11:01:11, Info CSI 0000020d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:11, Info CSI 0000020e [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:15, Info CSI 00000216 [SR] Verify complete
2014-05-16 11:01:15, Info CSI 00000217 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:15, Info CSI 00000218 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:19, Info CSI 00000222 [SR] Verify complete
2014-05-16 11:01:20, Info CSI 00000223 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:20, Info CSI 00000224 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:22, Info CSI 00000226 [SR] Verify complete
2014-05-16 11:01:22, Info CSI 00000227 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:22, Info CSI 00000228 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:25, Info CSI 0000022c [SR] Verify complete
2014-05-16 11:01:25, Info CSI 0000022d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:25, Info CSI 0000022e [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:27, Info CSI 00000230 [SR] Verify complete
2014-05-16 11:01:27, Info CSI 00000231 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:27, Info CSI 00000232 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:30, Info CSI 00000257 [SR] Verify complete
2014-05-16 11:01:30, Info CSI 00000258 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:30, Info CSI 00000259 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:32, Info CSI 0000025b [SR] Verify complete
2014-05-16 11:01:32, Info CSI 0000025c [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:32, Info CSI 0000025d [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:34, Info CSI 0000025f [SR] Verify complete
2014-05-16 11:01:35, Info CSI 00000260 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:35, Info CSI 00000261 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:38, Info CSI 00000263 [SR] Verify complete
2014-05-16 11:01:38, Info CSI 00000264 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:38, Info CSI 00000265 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:40, Info CSI 00000273 [SR] Verify complete
2014-05-16 11:01:40, Info CSI 00000274 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:40, Info CSI 00000275 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:45, Info CSI 00000277 [SR] Verify complete
2014-05-16 11:01:45, Info CSI 00000278 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:45, Info CSI 00000279 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:47, Info CSI 00000287 [SR] Verify complete
2014-05-16 11:01:48, Info CSI 00000288 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:48, Info CSI 00000289 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:50, Info CSI 0000028b [SR] Verify complete
2014-05-16 11:01:50, Info CSI 0000028c [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:50, Info CSI 0000028d [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:51, Info CSI 0000028f [SR] Verify complete
2014-05-16 11:01:52, Info CSI 00000290 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:52, Info CSI 00000291 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:55, Info CSI 00000294 [SR] Verify complete
2014-05-16 11:01:56, Info CSI 00000295 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:56, Info CSI 00000296 [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:56, Info CSI 00000298 [SR] Verify complete
2014-05-16 11:01:56, Info CSI 00000299 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:56, Info CSI 0000029a [SR] Beginning Verify and Repair transaction
2014-05-16 11:01:58, Info CSI 0000029c [SR] Verify complete
2014-05-16 11:01:58, Info CSI 0000029d [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:01:58, Info CSI 0000029e [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:00, Info CSI 000002a0 [SR] Verify complete
2014-05-16 11:02:01, Info CSI 000002a1 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:01, Info CSI 000002a2 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:03, Info CSI 000002a4 [SR] Verify complete
2014-05-16 11:02:03, Info CSI 000002a5 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:03, Info CSI 000002a6 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:07, Info CSI 000002c0 [SR] Verify complete
2014-05-16 11:02:07, Info CSI 000002c1 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:07, Info CSI 000002c2 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:14, Info CSI 000002c4 [SR] Verify complete
2014-05-16 11:02:14, Info CSI 000002c5 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:14, Info CSI 000002c6 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:17, Info CSI 000002c8 [SR] Verify complete
2014-05-16 11:02:17, Info CSI 000002c9 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:17, Info CSI 000002ca [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:19, Info CSI 000002cc [SR] Verify complete
2014-05-16 11:02:19, Info CSI 000002cd [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:19, Info CSI 000002ce [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:20, Info CSI 000002d2 [SR] Verify complete
2014-05-16 11:02:20, Info CSI 000002d3 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:20, Info CSI 000002d4 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:23, Info CSI 000002d6 [SR] Verify complete
2014-05-16 11:02:23, Info CSI 000002d7 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:23, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:25, Info CSI 000002da [SR] Verify complete
2014-05-16 11:02:25, Info CSI 000002db [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:25, Info CSI 000002dc [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:27, Info CSI 000002de [SR] Verify complete
2014-05-16 11:02:27, Info CSI 000002df [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:27, Info CSI 000002e0 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:29, Info CSI 000002e3 [SR] Verify complete
2014-05-16 11:02:30, Info CSI 000002e4 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:30, Info CSI 000002e5 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:31, Info CSI 000002e7 [SR] Verify complete
2014-05-16 11:02:31, Info CSI 000002e8 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:31, Info CSI 000002e9 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:34, Info CSI 000002eb [SR] Verify complete
2014-05-16 11:02:34, Info CSI 000002ec [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:34, Info CSI 000002ed [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:36, Info CSI 000002ef [SR] Verify complete
2014-05-16 11:02:36, Info CSI 000002f0 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:36, Info CSI 000002f1 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:38, Info CSI 000002f4 [SR] Verify complete
2014-05-16 11:02:39, Info CSI 000002f5 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:39, Info CSI 000002f6 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:42, Info CSI 000002f8 [SR] Verify complete
2014-05-16 11:02:42, Info CSI 000002f9 [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:42, Info CSI 000002fa [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:44, Info CSI 000002fc [SR] Verify complete
2014-05-16 11:02:44, Info CSI 000002fd [SR] Verifying 100 (0x0000000000000064) components
2014-05-16 11:02:44, Info CSI 000002fe [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:47, Info CSI 00000300 [SR] Verify complete
2014-05-16 11:02:47, Info CSI 00000301 [SR] Verifying 64 (0x0000000000000040) components
2014-05-16 11:02:47, Info CSI 00000302 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:48, Info CSI 00000304 [SR] Verify complete
2014-05-16 11:02:48, Info CSI 00000305 [SR] Repairing 0 components
2014-05-16 11:02:48, Info CSI 00000306 [SR] Beginning Verify and Repair transaction
2014-05-16 11:02:48, Info CSI 00000308 [SR] Repair complete


----------



## RushMaster (Jun 27, 2007)

I don't know what else to do I need to get this computer restored asap. It's almost becoming completely unusable...


----------



## RushMaster (Jun 27, 2007)

I decided to do a system restore back to April 29th. Everything seems to be working normal now, but im going to do some scans again in case there was arleady something existing on my PC back then. Sorry I went ahead and did this, but I was losing complete control of my PC. None of the scans were showing anything and I couldn't just sit by and let myself lose everything. No programs would run, start menu kept locking up, complete chaos. I'm going to run all scans again and hopefully it fixes the problem.


----------



## Mark1956 (May 7, 2011)

Ok, glad to hear it is working ok again. Repeat the instructions to run FRST and Adwcleaner and post the new logs so we can make sure your system is clear of Adware. When you run FRST put a check mark next to Addition.txt so it will produce both of the logs. We can then repeat the removal of any remnants that will probably have been put back in place by the restore.


----------



## RushMaster (Jun 27, 2007)

Oka I will run those scans. In the meantime here is a log from malwarebytes. It detected 7 items. They were all quarantined.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/16/2014
Scan Time: 3:00:41 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.16.13
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Millar

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 262751
Time Elapsed: 7 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.Conduit, HKU\S-1-5-21-4256569920-867320557-3977783850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackgroundContainer, "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Millar\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun, , [d8452032c8b39b9bf0bc3789ff04d729]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.Conduit.A, C:\Users\Millar\AppData\Local\Temp\e4j365B.tmp_dir1397495189\user\mism.exe, , [d944252db6c5dc5adb5ce33cf01015eb], 
PUP.Optional.Conduit.A, C:\Users\Millar\AppData\Local\Temp\e4j6951.tmp_dir1397755947\user\mism.exe, , [bf5e80d24f2c2f0739fee639867a40c0], 
PUP.Optional.Superfish.A, C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [9f7e025004774ee893b6e1a21ce6f40c], 
PUP.Optional.Superfish.A, C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [6fae262c3d3e5cda2d1c1b68cb3704fc], 
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [cb52054d2a51c4726aec2d696b9726da], 
PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, , [50cd4c0636451422ff098c3104ff16ea],

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## RushMaster (Jun 27, 2007)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Millar (administrator) on CRAIG on 16-05-2014 15:07:40
Running from C:\Users\Millar\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\lxbkcoms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Razer USA Ltd.) C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
() C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
() C:\Program Files (x86)\Razer\Lycosa\razertra.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Lycosa] => C:\Program Files (x86)\Razer\Lycosa\razerhid.exe [147456 2007-11-20] (Razer USA Ltd.)
HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [159744 2007-05-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-01-21] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4484608 2014-01-22] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4256569920-867320557-3977783850-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-08] ()
Startup: C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x68A5B9966615CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope {97345471-0A63-4773-971B-337FFE5335A2} URL = 
SearchScopes: HKCU - DefaultScope {97345471-0A63-4773-971B-337FFE5335A2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN36252780597309719&UM=2
SearchScopes: HKCU - {97345471-0A63-4773-971B-337FFE5335A2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN36252780597309719&UM=2
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{D3103DA3-9219-4F5A-A448-A88473116F6A}: [NameServer]192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR HomePage: chrome://apps/
CHR StartupUrls: "chrome://apps/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (YouTube) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-07]
CHR Extension: (Facebook) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-01-07]
CHR Extension: (Twitter for Chrome) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdoinklelehcpndgmcddkkdhibpoglnk [2014-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-01-07]
CHR Extension: (Google Search) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-07]
CHR Extension: (Crackle) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-02-03]
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2013-06-14]
CHR Extension: (Google Wallet) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Outlook.com) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-01-07]
CHR Extension: (Gmail) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-07]
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Millar\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-03]
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Millar\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-03]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited)
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( )
R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( )
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-01-22] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1309696 2014-01-22] (Research In Motion Limited)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-04-25] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [142424 2013-04-25] (SlySoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2011-08-08] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2011-08-08] (BIOSTAR Group)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [33408 2013-01-12] (B.H.A Corporation)
R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [13824 2007-04-12] (Razer (Asia-Pacific) Pte Ltd)
R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [55136 2013-11-08] (VSO Software)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-01-22] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-16 15:07 - 2014-05-16 15:08 - 00016911 _____ () C:\Users\Millar\Desktop\FRST.txt
2014-05-16 15:06 - 2014-05-16 15:06 - 02067456 _____ (Farbar) C:\Users\Millar\Desktop\FRST64.exe
2014-05-16 15:00 - 2014-05-16 15:00 - 00002203 _____ () C:\Users\Millar\Desktop\mbam.txt
2014-05-16 14:47 - 2014-05-16 14:47 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-16 14:37 - 2014-05-16 14:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 14:35 - 2014-05-16 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 14:35 - 2014-05-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 14:35 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 14:35 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 09:58 - 2014-05-16 09:58 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\SUPERAntiSpyware.com
2014-05-16 09:57 - 2014-05-16 14:29 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-16 09:57 - 2014-05-16 09:57 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-16 09:20 - 2014-05-16 15:07 - 00000000 ____D () C:\FRST
2014-05-15 17:20 - 2014-05-16 13:42 - 00000000 ____D () C:\AdwCleaner
2014-05-15 16:51 - 2014-05-15 16:51 - 00000000 ____D () C:\$WINDOWS.~BT
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieUserList
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieSiteList
2014-05-14 13:24 - 2014-05-14 13:24 - 00000000 ____D () C:\Users\Millar\AppData\Local\AOL
2014-05-09 13:05 - 2014-05-09 13:05 - 00021040 _____ () C:\Users\Millar\Documents\Track 4 - 1.sfk
2014-05-09 13:04 - 2014-05-09 13:05 - 05371906 _____ () C:\Users\Millar\Documents\Track 4 - 1.wav
2014-05-09 13:04 - 2014-05-09 13:04 - 00033792 _____ () C:\Users\Millar\Documents\Track 3 - 6.sfk
2014-05-09 13:03 - 2014-05-09 13:04 - 08637226 _____ () C:\Users\Millar\Documents\Track 3 - 6.wav
2014-05-09 13:03 - 2014-05-09 13:03 - 03270694 _____ () C:\Users\Millar\Documents\Track 3 - 5.wav
2014-05-09 13:03 - 2014-05-09 13:03 - 00033584 _____ () C:\Users\Millar\Documents\Track 3 - 4.sfk
2014-05-09 13:03 - 2014-05-09 13:03 - 00012832 _____ () C:\Users\Millar\Documents\Track 3 - 5.sfk
2014-05-09 13:02 - 2014-05-09 13:03 - 08583286 _____ () C:\Users\Millar\Documents\Track 3 - 4.wav
2014-05-09 13:02 - 2014-05-09 13:02 - 00016688 _____ () C:\Users\Millar\Documents\Track 3 - 3.sfk
2014-05-09 13:01 - 2014-05-09 13:02 - 04256918 _____ () C:\Users\Millar\Documents\Track 3 - 3.wav
2014-05-09 13:01 - 2014-05-09 13:01 - 00757154 _____ () C:\Users\Millar\Documents\Track 3 - 2.wav
2014-05-09 13:01 - 2014-05-09 13:01 - 00003016 _____ () C:\Users\Millar\Documents\Track 3 - 2.sfk
2014-05-09 12:57 - 2014-05-09 12:57 - 00260832 _____ () C:\Users\Millar\Documents\Track 2 - 1.sfk
2014-05-09 12:50 - 2014-05-09 12:57 - 66759542 _____ () C:\Users\Millar\Documents\Track 2 - 1.wav
2014-05-09 12:49 - 2014-05-09 12:49 - 06446582 _____ () C:\Users\Millar\Documents\Track 3 - 1.wav
2014-05-09 12:49 - 2014-05-09 12:49 - 00025240 _____ () C:\Users\Millar\Documents\Track 3 - 1.sfk
2014-05-06 20:00 - 2014-05-16 14:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-21 12:14 - 2014-05-16 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 12:14 - 2014-04-21 12:14 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 12:14 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 12:14 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 12:14 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-21 12:14 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 17:12 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-17 17:12 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-17 17:12 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-17 17:12 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-17 17:12 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-17 17:12 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-17 17:12 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-17 17:12 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-17 17:12 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-17 17:12 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-17 17:11 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-17 17:11 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-17 17:11 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-17 17:11 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-17 17:11 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-17 17:11 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-17 17:11 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-17 17:11 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-17 17:11 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-17 17:11 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-17 17:11 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-17 17:11 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-17 17:11 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-17 17:11 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-17 17:11 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-17 17:11 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-17 17:11 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-17 17:11 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-17 17:11 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-17 17:11 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-17 17:11 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-17 17:11 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-17 17:11 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-17 17:11 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-17 17:11 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-17 17:11 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-17 17:11 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-17 17:11 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-17 17:11 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-17 17:11 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-17 17:11 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-17 17:11 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-17 17:11 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-17 17:11 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-17 17:11 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-17 17:11 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-17 17:11 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-17 17:11 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-16 15:08 - 2014-05-16 15:07 - 00016911 _____ () C:\Users\Millar\Desktop\FRST.txt
2014-05-16 15:08 - 2013-01-08 12:38 - 00000000 ____D () C:\Users\Millar\AppData\Local\PMB Files
2014-05-16 15:07 - 2014-05-16 09:20 - 00000000 ____D () C:\FRST
2014-05-16 15:06 - 2014-05-16 15:06 - 02067456 _____ (Farbar) C:\Users\Millar\Desktop\FRST64.exe
2014-05-16 15:06 - 2013-01-07 09:58 - 01137287 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 15:02 - 2013-01-07 22:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-16 15:02 - 2013-01-07 22:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-16 15:02 - 2010-11-20 23:47 - 00242798 _____ () C:\Windows\PFRO.log
2014-05-16 15:02 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 15:02 - 2009-07-14 00:51 - 00126797 _____ () C:\Windows\setupact.log
2014-05-16 15:01 - 2013-02-09 19:39 - 00000000 ____D () C:\Windows\Minidump
2014-05-16 15:00 - 2014-05-16 15:00 - 00002203 _____ () C:\Users\Millar\Desktop\mbam.txt
2014-05-16 14:59 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 14:59 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 14:52 - 2014-05-16 14:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 14:51 - 2013-01-07 23:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-16 14:49 - 2013-01-07 22:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-16 14:47 - 2014-05-16 14:47 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-16 14:47 - 2014-04-14 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-16 14:36 - 2013-01-07 23:38 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Malwarebytes
2014-05-16 14:35 - 2014-05-16 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 14:35 - 2014-05-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 14:35 - 2013-01-07 23:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 14:35 - 2013-01-07 23:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-16 14:33 - 2013-01-07 10:00 - 00000000 ___RD () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 14:32 - 2013-01-07 23:41 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Skype
2014-05-16 14:32 - 2013-01-07 22:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-16 14:32 - 2013-01-07 22:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-16 14:29 - 2014-05-16 09:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-16 14:28 - 2014-04-21 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-16 14:28 - 2014-02-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-05-16 14:28 - 2014-02-23 17:11 - 00000000 ____D () C:\Program Files\CPUID
2014-05-16 14:28 - 2014-01-30 18:38 - 00000000 ____D () C:\Program Files (x86)\VidCoder
2014-05-16 14:28 - 2014-01-24 20:41 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-05-16 14:28 - 2013-11-08 17:59 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-05-16 14:28 - 2013-11-08 17:59 - 00000000 ____D () C:\Users\Millar\AppData\Local\WebPlayer
2014-05-16 14:28 - 2013-11-08 17:48 - 00000000 ____D () C:\Users\Millar\AppData\Local\NativeMessaging
2014-05-16 14:28 - 2013-01-12 12:42 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\vlc
2014-05-16 14:28 - 2013-01-08 12:38 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-16 14:28 - 2013-01-08 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-05-16 14:28 - 2013-01-08 09:01 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-05-16 14:28 - 2013-01-08 00:24 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Azureus
2014-05-16 14:28 - 2013-01-08 00:24 - 00000000 ____D () C:\Users\Millar\AppData\Local\Conduit
2014-05-16 14:28 - 2013-01-08 00:24 - 00000000 ____D () C:\Users\Millar\.swt
2014-05-16 14:28 - 2013-01-08 00:24 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-05-16 14:28 - 2013-01-08 00:21 - 00000000 ____D () C:\Users\Millar\Torrents
2014-05-16 14:28 - 2013-01-07 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-16 14:28 - 2013-01-07 22:22 - 00000000 ____D () C:\Users\Millar\AppData\Local\Apps\2.0
2014-05-16 14:28 - 2013-01-07 10:00 - 00000000 ___RD () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 14:28 - 2013-01-07 09:59 - 00000000 ____D () C:\Users\Millar
2014-05-16 14:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 14:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-16 14:27 - 2014-05-06 20:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 14:27 - 2011-04-12 04:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-16 14:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-16 14:25 - 2013-06-24 18:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-16 14:25 - 2013-01-07 23:35 - 00000000 ____D () C:\ProgramData\Apple
2014-05-16 14:25 - 2013-01-07 22:23 - 00000000 ____D () C:\Users\Millar\AppData\Local\Google
2014-05-16 13:42 - 2014-05-15 17:20 - 00000000 ____D () C:\AdwCleaner
2014-05-16 09:58 - 2014-05-16 09:58 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\SUPERAntiSpyware.com
2014-05-16 09:57 - 2014-05-16 09:57 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-15 16:51 - 2014-05-15 16:51 - 00000000 ____D () C:\$WINDOWS.~BT
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieUserList
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieSiteList
2014-05-14 20:02 - 2013-08-13 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 13:24 - 2014-05-14 13:24 - 00000000 ____D () C:\Users\Millar\AppData\Local\AOL
2014-05-09 13:05 - 2014-05-09 13:05 - 00021040 _____ () C:\Users\Millar\Documents\Track 4 - 1.sfk
2014-05-09 13:05 - 2014-05-09 13:04 - 05371906 _____ () C:\Users\Millar\Documents\Track 4 - 1.wav
2014-05-09 13:04 - 2014-05-09 13:04 - 00033792 _____ () C:\Users\Millar\Documents\Track 3 - 6.sfk
2014-05-09 13:04 - 2014-05-09 13:03 - 08637226 _____ () C:\Users\Millar\Documents\Track 3 - 6.wav
2014-05-09 13:03 - 2014-05-09 13:03 - 03270694 _____ () C:\Users\Millar\Documents\Track 3 - 5.wav
2014-05-09 13:03 - 2014-05-09 13:03 - 00033584 _____ () C:\Users\Millar\Documents\Track 3 - 4.sfk
2014-05-09 13:03 - 2014-05-09 13:03 - 00012832 _____ () C:\Users\Millar\Documents\Track 3 - 5.sfk
2014-05-09 13:03 - 2014-05-09 13:02 - 08583286 _____ () C:\Users\Millar\Documents\Track 3 - 4.wav
2014-05-09 13:02 - 2014-05-09 13:02 - 00016688 _____ () C:\Users\Millar\Documents\Track 3 - 3.sfk
2014-05-09 13:02 - 2014-05-09 13:01 - 04256918 _____ () C:\Users\Millar\Documents\Track 3 - 3.wav
2014-05-09 13:01 - 2014-05-09 13:01 - 00757154 _____ () C:\Users\Millar\Documents\Track 3 - 2.wav
2014-05-09 13:01 - 2014-05-09 13:01 - 00003016 _____ () C:\Users\Millar\Documents\Track 3 - 2.sfk
2014-05-09 12:57 - 2014-05-09 12:57 - 00260832 _____ () C:\Users\Millar\Documents\Track 2 - 1.sfk
2014-05-09 12:57 - 2014-05-09 12:50 - 66759542 _____ () C:\Users\Millar\Documents\Track 2 - 1.wav
2014-05-09 12:49 - 2014-05-09 12:49 - 06446582 _____ () C:\Users\Millar\Documents\Track 3 - 1.wav
2014-05-09 12:49 - 2014-05-09 12:49 - 00025240 _____ () C:\Users\Millar\Documents\Track 3 - 1.sfk
2014-05-08 00:00 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\VidCoder
2014-05-07 21:48 - 2013-11-08 17:29 - 00000040 ___SH () C:\ProgramData\.zreglib
2014-04-29 00:12 - 2014-04-15 22:17 - 00000000 ___RD () C:\Users\Millar\Dropbox
2014-04-28 13:12 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 12:17 - 2013-10-21 17:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 12:14 - 2014-04-21 12:14 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 19:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 14:02 - 2013-09-16 22:58 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\dvdcss
2014-04-17 13:56 - 2013-11-08 18:00 - 00000000 ____D () C:\ProgramData\DVD Shrink

Some content of TEMP:
====================
C:\Users\Millar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_6c_vg.dll
C:\Users\Millar\AppData\Local\Temp\i4jdel0.exe
C:\Users\Millar\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Millar\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Millar\AppData\Local\Temp\nvStInst.exe
C:\Users\Millar\AppData\Local\Temp\rtdrvmon.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-09 00:37

==================== End Of Log ============================


----------



## RushMaster (Jun 27, 2007)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by Millar at 2014-05-16 15:08:22
Running from C:\Users\Millar\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

abcAVI (HKLM-x32\...\abcavi_tag_editor_is1) (Version: - Alexander Sorkin aka Kibi)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.1.9.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
BlackBerry App World Browser Plugin (HKLM-x32\...\{14663620-53AC-4821-8E77-500732DD0F8E}) (Version: 4.3.0.43 - Research In Motion Limited)
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.3.23 - BlackBerry Ltd.)
BlackBerry Link (x32 Version: 1.2.3.23 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GoldWave v5.69 (HKLM-x32\...\GoldWave v5.69) (Version: 5.69 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nero Suite (HKLM-x32\...\NeroMultiInstaller!UninstallKey) (Version: - )
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 5.01 - Razer Inc.)
Razer Lycosa (HKLM-x32\...\{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}) (Version: 3.02 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.11.26825 - Blizzard Entertainment)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VidCoder 1.4.25 (x86) (HKLM-x32\...\VidCoder_is1) (Version: 1.4.25 - RandomEngy)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.9.0.0 - Azureus Software, Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR (HKLM-x32\...\WinRAR) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Restore Points =========================

29-04-2014 15:43:32 Scheduled Checkpoint
06-05-2014 00:00:20 Windows Update
07-05-2014 00:00:11 Windows Update
14-05-2014 18:57:25 Scheduled Checkpoint
15-05-2014 00:00:22 Windows Update
16-05-2014 18:45:10 Installed AVG 2014

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1246945F-C216-4985-9CA0-3D0B531332D2} - System32\Tasks\{980B2505-9853-4B72-9BB1-D37E7E796C0C} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {145B4988-EEC8-4C3D-A9F7-5B4288E1AEF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {6899E98D-3C5C-4619-AB17-325BDF0EC501} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Millar\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {7F5CB189-D860-4EC8-8236-833FDA472300} - System32\Tasks\{6540A9C2-6C1A-42F0-8D07-CDF84293824B} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {84C8E2FF-6D67-421D-AA91-AB821AF7368E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {A5AC494A-D3A5-42BA-93F4-787949C418C2} - System32\Tasks\{59B4E182-74E5-4613-9D64-52FBE273629D} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {CBC3CFF3-9967-423E-AEBB-8D1FA3A11E5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CEFEAD84-C80F-42E6-B5DE-27A9A145BB3B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {CF87E7FC-D745-4B05-B4DC-534277C3EE06} - System32\Tasks\{9AF43481-0CD4-4AF0-99C1-03E88B2D692D} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {D1B8F665-E1AA-48D4-AB53-2048B3F898B4} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {E394CB81-C200-45D1-882D-1586EFC8AAA3} - System32\Tasks\{D31B8397-F95E-45F8-B182-E03F0434D0E7} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {F9C53CA0-862E-4DBF-8B9F-4E27E167675A} - System32\Tasks\{73373588-0A77-48E1-8E0B-FC76D782E5A5} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2013-01-07 22:28 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-08 12:38 - 2013-01-08 12:38 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2013-01-07 23:44 - 2007-05-07 18:40 - 00159744 _____ () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
2013-01-07 23:44 - 2006-11-24 16:24 - 00143360 _____ () C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
2013-01-08 12:27 - 2011-04-13 12:46 - 00110592 _____ () C:\Program Files (x86)\Razer\Lycosa\razertra.exe
2014-01-10 12:27 - 2014-01-10 12:27 - 00663056 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-28 14:15 - 2014-04-23 20:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-28 14:15 - 2014-04-23 20:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-28 14:15 - 2014-04-23 20:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-28 14:15 - 2014-04-23 20:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-28 14:15 - 2014-04-23 20:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-28 14:15 - 2014-04-23 20:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-28 14:15 - 2014-04-23 20:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxbkbmgr.exe => "C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2014 03:03:44 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/16/2014 03:03:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 02:53:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/16/2014 02:52:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 02:35:28 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/16/2014 02:31:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 02:22:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 02:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 01:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 01:38:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/16/2014 03:01:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/16/2014 03:01:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/16/2014 02:50:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/16/2014 02:50:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/16/2014 02:29:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/16/2014 02:29:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/16/2014 02:28:58 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/16/2014 02:23:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/16/2014 02:22:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (05/16/2014 02:22:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Microsoft Office Sessions:
=========================
Error: (05/16/2014 03:03:44 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/16/2014 03:03:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 02:53:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/16/2014 02:52:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 02:35:28 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/16/2014 02:31:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 02:22:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 02:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 01:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 01:38:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2013-11-08 16:17:19.673
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-08 16:17:19.642
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-08 16:14:47.301
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-08 16:14:47.273
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8157.07 MB
Available physical RAM: 5830.26 MB
Total Pagefile: 16312.31 MB
Available Pagefile: 13810.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:252.4 GB) NTFS
Drive d: (GSP1RMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4E235953)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## RushMaster (Jun 27, 2007)

# AdwCleaner v3.208 - Report created 15/05/2014 at 17:21:27
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Millar - CRAIG
# Running from : C:\Users\Millar\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Millar\AppData\Local\AppsHat Mobile Apps
Folder Deleted : C:\Users\Millar\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Millar\AppData\Local\Conduit
Folder Deleted : C:\Users\Millar\AppData\Local\genienext
Folder Deleted : C:\Users\Millar\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Millar\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Millar\AppData\Local\webplayer
Folder Deleted : C:\Users\Millar\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Millar\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Millar\AppData\LocalLow\Vuze_Remote
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DA69494-FF13-420E-B5C9-0173357FF55A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN57518500816707361&ctid=CT3311875&UM=2
Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
Deleted [Extension] : mpcknfcdcgpffjddjeceioobdelceffo

*************************

AdwCleaner[R0].txt - [5558 octets] - [15/05/2014 17:20:24]
AdwCleaner[S0].txt - [5709 octets] - [15/05/2014 17:21:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5769 octets] ##########
# AdwCleaner v3.208 - Report created 16/05/2014 at 15:12:16
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Millar - CRAIG
# Running from : C:\Users\Millar\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Millar\AppData\Local\Conduit
Folder Deleted : C:\Users\Millar\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Millar\AppData\Local\webplayer
Folder Deleted : C:\Users\Millar\AppData\LocalLow\Conduit
[x] Not Deleted : C:\Users\Millar\AppData\LocalLow\Vuze_Remote
File Deleted : C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN57518500816707361&ctid=CT3311875&UM=2

*************************

AdwCleaner[R0].txt - [9064 octets] - [15/05/2014 17:20:24]
AdwCleaner[R1].txt - [881 octets] - [16/05/2014 09:26:15]
AdwCleaner[R2].txt - [1401 octets] - [16/05/2014 13:41:35]
AdwCleaner[S0].txt - [9289 octets] - [15/05/2014 17:21:27]
AdwCleaner[S1].txt - [1350 octets] - [16/05/2014 09:27:39]
AdwCleaner[S2].txt - [1470 octets] - [16/05/2014 13:42:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9469 octets] ##########


----------



## Mark1956 (May 7, 2011)

Malwarebytes has not removed the detections, they are all PUP's (potentially unwanted programs) and the scanner is only set to warn. Rootkit detection is also turned off.

Make these settings and run it again, then post the new log.


Before you run the scan click on *Settings* and then *Detection and Protection* in the left pane.
At the next window make sure there are check marks next to all three of the items below *Detection Options*.
Also, under *Non-Malware detections:* set it to *Treat detections as Malware*.

Please also run Adwcleaner again and post the new log produced after the Clean and reboot.


----------



## Mark1956 (May 7, 2011)

Three days have passed since your last post, are you still with us?


----------



## RushMaster (Jun 27, 2007)

I went out of town for May 24 weekend. I just arrived back tonight. I will run the scan again with the settings and post a log below. Thanks for your patience.


----------



## RushMaster (Jun 27, 2007)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/19/2014
Scan Time: 8:52:37 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.19.15
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Millar

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 265323
Time Elapsed: 9 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## RushMaster (Jun 27, 2007)

# AdwCleaner v3.208 - Report created 16/05/2014 at 09:27:39
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Millar - CRAIG
# Running from : C:\Users\Millar\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN57518500816707361&ctid=CT3311875&UM=2

*************************

AdwCleaner[R0].txt - [5558 octets] - [15/05/2014 17:20:24]
AdwCleaner[R1].txt - [881 octets] - [16/05/2014 09:26:15]
AdwCleaner[S0].txt - [5865 octets] - [15/05/2014 17:21:27]
AdwCleaner[S1].txt - [1210 octets] - [16/05/2014 09:27:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1270 octets] ##########
# AdwCleaner v3.210 - Report created 19/05/2014 at 21:02:45
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Millar - CRAIG
# Running from : C:\Users\Millar\Desktop\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[x] Not Deleted : C:\Users\Millar\AppData\LocalLow\Vuze_Remote

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN57518500816707361&ctid=CT3311875&UM=2

*************************

AdwCleaner[R0].txt - [9064 octets] - [15/05/2014 17:20:24]
AdwCleaner[R1].txt - [2011 octets] - [16/05/2014 09:26:15]
AdwCleaner[R2].txt - [1401 octets] - [16/05/2014 13:41:35]
AdwCleaner[S0].txt - [9557 octets] - [15/05/2014 17:21:27]
AdwCleaner[S1].txt - [2691 octets] - [16/05/2014 09:27:39]
AdwCleaner[S2].txt - [1470 octets] - [16/05/2014 13:42:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2811 octets] ##########


----------



## Mark1956 (May 7, 2011)

Something odd is happening when you are pasting the Adwcleaner log into your replies. The last couple of logs you have posted have an older log as well and some of the information is a bit mixed up.

Please run the scan again and only post the log that comes up after the reboot after clicking on the Clean button.


----------



## RushMaster (Jun 27, 2007)

That's what I did post. I am starting to have the issue again. Just as things looked good again, im noticing that msconfig and all my other small applications are not loading up again. This is ridiculous. Running malwarebytes again and an adwcleaner.


----------



## RushMaster (Jun 27, 2007)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/20/2014
Scan Time: 9:17:15 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.20.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Millar

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 265533
Time Elapsed: 9 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## RushMaster (Jun 27, 2007)

# AdwCleaner v3.208 - Report created 16/05/2014 at 13:42:17
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Millar - CRAIG
# Running from : C:\Users\Millar\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN57518500816707361&ctid=CT3311875&UM=2

*************************

AdwCleaner[R0].txt - [5558 octets] - [15/05/2014 17:20:24]
AdwCleaner[R1].txt - [881 octets] - [16/05/2014 09:26:15]
AdwCleaner[R2].txt - [1401 octets] - [16/05/2014 13:41:35]
AdwCleaner[S0].txt - [5865 octets] - [15/05/2014 17:21:27]
AdwCleaner[S1].txt - [1350 octets] - [16/05/2014 09:27:39]
AdwCleaner[S2].txt - [1330 octets] - [16/05/2014 13:42:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1390 octets] ##########
# AdwCleaner v3.210 - Report created 20/05/2014 at 09:44:25
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Millar - CRAIG
# Running from : C:\Users\Millar\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Millar\AppData\LocalLow\Vuze_Remote

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN57518500816707361&ctid=CT3311875&UM=2
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [9064 octets] - [15/05/2014 17:20:24]
AdwCleaner[R1].txt - [2011 octets] - [16/05/2014 09:26:15]
AdwCleaner[R2].txt - [2990 octets] - [16/05/2014 13:41:35]
AdwCleaner[S0].txt - [9557 octets] - [15/05/2014 17:21:27]
AdwCleaner[S1].txt - [2891 octets] - [16/05/2014 09:27:39]
AdwCleaner[S2].txt - [2932 octets] - [16/05/2014 13:42:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2992 octets] ##########


----------



## RushMaster (Jun 27, 2007)

Why do these same items keep coming up in the scans and keep saying they've been deleted yet I've seen them everytime since the beginning? I notice that there is a conduit search in there too. Very frustrating. I also lost total control of my PC again with the latest adwcleaner scan. Had to run it in safe mode.

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.canadiantire.ca/en/search-results.html?searchByTerm=true&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN57518500816707361&ctid=C T3311875&UM=2
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}


----------



## RushMaster (Jun 27, 2007)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Millar (administrator) on CRAIG on 20-05-2014 10:40:35
Running from C:\Users\Millar\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Lycosa] => C:\Program Files (x86)\Razer\Lycosa\razerhid.exe [147456 2007-11-20] (Razer USA Ltd.)
HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [159744 2007-05-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-01-21] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4484608 2014-01-22] (Research In Motion Limited)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4256569920-867320557-3977783850-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-08] ()
Startup: C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x68A5B9966615CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {97345471-0A63-4773-971B-337FFE5335A2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN36252780597309719&UM=2
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{D3103DA3-9219-4F5A-A448-A88473116F6A}: [NameServer]192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR HomePage: chrome://apps/
CHR StartupUrls: "chrome://apps/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (YouTube) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-07]
CHR Extension: (Facebook) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-01-07]
CHR Extension: (Adblock Plus) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-19]
CHR Extension: (Google Search) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-07]
CHR Extension: (Crackle) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-02-03]
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2013-06-14]
CHR Extension: (Google Wallet) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Outlook.com) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-01-07]
CHR Extension: (Gmail) - C:\Users\Millar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-07]
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Millar\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-03]
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\Millar\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-11-03]

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited)
S2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( )
S2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( )
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-01-22] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1309696 2014-01-22] (Research In Motion Limited)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-04-25] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [142424 2013-04-25] (SlySoft, Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2011-08-08] (BIOSTAR Group)
S1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2011-08-08] (BIOSTAR Group)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [33408 2013-01-12] (B.H.A Corporation)
R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [13824 2007-04-12] (Razer (Asia-Pacific) Pte Ltd)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-20] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [55136 2013-11-08] (VSO Software)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-01-22] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-20 10:40 - 2014-05-20 10:40 - 00013069 _____ () C:\Users\Millar\Desktop\FRST.txt
2014-05-20 10:02 - 2014-05-20 10:02 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Millar\Downloads\tdsskiller.exe
2014-05-20 09:59 - 2014-05-20 09:59 - 02067456 _____ (Farbar) C:\Users\Millar\Desktop\FRST64.exe
2014-05-19 23:10 - 2014-05-19 23:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-19 23:06 - 2014-05-19 23:06 - 00002980 _____ () C:\Windows\System32\Tasks\{CF15F023-4BAC-4380-A093-B26ED6B4136F}
2014-05-19 23:06 - 2014-05-19 23:06 - 00002980 _____ () C:\Windows\System32\Tasks\{5AF2A50D-A03C-4557-8236-23D3A43B596B}
2014-05-19 23:05 - 2014-05-19 23:05 - 00002980 _____ () C:\Windows\System32\Tasks\{82F4EF81-6D5F-4C29-BBE9-595AE75131FB}
2014-05-19 22:50 - 2014-05-19 22:50 - 01326389 _____ () C:\Users\Millar\Desktop\AdwCleaner.exe
2014-05-16 15:31 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 15:31 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 15:31 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 15:31 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 15:31 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 15:31 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-16 15:24 - 2014-05-16 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-16 15:23 - 2014-05-16 15:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 15:23 - 2014-05-16 15:24 - 00000000 ____D () C:\Program Files\iTunes
2014-05-16 15:23 - 2014-05-16 15:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-16 15:23 - 2014-05-16 15:23 - 00000000 ____D () C:\Program Files\iPod
2014-05-16 15:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-16 14:42 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-16 14:42 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-16 14:42 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 14:42 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 14:41 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 14:41 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 14:41 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 14:41 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 14:41 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 14:41 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 14:41 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-16 14:41 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-16 14:41 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 14:41 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 14:41 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 14:41 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 14:41 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 14:41 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 14:41 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 14:41 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 14:41 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 14:41 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-16 14:41 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 14:41 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-16 14:41 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-16 14:41 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-16 14:41 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-16 14:41 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 14:41 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 14:41 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-16 14:41 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-16 14:41 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-16 14:41 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-16 14:41 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-16 14:37 - 2014-05-20 09:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 14:35 - 2014-05-16 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 14:35 - 2014-05-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 14:35 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 14:35 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 09:58 - 2014-05-16 09:58 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\SUPERAntiSpyware.com
2014-05-16 09:57 - 2014-05-16 14:29 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-16 09:57 - 2014-05-16 09:57 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-16 09:20 - 2014-05-20 10:40 - 00000000 ____D () C:\FRST
2014-05-15 17:20 - 2014-05-20 09:44 - 00000000 ____D () C:\AdwCleaner
2014-05-15 16:51 - 2014-05-15 16:51 - 00000000 ____D () C:\$WINDOWS.~BT
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieUserList
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieSiteList
2014-05-14 13:24 - 2014-05-14 13:24 - 00000000 ____D () C:\Users\Millar\AppData\Local\AOL
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-06 20:00 - 2014-05-16 15:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-21 12:14 - 2014-05-16 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 12:14 - 2014-04-21 12:14 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 12:14 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 12:14 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 12:14 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-21 12:14 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

==================== One Month Modified Files and Folders =======

2014-05-20 10:40 - 2014-05-20 10:40 - 00013069 _____ () C:\Users\Millar\Desktop\FRST.txt
2014-05-20 10:40 - 2014-05-16 09:20 - 00000000 ____D () C:\FRST
2014-05-20 10:02 - 2014-05-20 10:02 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Millar\Downloads\tdsskiller.exe
2014-05-20 09:59 - 2014-05-20 09:59 - 02067456 _____ (Farbar) C:\Users\Millar\Desktop\FRST64.exe
2014-05-20 09:56 - 2013-01-07 23:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-20 09:53 - 2014-05-16 14:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 09:53 - 2013-01-08 12:38 - 00000000 ____D () C:\Users\Millar\AppData\Local\PMB Files
2014-05-20 09:52 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 09:52 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 09:48 - 2013-01-07 09:58 - 01283582 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 09:46 - 2013-01-07 22:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-20 09:45 - 2013-01-07 22:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-20 09:45 - 2010-11-20 23:47 - 00248994 _____ () C:\Windows\PFRO.log
2014-05-20 09:45 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 09:45 - 2009-07-14 00:51 - 00129037 _____ () C:\Windows\setupact.log
2014-05-20 09:44 - 2014-05-15 17:20 - 00000000 ____D () C:\AdwCleaner
2014-05-20 09:43 - 2013-01-08 00:24 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-05-20 09:06 - 2013-01-08 00:24 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Azureus
2014-05-19 23:37 - 2013-01-07 22:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 23:27 - 2013-04-21 14:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 23:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system
2014-05-19 23:13 - 2014-05-19 23:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-19 23:06 - 2014-05-19 23:06 - 00002980 _____ () C:\Windows\System32\Tasks\{CF15F023-4BAC-4380-A093-B26ED6B4136F}
2014-05-19 23:06 - 2014-05-19 23:06 - 00002980 _____ () C:\Windows\System32\Tasks\{5AF2A50D-A03C-4557-8236-23D3A43B596B}
2014-05-19 23:05 - 2014-05-19 23:05 - 00002980 _____ () C:\Windows\System32\Tasks\{82F4EF81-6D5F-4C29-BBE9-595AE75131FB}
2014-05-19 22:50 - 2014-05-19 22:50 - 01326389 _____ () C:\Users\Millar\Desktop\AdwCleaner.exe
2014-05-19 22:41 - 2013-01-08 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-05-19 22:41 - 2013-01-08 09:01 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-05-19 21:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-19 20:50 - 2013-01-07 09:59 - 00000000 ____D () C:\Users\Millar
2014-05-19 20:49 - 2013-05-27 20:00 - 00000000 ____D () C:\Users\Millar\Games
2014-05-19 20:49 - 2013-01-08 11:21 - 00000000 ___RD () C:\Users\Millar\Other
2014-05-19 20:47 - 2014-02-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-05-16 15:41 - 2013-01-07 10:00 - 00000000 ___RD () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 15:41 - 2013-01-07 10:00 - 00000000 ___RD () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 15:37 - 2014-05-06 20:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 15:37 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 15:31 - 2013-08-13 20:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 15:29 - 2013-01-07 22:48 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-16 15:24 - 2014-05-16 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-16 15:24 - 2014-05-16 15:23 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 15:24 - 2014-05-16 15:23 - 00000000 ____D () C:\Program Files\iTunes
2014-05-16 15:24 - 2014-05-16 15:23 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-16 15:23 - 2014-05-16 15:23 - 00000000 ____D () C:\Program Files\iPod
2014-05-16 15:12 - 2013-11-08 17:59 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-05-16 15:01 - 2013-02-09 19:39 - 00000000 ____D () C:\Windows\Minidump
2014-05-16 14:36 - 2013-01-07 23:38 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Malwarebytes
2014-05-16 14:35 - 2014-05-16 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 14:35 - 2014-05-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 14:35 - 2013-01-07 23:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 14:35 - 2013-01-07 23:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-16 14:32 - 2013-01-07 23:41 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\Skype
2014-05-16 14:32 - 2013-01-07 22:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-16 14:32 - 2013-01-07 22:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-16 14:29 - 2014-05-16 09:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-16 14:28 - 2014-04-21 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-16 14:28 - 2014-02-23 17:11 - 00000000 ____D () C:\Program Files\CPUID
2014-05-16 14:28 - 2014-01-30 18:38 - 00000000 ____D () C:\Program Files (x86)\VidCoder
2014-05-16 14:28 - 2013-01-12 12:42 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\vlc
2014-05-16 14:28 - 2013-01-08 12:38 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-16 14:28 - 2013-01-08 00:24 - 00000000 ____D () C:\Users\Millar\.swt
2014-05-16 14:28 - 2013-01-08 00:21 - 00000000 ____D () C:\Users\Millar\Torrents
2014-05-16 14:28 - 2013-01-07 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-16 14:28 - 2013-01-07 22:22 - 00000000 ____D () C:\Users\Millar\AppData\Local\Apps\2.0
2014-05-16 14:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-16 14:27 - 2011-04-12 04:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-16 14:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-16 14:25 - 2013-06-24 18:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-16 14:25 - 2013-01-07 23:35 - 00000000 ____D () C:\ProgramData\Apple
2014-05-16 14:25 - 2013-01-07 22:23 - 00000000 ____D () C:\Users\Millar\AppData\Local\Google
2014-05-16 09:58 - 2014-05-16 09:58 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\SUPERAntiSpyware.com
2014-05-16 09:57 - 2014-05-16 09:57 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-15 16:51 - 2014-05-15 16:51 - 00000000 ____D () C:\$WINDOWS.~BT
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieUserList
2014-05-15 13:39 - 2014-05-15 13:39 - 00000000 __SHD () C:\Users\Millar\AppData\Local\EmieSiteList
2014-05-14 13:24 - 2014-05-14 13:24 - 00000000 ____D () C:\Users\Millar\AppData\Local\AOL
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-09 02:14 - 2014-05-16 14:42 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-16 14:42 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 00:00 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\Millar\AppData\Roaming\VidCoder
2014-05-07 21:48 - 2013-11-08 17:29 - 00000040 ___SH () C:\ProgramData\.zreglib
2014-05-06 00:40 - 2014-05-16 15:31 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-16 15:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-16 15:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-16 15:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-16 15:31 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-16 15:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-21 12:17 - 2013-10-21 17:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 12:14 - 2014-04-21 12:14 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 19:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Millar\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_6c_vg.dll
C:\Users\Millar\AppData\Local\Temp\Quarantine.exe
C:\Users\Millar\AppData\Local\Temp\vzf-6113670205269863225.dll
C:\Users\Millar\AppData\Local\Temp\vzf-8298530391949202557.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-16 14:41] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-19 21:47

==================== End Of Log ============================


----------



## RushMaster (Jun 27, 2007)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Millar at 2014-05-20 10:40:49
Running from C:\Users\Millar\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

abcAVI (HKLM-x32\...\abcavi_tag_editor_is1) (Version: - Alexander Sorkin aka Kibi)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.1.9.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
BlackBerry App World Browser Plugin (HKLM-x32\...\{14663620-53AC-4821-8E77-500732DD0F8E}) (Version: 4.3.0.43 - Research In Motion Limited)
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.3.23 - BlackBerry Ltd.)
BlackBerry Link (x32 Version: 1.2.3.23 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GoldWave v5.69 (HKLM-x32\...\GoldWave v5.69) (Version: 5.69 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nero Suite (HKLM-x32\...\NeroMultiInstaller!UninstallKey) (Version: - )
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 5.01 - Razer Inc.)
Razer Lycosa (HKLM-x32\...\{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}) (Version: 3.02 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VidCoder 1.4.25 (x86) (HKLM-x32\...\VidCoder_is1) (Version: 1.4.25 - RandomEngy)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR (HKLM-x32\...\WinRAR) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Restore Points =========================

29-04-2014 15:43:32 Scheduled Checkpoint
06-05-2014 00:00:20 Windows Update
07-05-2014 00:00:11 Windows Update
14-05-2014 18:57:25 Scheduled Checkpoint
15-05-2014 00:00:22 Windows Update
16-05-2014 18:45:10 Installed AVG 2014
16-05-2014 19:22:09 Installed iTunes
16-05-2014 19:26:20 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1246945F-C216-4985-9CA0-3D0B531332D2} - System32\Tasks\{980B2505-9853-4B72-9BB1-D37E7E796C0C} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {145B4988-EEC8-4C3D-A9F7-5B4288E1AEF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {6899E98D-3C5C-4619-AB17-325BDF0EC501} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
Task: {7F5CB189-D860-4EC8-8236-833FDA472300} - System32\Tasks\{6540A9C2-6C1A-42F0-8D07-CDF84293824B} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {84C8E2FF-6D67-421D-AA91-AB821AF7368E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {8940C571-BF19-4A1E-B587-47FF92632448} - System32\Tasks\{CF15F023-4BAC-4380-A093-B26ED6B4136F} => C:\Users\Millar\Downloads\VuzeBittorrentClientInstaller.exe
Task: {8A1EA628-53C0-472D-813B-DFA0CA7B6E19} - System32\Tasks\{5AF2A50D-A03C-4557-8236-23D3A43B596B} => C:\Users\Millar\Downloads\VuzeBittorrentClientInstaller.exe
Task: {A5AC494A-D3A5-42BA-93F4-787949C418C2} - System32\Tasks\{59B4E182-74E5-4613-9D64-52FBE273629D} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {CBC3CFF3-9967-423E-AEBB-8D1FA3A11E5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CEFEAD84-C80F-42E6-B5DE-27A9A145BB3B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {CF87E7FC-D745-4B05-B4DC-534277C3EE06} - System32\Tasks\{9AF43481-0CD4-4AF0-99C1-03E88B2D692D} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {D1B8F665-E1AA-48D4-AB53-2048B3F898B4} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {E394CB81-C200-45D1-882D-1586EFC8AAA3} - System32\Tasks\{D31B8397-F95E-45F8-B182-E03F0434D0E7} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {E4C261FD-5F67-46A8-A2D6-F1169CE80992} - System32\Tasks\{82F4EF81-6D5F-4C29-BBE9-595AE75131FB} => C:\Users\Millar\Downloads\VuzeBittorrentClientInstaller.exe
Task: {F9C53CA0-862E-4DBF-8B9F-4E27E167675A} - System32\Tasks\{73373588-0A77-48E1-8E0B-FC76D782E5A5} => C:\Program Files (x86)\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2014-05-19 20:38 - 2014-05-07 19:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-19 20:38 - 2014-05-07 19:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-19 20:38 - 2014-05-07 19:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-19 20:38 - 2014-05-07 19:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-04-14 13:16 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Millar\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-14 13:16 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Millar\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxbkbmgr.exe => "C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2014 09:58:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 09:46:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 09:43:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 09:37:46 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/20/2014 09:04:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 11:27:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 11:26:21 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/19/2014 11:03:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 11:03:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/19/2014 09:05:57 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

System errors:
=============
Error: (05/20/2014 10:00:13 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (05/20/2014 09:56:49 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/20/2014 09:56:49 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/20/2014 09:56:45 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/20/2014 09:56:39 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/20/2014 09:56:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgdiska
AVGIDSDriver
Avgldx64
BIOS
discache
ElbyCDIO
spldr
Wanarpv6

Error: (05/20/2014 09:56:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: 
%%31

Error: (05/20/2014 09:56:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/20/2014 09:56:13 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/20/2014 09:56:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:55:29 AM on ‎5/‎20/‎2014 was unexpected.

Microsoft Office Sessions:
=========================
Error: (05/20/2014 09:58:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 09:46:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 09:43:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2014 09:37:46 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/20/2014 09:04:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 11:27:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 11:26:21 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/19/2014 11:03:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 11:03:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/19/2014 09:05:57 PM) (Source: MsiInstaller) (EventID: 1024) (User: Craig)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

CodeIntegrity Errors:
===================================
Date: 2013-11-08 16:17:19.673
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-08 16:17:19.642
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-08 16:14:47.301
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-08 16:14:47.273
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 8157.07 MB
Available physical RAM: 6215.49 MB
Total Pagefile: 16312.31 MB
Available Pagefile: 14639.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:245.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4E235953)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## RushMaster (Jun 27, 2007)

So I'm right back to not being able to open anything within folders or my start menu or most icons on desktop. When I click anything it just loads for a second then stop, and then the folder i have open just becomes unresponsive and stays there. Can't close it or navigate out of it. Same with start menu, search or locate a program or file, click to open it, start menu becomes unresponsive and wont close or let me navigate to another section. I don't know what else to do here. Scans are coming up clean everytime. Yet everything works normally in safe mode. What else can we do?


----------



## Mark1956 (May 7, 2011)

I see you recently downloaded TDSSKiller so please run it following the instructions below, it is very easy to remove files required by your software if you don't follow the correct instructions. Post the log when done.

===================================

Please also run FRST again, when the window opens type *spldr.sys* into the box and click on Search Files. It should not take too long to complete at which point it will produce a new log, please post it in your next reply.

====================================

All the items we removed with FRST have returned after the system restore so please run it again and post the resulting log, following these instructions:

Download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.

Please DO NOT use System Restore again as this has put us right back to step one and having to repeat all the removals again.

====================================

The items that Adwcleaner keeps finding are in Google, to get rid of them for good you need to re-install Google following these instructions, go one step at a time, if you miss any of the steps you are likely to see the Adware return again.

First save all your bookmarks/favourites.
Open Chrome, click on the 3 bars in the top right hand corner, select *Bookmarks* and then *Bookmarks Manager.*
Click on *Organise* and then select *Export Bookmarks to HTML file* and choose the *Desktop* to save it.
When you have re-installed Chrome repeat the process and select *Import Bookmarks* to put them back.

Open Chrome, click on the three bars in the top right hand corner and select *Settings*.
In the list of Settings under *Sign in* click on *Disconnect your Google Account*.
In the text of the next window click on *Google Dashboard*, at the *Chrome sync* screen click on *Stop and Clear* at the bottom.
A box will open and ask for confirmation, click on *OK*.
You must *wait* for this to complete before doing the next step.
When confirmation appears close that page and then click on *Disconnect account*.
Shut Google Chrome, click on *Start* > *Control Panel* > *Programs and Features* (or *Add/Remove Programs* in XP) and uninstall *Google Chrome*. Select Everything for removal when asked.

Reboot the system and then reinstall Google Chrome from Here

=====================================

Please follow this to run TDSSKiller:

Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option *DO NOT select delete* as you may remove files needed for the system to operate.

Please download Kaspersky's *TDSSKiller* and *save it to your Desktop. <-Important!*
_-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again._

_Be sure to print out and follow all of these instructions unless you can view them on another PC while running the program. _.


Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
Alternatively, you can download TDSSKiller.exe and use that instead.
Double-click on *TDSSKiller.exe* to run the tool for known TDSS variants.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
If an update is available, TDSSKiller will prompt you to update and download the most current version. Click *Load Update*. Close TDSSKiller and start again.


When the program opens, click the *Change parameters.*









Under "Additional options", check the boxes next to *Verify file digital signatures* and *Detect TDLFS file system*, then click *OK*.









Click the *Start Scan* button.









Do not use the computer during the scan
If the scan completes with nothing found, click *Close* to exit.
If '*Suspicious objects*' are detected, the default action will be *Skip*. Leave the default set to Skip and click on *Continue*.
If *Malicious objects* are detected, they will show in the Scan results - *Select action for found objects:* and offer three options.









Ensure *Cure* is selected...then click *Continue* -> *Reboot computer* *for cure completion.*









*Important! ->* If *Cure* *is not available*, please choose *Skip* instead. *Do not choose Delete unless instructed.* If you choose *Delete* you may *remove critical system files* and make your PC *unstable* or possibly *unbootable*.
A log file named *TDSSKiller_version_date_time_log.txt* will be created and saved to the root directory (usually Local Disk C: ).
Copy and paste the contents of that file in your next reply.

_-- If TDSSKiller does not run, try renaming it. To do this, right-click on *TDSSKiller.exe*, select *Rename* and give it a random name with the *.com* file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else *before* beginning the download and saving to the computer or to perform the scan in "safe mode"._


----------



## RushMaster (Jun 27, 2007)

Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Millar at 2014-05-20 15:11:58
Running from C:\Users\Millar\Desktop
Boot Mode: Normal

================== Search Files: "spldr.sys" =============

C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys
[2009-07-13 16:27] - [2009-07-13 21:45] - 0019008 ____A (Microsoft Corporation) B9E31E5CACDFE584F34F730A677803F9

C:\Windows\System32\drivers\spldr.sys
[2009-07-13 16:27] - [2009-07-13 21:45] - 0019008 ____A (Microsoft Corporation) B9E31E5CACDFE584F34F730A677803F9

====== End Of Search ======


----------



## RushMaster (Jun 27, 2007)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by Millar at 2014-05-20 15:14:04 Run:2
Running from C:\Users\Millar\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - {97345471-0A63-4773-971B-337FFE5335A2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN3625278 0597309719&UM=2
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\Windows\SysWOW64\npDeployJava1.dll No File
Task: {6899E98D-3C5C-4619-AB17-325BDF0EC501} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
Task: {CEFEAD84-C80F-42E6-B5DE-27A9A145BB3B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [33408 2013-01-12] (B.H.A Corporation)
C:\Windows\SysWow64\Drivers\cdrbsdrv.sys

*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{97345471-0A63-4773-971B-337FFE5335A2} => Key deleted successfully.
HKCR\CLSID\{97345471-0A63-4773-971B-337FFE5335A2} => Key not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6899E98D-3C5C-4619-AB17-325BDF0EC501} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6899E98D-3C5C-4619-AB17-325BDF0EC501} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEFEAD84-C80F-42E6-B5DE-27A9A145BB3B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEFEAD84-C80F-42E6-B5DE-27A9A145BB3B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
cdrbsdrv => Service deleted successfully.
C:\Windows\SysWow64\Drivers\cdrbsdrv.sys => Moved successfully.

==== End of Fixlog ====


----------



## RushMaster (Jun 27, 2007)

Is it normal for it have elapsed for this long and still be taking over an hour to complete? Posted a screenshot for ya:

http://tinypic.com/r/33dfogn/8


----------



## RushMaster (Jun 27, 2007)

I had to restart the scan, it wasnt working in normal boot mode. This was done in safe mode:

16:14:35.0194 0x0540 TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
16:14:36.0926 0x0540 ============================================================
16:14:36.0926 0x0540 Current date / time: 2014/05/20 16:14:36.0926
16:14:36.0926 0x0540 SystemInfo:
16:14:36.0926 0x0540 
16:14:36.0926 0x0540 OS Version: 6.1.7601 ServicePack: 1.0
16:14:36.0926 0x0540 Product type: Workstation
16:14:36.0926 0x0540 ComputerName: CRAIG
16:14:36.0926 0x0540 UserName: Millar
16:14:36.0926 0x0540 Windows directory: C:\Windows
16:14:36.0926 0x0540 System windows directory: C:\Windows
16:14:36.0926 0x0540 Running under WOW64
16:14:36.0926 0x0540 Processor architecture: Intel x64
16:14:36.0926 0x0540 Number of processors: 4
16:14:36.0926 0x0540 Page size: 0x1000
16:14:36.0926 0x0540 Boot type: Safe boot
16:14:36.0926 0x0540 ============================================================
16:14:39.0625 0x0540 KLMD registered as C:\Windows\system32\drivers\33279411.sys
16:14:39.0687 0x0540 System UUID: {F8E331CA-EAD8-79A6-1BFA-EB663B950824}
16:14:40.0077 0x0540 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:14:40.0077 0x0540 ============================================================
16:14:40.0077 0x0540 \Device\Harddisk0\DR0:
16:14:40.0077 0x0540 MBR partitions:
16:14:40.0077 0x0540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:14:40.0077 0x0540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
16:14:40.0077 0x0540 ============================================================
16:14:40.0093 0x0540 C: <-> \Device\Harddisk0\DR0\Partition2
16:14:40.0093 0x0540 ============================================================
16:14:40.0093 0x0540 Initialize success
16:14:40.0093 0x0540 ============================================================
16:15:53.0663 0x05b4 ============================================================
16:15:53.0663 0x05b4 Scan started
16:15:53.0663 0x05b4 Mode: Manual; SigCheck; TDLFS; 
16:15:53.0663 0x05b4 ============================================================
16:15:53.0663 0x05b4 KSN ping started
16:15:53.0694 0x05b4 KSN ping finished: false
16:15:53.0881 0x05b4 ================ Scan system memory ========================
16:15:53.0881 0x05b4 System memory - ok
16:15:53.0881 0x05b4 ================ Scan services =============================
16:15:53.0990 0x05b4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:15:54.0099 0x05b4 1394ohci - ok
16:15:54.0115 0x05b4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:15:54.0131 0x05b4 ACPI - ok
16:15:54.0131 0x05b4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:15:54.0162 0x05b4 AcpiPmi - ok
16:15:54.0240 0x05b4 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:15:54.0255 0x05b4 AdobeARMservice - ok
16:15:54.0287 0x05b4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:15:54.0302 0x05b4 adp94xx - ok
16:15:54.0318 0x05b4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:15:54.0333 0x05b4 adpahci - ok
16:15:54.0349 0x05b4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:15:54.0349 0x05b4 adpu320 - ok
16:15:54.0380 0x05b4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:15:54.0458 0x05b4 AeLookupSvc - ok
16:15:54.0521 0x05b4 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
16:15:54.0552 0x05b4 AFD - ok
16:15:54.0552 0x05b4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
16:15:54.0567 0x05b4 agp440 - ok
16:15:54.0583 0x05b4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:15:54.0599 0x05b4 ALG - ok
16:15:54.0614 0x05b4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
16:15:54.0614 0x05b4 aliide - ok
16:15:54.0630 0x05b4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
16:15:54.0645 0x05b4 amdide - ok
16:15:54.0645 0x05b4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:15:54.0661 0x05b4 AmdK8 - ok
16:15:54.0661 0x05b4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:15:54.0661 0x05b4 AmdPPM - ok
16:15:54.0692 0x05b4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:15:54.0708 0x05b4 amdsata - ok
16:15:54.0723 0x05b4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:15:54.0739 0x05b4 amdsbs - ok
16:15:54.0739 0x05b4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:15:54.0739 0x05b4 amdxata - ok
16:15:54.0801 0x05b4 [ 57594DB9FD6A4C9E030B7019AFB78426, 10C57F49A085FDD2C9F1CA0B4E44B9EACB34BCC78CA2483BD406B9AD5FC6F830 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
16:15:54.0817 0x05b4 AnyDVD - ok
16:15:54.0833 0x05b4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
16:15:54.0926 0x05b4 AppID - ok
16:15:54.0942 0x05b4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:15:54.0957 0x05b4 AppIDSvc - ok
16:15:54.0989 0x05b4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
16:15:55.0004 0x05b4 Appinfo - ok
16:15:55.0082 0x05b4 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:15:55.0098 0x05b4 Apple Mobile Device - ok
16:15:55.0113 0x05b4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
16:15:55.0129 0x05b4 arc - ok
16:15:55.0145 0x05b4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:15:55.0145 0x05b4 arcsas - ok
16:15:55.0254 0x05b4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:15:55.0285 0x05b4 aspnet_state - ok
16:15:55.0316 0x05b4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:15:55.0332 0x05b4 AsyncMac - ok
16:15:55.0379 0x05b4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
16:15:55.0379 0x05b4 atapi - ok
16:15:55.0441 0x05b4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:15:55.0472 0x05b4 AudioEndpointBuilder - ok
16:15:55.0488 0x05b4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:15:55.0519 0x05b4 AudioSrv - ok
16:15:55.0597 0x05b4 [ 2D5E8A35808FDA50274CFD22000DAB53, 3C11CCD0162DD5D036527D7DBEC8159CCB60E84C16F9ADA84773EC3302BEB4A5 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
16:15:55.0597 0x05b4 Avgdiska - ok
16:15:55.0737 0x05b4 [ 561CE09C52F6E945ED4CE7E173D1F542, 25FB1B55E22D4DF3B03B6D395B6C4749C03B950139767FA095C24234BD962782 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
16:15:55.0847 0x05b4 AVGIDSAgent - ok
16:15:55.0893 0x05b4 [ B7E17B7733C4266F140DD356817E5678, CBDD48476811C3B0D66528DD5A0E69A5F1D8070C68EBD8AA5170A8A2C4B22A8D ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:15:55.0893 0x05b4 AVGIDSDriver - ok
16:15:55.0925 0x05b4 [ F6CE2F1B6E890FB5EBC04A11A2E31DC1, 7F1442D6EDF18D089C7DBB00AF03BB4376A59006187D29D05402B2830E84F7E7 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
16:15:55.0940 0x05b4 AVGIDSHA - ok
16:15:55.0971 0x05b4 [ 18A542A22A31DFFEA51666E75393E7A5, 7EFA508ECE7266446B2A5E12DB7461D328F2B47E2A70A8AA2C9D0E42898C71AC ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
16:15:55.0971 0x05b4 Avgldx64 - ok
16:15:56.0003 0x05b4 [ EC0E347F6C95541504CCF1B85D74F91F, F0819BF489C8776696D9DD89AC9673717BAF957DFAA071DA3911560172C6D952 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
16:15:56.0018 0x05b4 Avgloga - ok
16:15:56.0034 0x05b4 [ ADC65C6074A994D91CA9C6339C3DC978, A736BF94E41B9B06E826E3F2BBA7B305990DF68CF17DA8F661AE952FB240DDE1 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
16:15:56.0034 0x05b4 Avgmfx64 - ok
16:15:56.0065 0x05b4 [ 7D206FA06603E95984EFF9822C9FC958, 11863D7A5A14C852594F90FD3A54E55CBE8C27075E640C9B222102AD9DA91F35 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
16:15:56.0081 0x05b4 Avgrkx64 - ok
16:15:56.0112 0x05b4 [ F86A506DA0BF61402E19DB8AF0684C9A, A4AB8FE25B3A27E7351ABFF6A8B7120C722E797BE38708A1C5E38211672C6AE8 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
16:15:56.0127 0x05b4 Avgtdia - ok
16:15:56.0159 0x05b4 [ E5C581D358B62CF65776B8E4E17B9E5C, 955E4ECFD036330B139476CCCC7564B082C197D5E7577853E0C3D7B707EDB090 ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
16:15:56.0174 0x05b4 avgwd - ok
16:15:56.0190 0x05b4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:15:56.0237 0x05b4 AxInstSV - ok
16:15:56.0268 0x05b4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:15:56.0299 0x05b4 b06bdrv - ok
16:15:56.0330 0x05b4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:15:56.0346 0x05b4 b57nd60a - ok
16:15:56.0361 0x05b4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:15:56.0377 0x05b4 BDESVC - ok
16:15:56.0393 0x05b4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:15:56.0408 0x05b4 Beep - ok
16:15:56.0439 0x05b4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
16:15:56.0471 0x05b4 BFE - ok
16:15:56.0502 0x05b4 [ 00CADB1BC2D0030F0B2A1063618B6BD7, 29D21451E6CABB0AE5C90B65FE40CEC9E7FE3D37C1BC661FB4873F4009ADFA0F ] BIOS C:\Windows\system32\drivers\BIOS64.sys
16:15:56.0502 0x05b4 BIOS - ok
16:15:56.0549 0x05b4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
16:15:56.0595 0x05b4 BITS - ok
16:15:56.0642 0x05b4 [ 5AD1283BB135F69F481FD5BB2A5F62A7, 981CCF329ECB0B77506BC85C49924DED1AC4ACC194AF6865764A8A1808B18755 ] BlackBerry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
16:15:56.0658 0x05b4 BlackBerry Device Manager - detected UnsignedFile.Multi.Generic ( 1 )
16:15:56.0705 0x05b4 BlackBerry Device Manager ( UnsignedFile.Multi.Generic ) - warning
16:15:56.0736 0x05b4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:15:56.0736 0x05b4 blbdrive - ok
16:15:56.0798 0x05b4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:15:56.0798 0x05b4 Bonjour Service - ok
16:15:56.0829 0x05b4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:15:56.0845 0x05b4 bowser - ok
16:15:56.0892 0x05b4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:15:56.0892 0x05b4 BrFiltLo - ok
16:15:56.0907 0x05b4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:15:56.0907 0x05b4 BrFiltUp - ok
16:15:56.0939 0x05b4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
16:15:56.0954 0x05b4 Browser - ok
16:15:56.0970 0x05b4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:15:57.0001 0x05b4 Brserid - ok
16:15:57.0001 0x05b4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:15:57.0017 0x05b4 BrSerWdm - ok
16:15:57.0032 0x05b4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:15:57.0032 0x05b4 BrUsbMdm - ok
16:15:57.0048 0x05b4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:15:57.0048 0x05b4 BrUsbSer - ok
16:15:57.0079 0x05b4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:15:57.0079 0x05b4 BTHMODEM - ok
16:15:57.0095 0x05b4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
16:15:57.0126 0x05b4 bthserv - ok
16:15:57.0141 0x05b4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:15:57.0157 0x05b4 cdfs - ok
16:15:57.0173 0x05b4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:15:57.0188 0x05b4 cdrom - ok
16:15:57.0204 0x05b4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
16:15:57.0219 0x05b4 CertPropSvc - ok
16:15:57.0235 0x05b4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
16:15:57.0235 0x05b4 circlass - ok
16:15:57.0251 0x05b4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
16:15:57.0266 0x05b4 CLFS - ok
16:15:57.0313 0x05b4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:15:57.0313 0x05b4 clr_optimization_v2.0.50727_32 - ok
16:15:57.0360 0x05b4 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:15:57.0360 0x05b4 clr_optimization_v2.0.50727_64 - ok
16:15:57.0422 0x05b4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:15:57.0485 0x05b4 clr_optimization_v4.0.30319_32 - ok
16:15:57.0500 0x05b4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:15:57.0578 0x05b4 clr_optimization_v4.0.30319_64 - ok
16:15:57.0609 0x05b4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:15:57.0609 0x05b4 CmBatt - ok
16:15:57.0641 0x05b4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:15:57.0641 0x05b4 cmdide - ok
16:15:57.0687 0x05b4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
16:15:57.0703 0x05b4 CNG - ok
16:15:57.0703 0x05b4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:15:57.0719 0x05b4 Compbatt - ok
16:15:57.0734 0x05b4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:15:57.0750 0x05b4 CompositeBus - ok
16:15:57.0750 0x05b4 COMSysApp - ok
16:15:57.0828 0x05b4 [ 815F3180B5117E42E422188E9CCC89C6, 69E539D33F3B9F3562FE4B21D853EEBB15DBD2106509FEBD476D04562F34AC08 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:15:57.0828 0x05b4 cphs - ok
16:15:57.0843 0x05b4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:15:57.0843 0x05b4 crcdisk - ok
16:15:57.0890 0x05b4 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:15:57.0906 0x05b4 CryptSvc - ok
16:15:57.0968 0x05b4 [ 90288481FC372CBAB0F512CCD724A2FC, D5E8101983C4CB6FC24848588027BEB4A53807C9DBEB33F6C94D873E332DEB94 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys
16:15:57.0968 0x05b4 DAdderFltr - ok
16:15:57.0999 0x05b4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:15:58.0031 0x05b4 DcomLaunch - ok
16:15:58.0062 0x05b4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
16:15:58.0093 0x05b4 defragsvc - ok
16:15:58.0109 0x05b4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:15:58.0124 0x05b4 DfsC - ok
16:15:58.0155 0x05b4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:15:58.0171 0x05b4 Dhcp - ok
16:15:58.0202 0x05b4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
16:15:58.0218 0x05b4 discache - ok
16:15:58.0249 0x05b4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
16:15:58.0249 0x05b4 Disk - ok
16:15:58.0296 0x05b4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:15:58.0311 0x05b4 Dnscache - ok
16:15:58.0343 0x05b4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
16:15:58.0358 0x05b4 dot3svc - ok
16:15:58.0374 0x05b4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
16:15:58.0405 0x05b4 DPS - ok
16:15:58.0452 0x05b4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:15:58.0467 0x05b4 drmkaud - ok
16:15:58.0514 0x05b4 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:15:58.0530 0x05b4 DXGKrnl - ok
16:15:58.0545 0x05b4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
16:15:58.0577 0x05b4 EapHost - ok
16:15:58.0670 0x05b4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:15:58.0795 0x05b4 ebdrv - ok
16:15:58.0826 0x05b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
16:15:58.0842 0x05b4 EFS - ok
16:15:58.0889 0x05b4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:15:58.0935 0x05b4 ehRecvr - ok
16:15:58.0951 0x05b4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
16:15:58.0967 0x05b4 ehSched - ok
16:15:59.0029 0x05b4 [ BE2902E13CA69383F449B6BF927844FB, F092785E305D8E1FE795AF98A7A7B7B4548A0D6687060568C9E078FFA8D65C1C ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
16:15:59.0045 0x05b4 ElbyCDIO - ok
16:15:59.0076 0x05b4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:15:59.0091 0x05b4 elxstor - ok
16:15:59.0107 0x05b4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:15:59.0107 0x05b4 ErrDev - ok
16:15:59.0138 0x05b4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
16:15:59.0169 0x05b4 EventSystem - ok
16:15:59.0185 0x05b4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
16:15:59.0216 0x05b4 exfat - ok
16:15:59.0232 0x05b4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:15:59.0247 0x05b4 fastfat - ok
16:15:59.0279 0x05b4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
16:15:59.0325 0x05b4 Fax - ok
16:15:59.0325 0x05b4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
16:15:59.0325 0x05b4 fdc - ok
16:15:59.0357 0x05b4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
16:15:59.0388 0x05b4 fdPHost - ok
16:15:59.0388 0x05b4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
16:15:59.0419 0x05b4 FDResPub - ok
16:15:59.0419 0x05b4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:15:59.0435 0x05b4 FileInfo - ok
16:15:59.0435 0x05b4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:15:59.0466 0x05b4 Filetrace - ok
16:15:59.0481 0x05b4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:15:59.0481 0x05b4 flpydisk - ok
16:15:59.0513 0x05b4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:15:59.0513 0x05b4 FltMgr - ok
16:15:59.0559 0x05b4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
16:15:59.0606 0x05b4 FontCache - ok
16:15:59.0653 0x05b4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:15:59.0669 0x05b4 FontCache3.0.0.0 - ok
16:15:59.0669 0x05b4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:15:59.0684 0x05b4 FsDepends - ok
16:15:59.0700 0x05b4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:15:59.0700 0x05b4 Fs_Rec - ok
16:15:59.0747 0x05b4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:15:59.0762 0x05b4 fvevol - ok
16:15:59.0778 0x05b4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:15:59.0778 0x05b4 gagp30kx - ok
16:15:59.0793 0x05b4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:15:59.0809 0x05b4 GEARAspiWDM - ok
16:15:59.0840 0x05b4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
16:15:59.0871 0x05b4 gpsvc - ok
16:15:59.0949 0x05b4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:15:59.0949 0x05b4 gupdate - ok
16:15:59.0965 0x05b4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:15:59.0965 0x05b4 gupdatem - ok
16:15:59.0981 0x05b4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:15:59.0996 0x05b4 hcw85cir - ok
16:16:00.0027 0x05b4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:16:00.0043 0x05b4 HdAudAddService - ok
16:16:00.0074 0x05b4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:16:00.0074 0x05b4 HDAudBus - ok
16:16:00.0090 0x05b4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:16:00.0090 0x05b4 HidBatt - ok
16:16:00.0105 0x05b4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:16:00.0105 0x05b4 HidBth - ok
16:16:00.0121 0x05b4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
16:16:00.0137 0x05b4 HidIr - ok
16:16:00.0152 0x05b4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
16:16:00.0168 0x05b4 hidserv - ok
16:16:00.0215 0x05b4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:16:00.0230 0x05b4 HidUsb - ok
16:16:00.0246 0x05b4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:16:00.0261 0x05b4 hkmsvc - ok
16:16:00.0308 0x05b4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:16:00.0324 0x05b4 HomeGroupListener - ok
16:16:00.0339 0x05b4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:16:00.0355 0x05b4 HomeGroupProvider - ok
16:16:00.0371 0x05b4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:16:00.0371 0x05b4 HpSAMD - ok
16:16:00.0417 0x05b4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:16:00.0449 0x05b4 HTTP - ok
16:16:00.0449 0x05b4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:16:00.0464 0x05b4 hwpolicy - ok
16:16:00.0480 0x05b4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:16:00.0495 0x05b4 i8042prt - ok
16:16:00.0542 0x05b4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:16:00.0558 0x05b4 iaStorV - ok
16:16:00.0605 0x05b4 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:16:00.0636 0x05b4 idsvc - ok
16:16:00.0667 0x05b4 IEEtwCollectorService - ok
16:16:00.0807 0x05b4 [ 348214F96642FD4FEF630DE021BA3540, B6A7D2EA41F6866F5AFF5022BB459E5AFF683FF2FF470B84F3E911C8AEC47C30 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:16:00.0963 0x05b4 igfx - ok
16:16:00.0995 0x05b4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:16:00.0995 0x05b4 iirsp - ok
16:16:01.0041 0x05b4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
16:16:01.0073 0x05b4 IKEEXT - ok
16:16:01.0213 0x05b4 [ F242E36CDA231701CFA702641C20FAEC, 47350EF8474F83249A9126AB6894145732CA0B68DA2EE001940C9E4AEF128B88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:16:01.0322 0x05b4 IntcAzAudAddService - ok
16:16:01.0353 0x05b4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
16:16:01.0353 0x05b4 intelide - ok
16:16:01.0385 0x05b4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:16:01.0385 0x05b4 intelppm - ok
16:16:01.0416 0x05b4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:16:01.0431 0x05b4 IPBusEnum - ok
16:16:01.0447 0x05b4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:16:01.0463 0x05b4 IpFilterDriver - ok
16:16:01.0494 0x05b4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:16:01.0525 0x05b4 iphlpsvc - ok
16:16:01.0541 0x05b4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:16:01.0541 0x05b4 IPMIDRV - ok
16:16:01.0556 0x05b4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:16:01.0572 0x05b4 IPNAT - ok
16:16:01.0650 0x05b4 [ 6BF622C46721CF6E2B35E868F319E6EB, 926D3C6334D8AF8A248A361D1F7C0A655835572ED8AC6F1D7932E1FA7A26B50A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:16:01.0681 0x05b4 iPod Service - ok
16:16:01.0697 0x05b4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:16:01.0712 0x05b4 IRENUM - ok
16:16:01.0728 0x05b4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:16:01.0728 0x05b4 isapnp - ok
16:16:01.0775 0x05b4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:16:01.0775 0x05b4 iScsiPrt - ok
16:16:01.0806 0x05b4 [ 6BCEF45131C8B8E1C558BE540B190B3C, DFFED7FD9DCC15808184E65065DE6138FE010AC01217E5016B2D20A5B89AC570 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:16:01.0806 0x05b4 iusb3hcs - ok
16:16:01.0821 0x05b4 [ F080EADA8715F811B58BD35BB774F2F9, 06D5A70CBA89561A71B9CB64D7A298767F098395411A7022F414C7D0AC89A44D ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:16:01.0837 0x05b4 iusb3hub - ok
16:16:01.0868 0x05b4 [ 0F1756D9396740F053221FA6260FCE66, 0B722BF6BCF66BBD49DE0E92555742976AB33319CF504461A50181BF7A77E886 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:16:01.0884 0x05b4 iusb3xhc - ok
16:16:01.0915 0x05b4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:16:01.0915 0x05b4 kbdclass - ok
16:16:01.0931 0x05b4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:16:01.0946 0x05b4 kbdhid - ok
16:16:01.0946 0x05b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
16:16:01.0962 0x05b4 KeyIso - ok
16:16:01.0993 0x05b4 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:16:02.0009 0x05b4 KSecDD - ok
16:16:02.0040 0x05b4 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:16:02.0040 0x05b4 KSecPkg - ok
16:16:02.0055 0x05b4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:16:02.0071 0x05b4 ksthunk - ok
16:16:02.0102 0x05b4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
16:16:02.0118 0x05b4 KtmRm - ok
16:16:02.0149 0x05b4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:16:02.0180 0x05b4 LanmanServer - ok
16:16:02.0196 0x05b4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:16:02.0211 0x05b4 LanmanWorkstation - ok
16:16:02.0243 0x05b4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:16:02.0274 0x05b4 lltdio - ok
16:16:02.0305 0x05b4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:16:02.0321 0x05b4 lltdsvc - ok
16:16:02.0336 0x05b4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:16:02.0352 0x05b4 lmhosts - ok
16:16:02.0383 0x05b4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:16:02.0383 0x05b4 LSI_FC - ok
16:16:02.0399 0x05b4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:16:02.0414 0x05b4 LSI_SAS - ok
16:16:02.0414 0x05b4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:16:02.0430 0x05b4 LSI_SAS2 - ok
16:16:02.0445 0x05b4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:16:02.0445 0x05b4 LSI_SCSI - ok
16:16:02.0477 0x05b4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
16:16:02.0508 0x05b4 luafv - ok
16:16:02.0523 0x05b4 lxbk_device - ok
16:16:02.0539 0x05b4 [ E5ECF40E5FD459141E5F6685FFD51804, A120A6184AB16864E8A5F1DFD0CD178FCA541DE463B5CEF946E18C34B9B6F716 ] Lycosa C:\Windows\system32\drivers\Lycosa.sys
16:16:02.0555 0x05b4 Lycosa - ok
16:16:02.0570 0x05b4 [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
16:16:02.0570 0x05b4 MBfilt - ok
16:16:02.0711 0x05b4 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
16:16:02.0711 0x05b4 mcdbus - ok
16:16:02.0726 0x05b4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:16:02.0742 0x05b4 Mcx2Svc - ok
16:16:02.0757 0x05b4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
16:16:02.0757 0x05b4 megasas - ok
16:16:02.0789 0x05b4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:16:02.0804 0x05b4 MegaSR - ok
16:16:02.0835 0x05b4 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:16:02.0835 0x05b4 MEIx64 - ok
16:16:02.0867 0x05b4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
16:16:02.0882 0x05b4 MMCSS - ok
16:16:02.0898 0x05b4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
16:16:02.0913 0x05b4 Modem - ok
16:16:02.0945 0x05b4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:16:02.0945 0x05b4 monitor - ok
16:16:02.0976 0x05b4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:16:02.0976 0x05b4 mouclass - ok
16:16:03.0007 0x05b4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:16:03.0007 0x05b4 mouhid - ok
16:16:03.0023 0x05b4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:16:03.0038 0x05b4 mountmgr - ok
16:16:03.0038 0x05b4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:16:03.0054 0x05b4 mpio - ok
16:16:03.0069 0x05b4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:16:03.0085 0x05b4 mpsdrv - ok
16:16:03.0116 0x05b4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:16:03.0147 0x05b4 MpsSvc - ok
16:16:03.0179 0x05b4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:16:03.0210 0x05b4 MRxDAV - ok
16:16:03.0225 0x05b4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:16:03.0241 0x05b4 mrxsmb - ok
16:16:03.0257 0x05b4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:16:03.0272 0x05b4 mrxsmb10 - ok
16:16:03.0288 0x05b4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:16:03.0288 0x05b4 mrxsmb20 - ok
16:16:03.0335 0x05b4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
16:16:03.0335 0x05b4 msahci - ok
16:16:03.0366 0x05b4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:16:03.0366 0x05b4 msdsm - ok
16:16:03.0381 0x05b4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
16:16:03.0397 0x05b4 MSDTC - ok
16:16:03.0413 0x05b4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:16:03.0428 0x05b4 Msfs - ok
16:16:03.0428 0x05b4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:16:03.0444 0x05b4 mshidkmdf - ok
16:16:03.0459 0x05b4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:16:03.0459 0x05b4 msisadrv - ok
16:16:03.0506 0x05b4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:16:03.0522 0x05b4 MSiSCSI - ok
16:16:03.0522 0x05b4 msiserver - ok
16:16:03.0553 0x05b4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:16:03.0569 0x05b4 MSKSSRV - ok
16:16:03.0569 0x05b4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:16:03.0600 0x05b4 MSPCLOCK - ok
16:16:03.0600 0x05b4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:16:03.0615 0x05b4 MSPQM - ok
16:16:03.0631 0x05b4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:16:03.0647 0x05b4 MsRPC - ok
16:16:03.0662 0x05b4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:16:03.0662 0x05b4 mssmbios - ok
16:16:03.0678 0x05b4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:16:03.0693 0x05b4 MSTEE - ok
16:16:03.0693 0x05b4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:16:03.0709 0x05b4 MTConfig - ok
16:16:03.0725 0x05b4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
16:16:03.0725 0x05b4 Mup - ok
16:16:03.0756 0x05b4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
16:16:03.0787 0x05b4 napagent - ok
16:16:03.0818 0x05b4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:16:03.0834 0x05b4 NativeWifiP - ok
16:16:03.0881 0x05b4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
16:16:03.0912 0x05b4 NDIS - ok
16:16:03.0927 0x05b4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:16:03.0943 0x05b4 NdisCap - ok
16:16:03.0974 0x05b4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:16:03.0990 0x05b4 NdisTapi - ok
16:16:04.0005 0x05b4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:16:04.0021 0x05b4 Ndisuio - ok
16:16:04.0037 0x05b4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:16:04.0068 0x05b4 NdisWan - ok
16:16:04.0068 0x05b4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:16:04.0083 0x05b4 NDProxy - ok
16:16:04.0115 0x05b4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:16:04.0146 0x05b4 NetBIOS - ok
16:16:04.0161 0x05b4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:16:04.0177 0x05b4 NetBT - ok
16:16:04.0193 0x05b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
16:16:04.0193 0x05b4 Netlogon - ok
16:16:04.0224 0x05b4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
16:16:04.0255 0x05b4 Netman - ok
16:16:04.0333 0x05b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:16:04.0333 0x05b4 NetMsmqActivator - ok
16:16:04.0364 0x05b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:16:04.0364 0x05b4 NetPipeActivator - ok
16:16:04.0380 0x05b4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
16:16:04.0411 0x05b4 netprofm - ok
16:16:04.0458 0x05b4 [ F3A1D8B7317939813568992D1BFDDE37, 816829E4B8DF5C6A2B09685ED45E844D8DE2C2721C90490A2957227025D057A0 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
16:16:04.0489 0x05b4 netr7364 - ok
16:16:04.0505 0x05b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:16:04.0520 0x05b4 NetTcpActivator - ok
16:16:04.0520 0x05b4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:16:04.0536 0x05b4 NetTcpPortSharing - ok
16:16:04.0567 0x05b4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:16:04.0567 0x05b4 nfrd960 - ok
16:16:04.0583 0x05b4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:16:04.0598 0x05b4 NlaSvc - ok
16:16:04.0614 0x05b4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:16:04.0629 0x05b4 Npfs - ok
16:16:04.0661 0x05b4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
16:16:04.0676 0x05b4 nsi - ok
16:16:04.0676 0x05b4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:16:04.0692 0x05b4 nsiproxy - ok
16:16:04.0770 0x05b4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:16:04.0817 0x05b4 Ntfs - ok
16:16:04.0832 0x05b4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
16:16:04.0848 0x05b4 Null - ok
16:16:04.0895 0x05b4 [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:16:04.0910 0x05b4 NVHDA - ok
16:16:05.0207 0x05b4 [ 757ACE4D4C9FF0571F86AA5D586B45E8, E7F23CC1DE26E2DAA690B78B05FC001EE0051F0ED9B9BCE9E7FA4E9684D4F3D4 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:16:05.0503 0x05b4 nvlddmkm - ok
16:16:05.0565 0x05b4 [ D2FE0376285A783693469422678E878B, 9F0B1A6694CA7BDAAA3B26BE1D344A3FC7B98162518A259C273360EFF075CD75 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
16:16:05.0612 0x05b4 NvNetworkService - ok
16:16:05.0643 0x05b4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:16:05.0643 0x05b4 nvraid - ok
16:16:05.0659 0x05b4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:16:05.0675 0x05b4 nvstor - ok
16:16:06.0096 0x05b4 [ 4F0E2990DB12849D428DE7B0AC5D92B9, 77A058EFFE07E46F0DFF419DC1C204C245598E6A6F6EDFF545802D9C1573EAA0 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
16:16:06.0501 0x05b4 NvStreamSvc - ok
16:16:06.0579 0x05b4 [ 1C7CC708AC4A02A3BE8915539780534A, 0EBDE100880963BF1EC05002BA244CA7700693E958D1974CDD2AC3927D93224F ] nvsvc C:\Windows\system32\nvvsvc.exe
16:16:06.0595 0x05b4 nvsvc - ok
16:16:06.0642 0x05b4 [ 939C0FAE9CC0CDD69E6508BDE4C11FE5, 1E82FF4A8797A0EC5DF0E54DE7F358542C73FFFBECADDF86ED66839182E3B55D ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:16:06.0642 0x05b4 nvvad_WaveExtensible - ok
16:16:06.0657 0x05b4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:16:06.0673 0x05b4 nv_agp - ok
16:16:06.0689 0x05b4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:16:06.0689 0x05b4 ohci1394 - ok
16:16:06.0720 0x05b4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:16:06.0751 0x05b4 p2pimsvc - ok
16:16:06.0782 0x05b4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
16:16:06.0798 0x05b4 p2psvc - ok
16:16:06.0798 0x05b4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
16:16:06.0813 0x05b4 Parport - ok
16:16:06.0829 0x05b4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:16:06.0845 0x05b4 partmgr - ok
16:16:06.0860 0x05b4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
16:16:06.0876 0x05b4 PcaSvc - ok
16:16:06.0876 0x05b4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
16:16:06.0891 0x05b4 pci - ok
16:16:06.0923 0x05b4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
16:16:06.0923 0x05b4 pciide - ok
16:16:06.0938 0x05b4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:16:06.0954 0x05b4 pcmcia - ok
16:16:06.0969 0x05b4 [ 8B45FC1EB90119D9EF46B46A89864189, 7284C8D2727948614F55AC8B10ED33AE9817B91A6D753130969CB4A7EFD313B4 ] Pcouffin64 C:\Windows\system32\Drivers\pcouffin64a.sys
16:16:06.0969 0x05b4 Pcouffin64 - detected UnsignedFile.Multi.Generic ( 1 )
16:16:06.0969 0x05b4 Pcouffin64 ( UnsignedFile.Multi.Generic ) - warning
16:16:06.0985 0x05b4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
16:16:06.0985 0x05b4 pcw - ok
16:16:07.0001 0x05b4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:16:07.0032 0x05b4 PEAUTH - ok
16:16:07.0094 0x05b4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:16:07.0110 0x05b4 PerfHost - ok
16:16:07.0157 0x05b4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
16:16:07.0219 0x05b4 pla - ok
16:16:07.0266 0x05b4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:16:07.0281 0x05b4 PlugPlay - ok
16:16:07.0297 0x05b4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:16:07.0297 0x05b4 PNRPAutoReg - ok
16:16:07.0313 0x05b4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:16:07.0328 0x05b4 PNRPsvc - ok
16:16:07.0359 0x05b4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:16:07.0391 0x05b4 PolicyAgent - ok
16:16:07.0406 0x05b4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
16:16:07.0437 0x05b4 Power - ok
16:16:07.0469 0x05b4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:16:07.0500 0x05b4 PptpMiniport - ok
16:16:07.0531 0x05b4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
16:16:07.0531 0x05b4 Processor - ok
16:16:07.0578 0x05b4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
16:16:07.0593 0x05b4 ProfSvc - ok
16:16:07.0609 0x05b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:16:07.0609 0x05b4 ProtectedStorage - ok
16:16:07.0625 0x05b4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:16:07.0640 0x05b4 Psched - ok
16:16:07.0687 0x05b4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:16:07.0734 0x05b4 ql2300 - ok
16:16:07.0765 0x05b4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:16:07.0765 0x05b4 ql40xx - ok
16:16:07.0796 0x05b4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
16:16:07.0812 0x05b4 QWAVE - ok
16:16:07.0827 0x05b4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:16:07.0827 0x05b4 QWAVEdrv - ok
16:16:07.0843 0x05b4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:16:07.0859 0x05b4 RasAcd - ok
16:16:07.0874 0x05b4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:16:07.0905 0x05b4 RasAgileVpn - ok
16:16:07.0905 0x05b4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
16:16:07.0937 0x05b4 RasAuto - ok
16:16:07.0937 0x05b4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:16:07.0968 0x05b4 Rasl2tp - ok
16:16:07.0983 0x05b4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
16:16:08.0015 0x05b4 RasMan - ok
16:16:08.0030 0x05b4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:16:08.0046 0x05b4 RasPppoe - ok
16:16:08.0061 0x05b4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:16:08.0077 0x05b4 RasSstp - ok
16:16:08.0093 0x05b4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:16:08.0124 0x05b4 rdbss - ok
16:16:08.0139 0x05b4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:16:08.0139 0x05b4 rdpbus - ok
16:16:08.0155 0x05b4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:16:08.0171 0x05b4 RDPCDD - ok
16:16:08.0202 0x05b4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:16:08.0217 0x05b4 RDPENCDD - ok
16:16:08.0217 0x05b4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:16:08.0249 0x05b4 RDPREFMP - ok
16:16:08.0264 0x05b4 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:16:08.0295 0x05b4 RDPWD - ok
16:16:08.0311 0x05b4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:16:08.0327 0x05b4 rdyboost - ok
16:16:08.0342 0x05b4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:16:08.0373 0x05b4 RemoteAccess - ok
16:16:08.0405 0x05b4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:16:08.0420 0x05b4 RemoteRegistry - ok
16:16:08.0514 0x05b4 [ BF82E4568DE72E71219136C59523A286, 385BBCD36E3CAD3C02BA85518A65ADB107227EC000CF76CCD092261F84240E1D ] RIM MDNS C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
16:16:08.0514 0x05b4 RIM MDNS - detected UnsignedFile.Multi.Generic ( 1 )
16:16:08.0514 0x05b4 RIM MDNS ( UnsignedFile.Multi.Generic ) - warning
16:16:08.0561 0x05b4 [ 277745CAFDA28AE89C61C61A4FAA2F9F, EDB1BF305D7B1BA3CAEB8D5E1E2132395CD77AAB9175B94CFB8B1C0CB869DF77 ] RIM Tunnel Service C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
16:16:08.0607 0x05b4 RIM Tunnel Service - detected UnsignedFile.Multi.Generic ( 1 )
16:16:08.0607 0x05b4 RIM Tunnel Service ( UnsignedFile.Multi.Generic ) - warning
16:16:08.0639 0x05b4 [ 13D2E03E86B34C21D108770E0B5115BB, 8A1695188DD69C377C3B3BEC0B07F5D0F4D19651D7D984BD91F0D78E6B630CC6 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:16:08.0654 0x05b4 RimUsb - ok
16:16:08.0670 0x05b4 [ 1A727518FC53C741676118EE214F09BC, 7C9F9C38E804A9ED83B65620838E5576949589640576D63F6BFD63FAEEB134FF ] rimvndis C:\Windows\system32\Drivers\rimvndis6_AMD64.sys
16:16:08.0685 0x05b4 rimvndis - ok
16:16:08.0717 0x05b4 [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:16:08.0717 0x05b4 RimVSerPort - ok
16:16:08.0748 0x05b4 [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
16:16:08.0763 0x05b4 ROOTMODEM - ok
16:16:08.0795 0x05b4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:16:08.0826 0x05b4 RpcEptMapper - ok
16:16:08.0841 0x05b4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
16:16:08.0841 0x05b4 RpcLocator - ok
16:16:08.0857 0x05b4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
16:16:08.0888 0x05b4 RpcSs - ok
16:16:08.0919 0x05b4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:16:08.0935 0x05b4 rspndr - ok
16:16:08.0982 0x05b4 [ 6CF9DB101A75360E98659F823852E540, A7D48DF41A831EEF9978B51786EF80DB9CC40602BE66D46CA11BE1548BC2D10C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:16:08.0997 0x05b4 RTL8167 - ok
16:16:08.0997 0x05b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
16:16:09.0013 0x05b4 SamSs - ok
16:16:09.0013 0x05b4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:16:09.0029 0x05b4 sbp2port - ok
16:16:09.0044 0x05b4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:16:09.0075 0x05b4 SCardSvr - ok
16:16:09.0091 0x05b4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:16:09.0107 0x05b4 scfilter - ok
16:16:09.0138 0x05b4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
16:16:09.0185 0x05b4 Schedule - ok
16:16:09.0216 0x05b4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:16:09.0231 0x05b4 SCPolicySvc - ok
16:16:09.0247 0x05b4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:16:09.0263 0x05b4 SDRSVC - ok
16:16:09.0278 0x05b4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:16:09.0309 0x05b4 secdrv - ok
16:16:09.0309 0x05b4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
16:16:09.0325 0x05b4 seclogon - ok
16:16:09.0325 0x05b4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
16:16:09.0356 0x05b4 SENS - ok
16:16:09.0372 0x05b4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:16:09.0387 0x05b4 SensrSvc - ok
16:16:09.0403 0x05b4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:16:09.0403 0x05b4 Serenum - ok
16:16:09.0419 0x05b4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:16:09.0434 0x05b4 Serial - ok
16:16:09.0450 0x05b4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:16:09.0450 0x05b4 sermouse - ok
16:16:09.0465 0x05b4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
16:16:09.0497 0x05b4 SessionEnv - ok
16:16:09.0497 0x05b4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:16:09.0512 0x05b4 sffdisk - ok
16:16:09.0512 0x05b4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:16:09.0528 0x05b4 sffp_mmc - ok
16:16:09.0528 0x05b4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:16:09.0543 0x05b4 sffp_sd - ok
16:16:09.0543 0x05b4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:16:09.0559 0x05b4 sfloppy - ok
16:16:09.0575 0x05b4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:16:09.0606 0x05b4 SharedAccess - ok
16:16:09.0621 0x05b4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:16:09.0637 0x05b4 ShellHWDetection - ok
16:16:09.0653 0x05b4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:16:09.0653 0x05b4 SiSRaid2 - ok
16:16:09.0668 0x05b4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:16:09.0684 0x05b4 SiSRaid4 - ok
16:16:09.0715 0x05b4 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:16:09.0715 0x05b4 SkypeUpdate - ok
16:16:09.0731 0x05b4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:16:09.0762 0x05b4 Smb - ok
16:16:09.0777 0x05b4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:16:09.0793 0x05b4 SNMPTRAP - ok
16:16:09.0793 0x05b4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
16:16:09.0809 0x05b4 spldr - ok
16:16:09.0840 0x05b4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
16:16:09.0855 0x05b4 Spooler - ok
16:16:09.0933 0x05b4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
16:16:10.0043 0x05b4 sppsvc - ok
16:16:10.0058 0x05b4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:16:10.0089 0x05b4 sppuinotify - ok
16:16:10.0105 0x05b4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:16:10.0136 0x05b4 srv - ok
16:16:10.0167 0x05b4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:16:10.0167 0x05b4 srv2 - ok
16:16:10.0183 0x05b4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:16:10.0199 0x05b4 srvnet - ok
16:16:10.0214 0x05b4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:16:10.0230 0x05b4 SSDPSRV - ok
16:16:10.0245 0x05b4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:16:10.0261 0x05b4 SstpSvc - ok
16:16:10.0339 0x05b4 [ CDA9313E34887A111B8309B55BCDCD82, AC070AA093B7013E4D1B29F4FAF9B469C3C261E4D3D1512B4F77CC609CBD1484 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:16:10.0339 0x05b4 Stereo Service - ok
16:16:10.0370 0x05b4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:16:10.0370 0x05b4 stexstor - ok
16:16:10.0417 0x05b4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
16:16:10.0448 0x05b4 stisvc - ok
16:16:10.0448 0x05b4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:16:10.0464 0x05b4 swenum - ok
16:16:10.0479 0x05b4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
16:16:10.0511 0x05b4 swprv - ok
16:16:10.0573 0x05b4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
16:16:10.0635 0x05b4 SysMain - ok
16:16:10.0651 0x05b4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:16:10.0667 0x05b4 TabletInputService - ok
16:16:10.0682 0x05b4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
16:16:10.0713 0x05b4 TapiSrv - ok
16:16:10.0713 0x05b4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
16:16:10.0745 0x05b4 TBS - ok
16:16:10.0807 0x05b4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:16:10.0869 0x05b4 Tcpip - ok
16:16:10.0901 0x05b4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:16:10.0932 0x05b4 TCPIP6 - ok
16:16:10.0963 0x05b4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:16:10.0963 0x05b4 tcpipreg - ok
16:16:10.0994 0x05b4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:16:11.0010 0x05b4 TDPIPE - ok
16:16:11.0025 0x05b4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:16:11.0025 0x05b4 TDTCP - ok
16:16:11.0057 0x05b4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:16:11.0088 0x05b4 tdx - ok
16:16:11.0088 0x05b4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:16:11.0088 0x05b4 TermDD - ok
16:16:11.0135 0x05b4 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
16:16:11.0166 0x05b4 TermService - ok
16:16:11.0181 0x05b4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
16:16:11.0197 0x05b4 Themes - ok
16:16:11.0213 0x05b4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
16:16:11.0228 0x05b4 THREADORDER - ok
16:16:11.0244 0x05b4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
16:16:11.0259 0x05b4 TrkWks - ok
16:16:11.0306 0x05b4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:16:11.0337 0x05b4 TrustedInstaller - ok
16:16:11.0369 0x05b4 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:16:11.0384 0x05b4 tssecsrv - ok
16:16:11.0400 0x05b4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:16:11.0415 0x05b4 TsUsbFlt - ok
16:16:11.0447 0x05b4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:16:11.0447 0x05b4 TsUsbGD - ok
16:16:11.0478 0x05b4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:16:11.0493 0x05b4 tunnel - ok
16:16:11.0509 0x05b4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:16:11.0509 0x05b4 uagp35 - ok
16:16:11.0540 0x05b4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:16:11.0556 0x05b4 udfs - ok
16:16:11.0587 0x05b4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:16:11.0603 0x05b4 UI0Detect - ok
16:16:11.0603 0x05b4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:16:11.0603 0x05b4 uliagpkx - ok
16:16:11.0618 0x05b4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:16:11.0634 0x05b4 umbus - ok
16:16:11.0634 0x05b4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
16:16:11.0634 0x05b4 UmPass - ok
16:16:11.0649 0x05b4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
16:16:11.0681 0x05b4 upnphost - ok
16:16:11.0712 0x05b4 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:16:11.0727 0x05b4 USBAAPL64 - ok
16:16:11.0774 0x05b4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:16:11.0790 0x05b4 usbaudio - ok
16:16:11.0821 0x05b4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:16:11.0837 0x05b4 usbccgp - ok
16:16:11.0868 0x05b4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:16:11.0899 0x05b4 usbcir - ok
16:16:11.0930 0x05b4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:16:11.0930 0x05b4 usbehci - ok
16:16:11.0961 0x05b4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:16:11.0961 0x05b4 usbhub - ok
16:16:12.0008 0x05b4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:16:12.0008 0x05b4 usbohci - ok
16:16:12.0039 0x05b4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:16:12.0055 0x05b4 usbprint - ok
16:16:12.0071 0x05b4 [ 2C42E595E7E381596B9A14F88F5AE027, 948C2AD7FA0B01184312D1ABE43F2F3D85A934CF0658A8B2BDF9F0919568377B ] usbrndis6 C:\Windows\system32\DRIVERS\usb80236.sys
16:16:12.0071 0x05b4 usbrndis6 - ok
16:16:12.0102 0x05b4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:16:12.0117 0x05b4 usbscan - ok
16:16:12.0149 0x05b4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:16:12.0164 0x05b4 USBSTOR - ok
16:16:12.0180 0x05b4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:16:12.0195 0x05b4 usbuhci - ok
16:16:12.0227 0x05b4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:16:12.0242 0x05b4 usbvideo - ok
16:16:12.0258 0x05b4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
16:16:12.0273 0x05b4 UxSms - ok
16:16:12.0289 0x05b4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
16:16:12.0289 0x05b4 VaultSvc - ok
16:16:12.0320 0x05b4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:16:12.0320 0x05b4 vdrvroot - ok
16:16:12.0351 0x05b4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
16:16:12.0383 0x05b4 vds - ok
16:16:12.0398 0x05b4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:16:12.0398 0x05b4 vga - ok
16:16:12.0414 0x05b4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:16:12.0429 0x05b4 VgaSave - ok
16:16:12.0445 0x05b4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:16:12.0461 0x05b4 vhdmp - ok
16:16:12.0476 0x05b4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
16:16:12.0476 0x05b4 viaide - ok
16:16:12.0492 0x05b4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:16:12.0507 0x05b4 volmgr - ok
16:16:12.0523 0x05b4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:16:12.0539 0x05b4 volmgrx - ok
16:16:12.0554 0x05b4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:16:12.0570 0x05b4 volsnap - ok
16:16:12.0585 0x05b4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:16:12.0585 0x05b4 vsmraid - ok
16:16:12.0632 0x05b4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
16:16:12.0695 0x05b4 VSS - ok
16:16:12.0710 0x05b4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:16:12.0726 0x05b4 vwifibus - ok
16:16:12.0726 0x05b4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:16:12.0741 0x05b4 vwififlt - ok
16:16:12.0757 0x05b4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
16:16:12.0788 0x05b4 W32Time - ok
16:16:12.0804 0x05b4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:16:12.0804 0x05b4 WacomPen - ok
16:16:12.0835 0x05b4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:16:12.0851 0x05b4 WANARP - ok
16:16:12.0866 0x05b4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:16:12.0882 0x05b4 Wanarpv6 - ok
16:16:12.0929 0x05b4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:16:12.0975 0x05b4 WatAdminSvc - ok
16:16:13.0022 0x05b4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
16:16:13.0069 0x05b4 wbengine - ok
16:16:13.0085 0x05b4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:16:13.0100 0x05b4 WbioSrvc - ok
16:16:13.0116 0x05b4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:16:13.0131 0x05b4 wcncsvc - ok
16:16:13.0131 0x05b4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:16:13.0163 0x05b4 WcsPlugInService - ok
16:16:13.0178 0x05b4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
16:16:13.0178 0x05b4 Wd - ok
16:16:13.0225 0x05b4 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:16:13.0241 0x05b4 WDC_SAM - ok
16:16:13.0287 0x05b4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:16:13.0303 0x05b4 Wdf01000 - ok
16:16:13.0334 0x05b4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:16:13.0397 0x05b4 WdiServiceHost - ok
16:16:13.0397 0x05b4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:16:13.0397 0x05b4 WdiSystemHost - ok
16:16:13.0443 0x05b4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
16:16:13.0459 0x05b4 WebClient - ok
16:16:13.0459 0x05b4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:16:13.0490 0x05b4 Wecsvc - ok
16:16:13.0506 0x05b4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:16:13.0521 0x05b4 wercplsupport - ok
16:16:13.0537 0x05b4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
16:16:13.0568 0x05b4 WerSvc - ok
16:16:13.0599 0x05b4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:16:13.0615 0x05b4 WfpLwf - ok
16:16:13.0631 0x05b4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:16:13.0631 0x05b4 WIMMount - ok
16:16:13.0662 0x05b4 WinDefend - ok
16:16:13.0677 0x05b4 WinHttpAutoProxySvc - ok
16:16:13.0709 0x05b4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:16:13.0740 0x05b4 Winmgmt - ok
16:16:13.0787 0x05b4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
16:16:13.0849 0x05b4 WinRM - ok
16:16:13.0880 0x05b4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:16:13.0880 0x05b4 WinUsb - ok
16:16:13.0911 0x05b4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:16:13.0943 0x05b4 Wlansvc - ok
16:16:14.0067 0x05b4 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:16:14.0130 0x05b4 wlidsvc - ok
16:16:14.0161 0x05b4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:16:14.0161 0x05b4 WmiAcpi - ok
16:16:14.0192 0x05b4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:16:14.0192 0x05b4 wmiApSrv - ok
16:16:14.0208 0x05b4 WMPNetworkSvc - ok
16:16:14.0208 0x05b4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:16:14.0239 0x05b4 WPCSvc - ok
16:16:14.0255 0x05b4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:16:14.0270 0x05b4 WPDBusEnum - ok
16:16:14.0286 0x05b4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:16:14.0301 0x05b4 ws2ifsl - ok
16:16:14.0317 0x05b4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
16:16:14.0333 0x05b4 wscsvc - ok
16:16:14.0333 0x05b4 WSearch - ok
16:16:14.0395 0x05b4 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
16:16:14.0457 0x05b4 wuauserv - ok
16:16:14.0504 0x05b4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:16:14.0520 0x05b4 WudfPf - ok
16:16:14.0535 0x05b4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:16:14.0551 0x05b4 WUDFRd - ok
16:16:14.0567 0x05b4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:16:14.0567 0x05b4 wudfsvc - ok
16:16:14.0598 0x05b4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:16:14.0613 0x05b4 WwanSvc - ok
16:16:14.0645 0x05b4 ================ Scan global ===============================
16:16:14.0676 0x05b4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:16:14.0691 0x05b4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:16:14.0707 0x05b4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:16:14.0738 0x05b4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:16:14.0754 0x05b4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:16:14.0769 0x05b4 [ Global ] - ok
16:16:14.0769 0x05b4 ================ Scan MBR ==================================
16:16:14.0769 0x05b4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:16:15.0003 0x05b4 \Device\Harddisk0\DR0 - ok
16:16:15.0003 0x05b4 ================ Scan VBR ==================================
16:16:15.0003 0x05b4 [ 8273093FC9BF2C61432ABF13CADF42B2 ] \Device\Harddisk0\DR0\Partition1
16:16:15.0003 0x05b4 \Device\Harddisk0\DR0\Partition1 - ok
16:16:15.0003 0x05b4 [ EA0C5DF4B48F7F8A35B9AF8D21969941 ] \Device\Harddisk0\DR0\Partition2
16:16:15.0003 0x05b4 \Device\Harddisk0\DR0\Partition2 - ok
16:16:15.0113 0x05b4 AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4592 ), 0x41000 ( enabled : updated )
16:16:15.0128 0x05b4 Win FW state via NFP2: enabled
16:16:15.0128 0x05b4 ============================================================
16:16:15.0128 0x05b4 Scan finished
16:16:15.0128 0x05b4 ============================================================
16:16:15.0128 0x05ac Detected object count: 4
16:16:15.0128 0x05ac Actual detected object count: 4
16:17:03.0192 0x05ac BlackBerry Device Manager ( UnsignedFile.Multi.Generic ) - skipped by user
16:17:03.0192 0x05ac BlackBerry Device Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:17:03.0192 0x05ac Pcouffin64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:17:03.0192 0x05ac Pcouffin64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:17:03.0192 0x05ac RIM MDNS ( UnsignedFile.Multi.Generic ) - skipped by user
16:17:03.0192 0x05ac RIM MDNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:17:03.0207 0x05ac RIM Tunnel Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:17:03.0207 0x05ac RIM Tunnel Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:17:07.0997 0x053c Deinitialize success


----------



## RushMaster (Jun 27, 2007)

I should mention that my D:/ disc drive is no longer displaying that it exists when i go into my computer. She's heading for the grave yard lol.


----------



## Mark1956 (May 7, 2011)

Ok, we have checked most things and got back to where we were before you ran the System Restore.

We need to try and get the system running before we can check out your external drive.

Next thing to try is to run this tool:

Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first, just follow the prompts when you run it.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.[/quote


----------



## RushMaster (Jun 27, 2007)

With my recent problem of scans locking up during use, should i run it in safe mode to avoid any possible bad outcomes?


----------



## Mark1956 (May 7, 2011)

Give it a shot in Normal mode first then go to Safe Mode if it fails to run. Be aware that if it finds Malware it can take some time to complete and you must make sure your Anti Virus is disabled and you close any running programs and your browsers, be patient with it and don't click on anything while it is running.


----------



## RushMaster (Jun 27, 2007)

I couldn't get it to open in normal mode. It would just load for a few seconds and then....nothing.

safe mode worked. However my issues still remain even after running combofix. Now im worried. Combofix has always been the failsafe in the past. This must be MAJOR.

ComboFix 14-05-19.01 - Millar 05/20/2014 18:34:33.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6799 [GMT -4:00]
Running from: c:\users\Millar\Desktop\name.exe.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Millar\AppData\Roaming\856
c:\windows\SysWow64\out.txt
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-04-20 to 2014-05-20 )))))))))))))))))))))))))))))))
.
.
2014-05-20 22:39 . 2014-05-20 22:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-20 16:06 . 2014-05-20 16:06	--------	d-----w-	c:\program files\CCleaner
2014-05-20 15:29 . 2014-05-20 15:29	--------	d-----w-	c:\program files (x86)\RegCleaner
2014-05-20 03:10 . 2014-05-20 03:13	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-05-16 19:31 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-16 19:31 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-16 19:31 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-16 19:31 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-16 19:23 . 2014-05-16 19:23	--------	d-----w-	c:\program files\iPod
2014-05-16 19:23 . 2014-05-16 19:24	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-16 19:23 . 2014-05-16 19:24	--------	d-----w-	c:\program files\iTunes
2014-05-16 19:23 . 2014-05-16 19:24	--------	d-----w-	c:\program files (x86)\iTunes
2014-05-16 19:11 . 2010-08-30 12:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-05-16 18:42 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-05-16 18:42 . 2014-05-09 06:14	477184	----a-w-	c:\windows\system32\aepdu.dll
2014-05-16 18:42 . 2014-05-09 06:11	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-16 18:37 . 2014-05-20 16:17	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-16 18:35 . 2014-05-16 18:35	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-16 18:35 . 2014-04-03 13:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-16 18:35 . 2014-04-03 13:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-16 13:58 . 2014-05-16 13:58	--------	d-----w-	c:\users\Millar\AppData\Roaming\SUPERAntiSpyware.com
2014-05-16 13:57 . 2014-05-16 18:29	--------	d-----w-	c:\program files\SUPERAntiSpyware
2014-05-16 13:57 . 2014-05-16 13:57	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2014-05-16 13:20 . 2014-05-20 19:14	--------	d-----w-	C:\FRST
2014-05-15 21:20 . 2014-05-20 16:28	--------	d-----w-	C:\AdwCleaner
2014-05-15 20:51 . 2014-05-15 20:51	--------	d-----w-	C:\$WINDOWS.~BT
2014-05-15 17:39 . 2014-05-15 17:39	--------	d-sh--w-	c:\users\Millar\AppData\Local\EmieUserList
2014-05-15 17:39 . 2014-05-15 17:39	--------	d-sh--w-	c:\users\Millar\AppData\Local\EmieSiteList
2014-05-14 17:24 . 2014-05-14 17:24	--------	d-----w-	c:\users\Millar\AppData\Local\AOL
2014-05-13 18:20 . 2014-05-13 18:20	235800	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2014-05-13 18:06 . 2014-05-13 18:06	323352	----a-w-	c:\windows\system32\drivers\avgloga.sys
2014-05-13 18:05 . 2014-05-13 18:05	130328	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 18:04 . 2014-05-13 18:04	31512	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2014-05-07 00:00 . 2014-05-16 19:37	--------	d-s---w-	c:\windows\system32\CompatTel
2014-04-21 16:14 . 2014-04-15 00:13	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-16 19:29 . 2013-01-08 02:48	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-04-18 19:01 . 2014-04-18 19:01	237336	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2014-04-03 13:50 . 2013-01-08 03:38	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-03-31 20:20 . 2014-03-31 20:20	274200	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-03-28 02:14 . 2014-03-28 02:14	192792	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2014-03-28 02:14 . 2014-03-28 02:14	153368	----a-w-	c:\windows\system32\drivers\avgdiska.sys
2014-03-06 09:31 . 2014-04-17 21:12	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-17 21:11	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-17 21:12	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-17 21:11	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-17 21:11	2767360	----a-w-	c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-17 21:11	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-17 21:12	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-17 21:12	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-17 21:11	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-17 21:11	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-17 21:11	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-17 21:11	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-17 21:11	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-17 21:11	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-17 21:12	586240	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-17 21:11	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-17 21:12	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-17 21:11	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-17 21:12	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-17 21:11	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-17 21:11	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-17 21:11	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-17 21:11	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-17 21:11	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-17 21:11	628736	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-17 21:11	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-17 21:11	2043904	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-17 21:11	13551104	----a-w-	c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-17 21:11	1967104	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-17 21:11	2260480	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-17 21:11	1400832	----a-w-	c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-17 21:11	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-17 21:11	1789440	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-04 14:35 . 2014-04-14 17:09	9728064	----a-w-	c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-04-14 17:09	9690424	----a-w-	c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-04-14 17:09	892704	----a-w-	c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-04-14 17:09	877856	----a-w-	c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-04-14 17:09	863064	----a-w-	c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-04-14 17:09	846168	----a-w-	c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-04-14 17:09	832936	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-04-14 17:09	484296	----a-w-	c:\windows\system32\nvEncodeAPI64.dll
2014-03-04 14:35 . 2014-04-14 17:09	409544	----a-w-	c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-04 14:35 . 2014-04-14 17:09	377688	----a-w-	c:\windows\system32\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-04-14 17:09	353504	----a-w-	c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-04-14 17:09	333600	----a-w-	c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-04-14 17:09	31474976	----a-w-	c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-04-14 17:09	3143456	----a-w-	c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-04-14 17:09	305600	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-04-14 17:09	2958792	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-04-14 17:09	2783008	----a-w-	c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-04-14 17:09	25255256	----a-w-	c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-04-14 17:09	2411976	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-04-14 17:09	23716640	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-04-14 17:09	1885472	----a-w-	c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-04-14 17:09	17755424	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-04-14 17:09	17561544	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-04-14 17:09	174296	----a-w-	c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-04-14 17:09	15783992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-04-14 17:09	1516488	----a-w-	c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-04-14 17:09	148016	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-04-14 17:09	12708128	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-04-14 17:09	11636176	----a-w-	c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-04-14 17:09	11589272	----a-w-	c:\windows\system32\nvopencl.dll
2014-03-04 14:35 . 2014-02-19 04:29	2715264	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2013-02-26 04:32	14709720	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2013-02-26 04:32	3093280	----a-w-	c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2013-02-26 04:32	947808	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2013-02-26 04:32	18302384	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-03-04 13:06 . 2013-01-08 02:28	6714312	----a-w-	c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2013-01-08 02:28	3497816	----a-w-	c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2013-01-08 02:28	922968	----a-w-	c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2013-01-08 02:28	64968	----a-w-	c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2013-01-08 02:28	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2013-01-08 02:28	3649185	----a-w-	c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-04-14 17:12	599840	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:44 . 2014-04-10 14:08	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-10 14:08	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-10 14:08	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-10 14:08	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-10 14:08	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-10 14:08	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-10 14:08	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-10 14:08	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-10 14:08	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-10 14:08	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-10 14:08	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-08 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2007-05-07 159744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2014-01-21 443408]
"RIM PeerManager"="c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2014-01-22 4484608]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-15 152392]
.
c:\users\Millar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2014-1-24 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe;c:\windows\SYSNATIVE\lxbkcoms.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\Drivers\pcouffin64a.sys;c:\windows\SYSNATIVE\Drivers\pcouffin64a.sys [x]
R3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-20 19:24	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-20 19:23]
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-20 19:23]
.
2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{D3103DA3-9219-4F5A-A448-A88473116F6A}: NameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\02\14\03\13&G"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-20 18:40:52
ComboFix-quarantined-files.txt 2014-05-20 22:40
.
Pre-Run: 262,922,588,160 bytes free
Post-Run: 263,401,893,888 bytes free
.
- - End Of File - - 0E9E19E5192EE4820CC6CD2E25B3FFA3
A36C5E4F47E84449FF07ED3517B43A31


----------



## Mark1956 (May 7, 2011)

Ok, I think we are now at the stage when a Repair Install is getting close to being the next step, but there is one more thing we can try first.

I can see you have put two more programs on your system, CCLeaner and Reg Cleaner, that is not they way forward, registry cleaners are not going to fix this problem, in fact they could make it worse, they are not recommended and should never be used. Running a registry cleaner without expert knowledge of the registry is high risk, don't do it.

Give this routine a try, you will have to make the settings in Safe Mode and then boot back into Normal Mode and let me know how well it is running. If this works we then have to find what process or service is causing the problem when it is enabled.

If msconfig will not open in Safe Mode then stop and let me know. The next step will then be to run a Repair Install which I will give you all the instructions for and a link to download a copy of Windows 7 with SP1 if you do not have one.

*Selective Startup (Clean Boot)*


Click on *Start*







then type *msconfig* into the *Search* box and hit the* Enter* key.
This screen should appear with the settings as shown:











Click on the Services tab and you should see this, click on the box next to *Hide all Microsoft Services* so a check mark appears.











Now click on the General tab and check the boxes as shown:











When done click on *Apply* and then *OK*.
The window will close and you will see a notification with two choices, click on *Restart*.

Now run the system and check to see if the problem has been cured. Tell me the outcome in your next reply.


----------



## RushMaster (Jun 27, 2007)

I've uninstalled some programs since last checking with you, and for the moment, everything seems to be working normal again. I got rid of itunes and nero burning software, as i had a feeling that might be where the conflict was. Since doing that, ive been able to open anything i want within normal mode without issue. I also youtubed a video that helped me get my D drive back and its back up and running again. I was just able to bring up msconfig and regedit again (not that ive ever needed to really get into them, but by not being able to, i knew something was seriously wrong) and now i can get into them again, so i have to assume things are working fine. I'm going to do a few restarts though and make sure things stay the same and don't revert back. Maybe i just got lucky on one random startup right? I'll post back with results shortly.

EDIT: I should also mention that i do want to be able to get itunes back at some point, but now that it wont interfere with Nero (not going to re-install that) im hoping there wont be any issue.


----------



## RushMaster (Jun 27, 2007)

Just did a restart and everything still seems to be working fine. Should I go ahead and try the msconfig idea or no? I want to attempt to re-install itunes now and see if things still stay working...


----------



## Mark1956 (May 7, 2011)

That is quite a surprise, iTunes and Nero are both popular programs, I have them both on my system, I've never seen any issues caused by either of them. Glad to hear it is now fixed.

If you re-install them you should soon see if the conflict returns.

We now need to clean up the tools use and do a final check on your important programs.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.

==========================================

To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







and type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).











Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).

*Next*


Download *OTC* by OldTimer and save it to your *desktop.*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose *Run as Administrator*
Then Click the big







button.
You will get a prompt saying "_Begin Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.

-- Doing this will *remove* any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

*Please post back when this is complete and let me know if you have had any problems.*


----------



## RushMaster (Jun 27, 2007)

Yeah I can't explain it. I also did a very extensive removal of java and re-installed that. It was causing quite a few problems as well. Had to use JavaRa to completely remove it and install it again. But since doing that and doing a removal of Nero and iTunes things seem to be back in order. I had to modify a registry key in my D: drive that causing conflict with the burning software of Nero and iTunes. That may have done something too. I didn't exactly do one thing at a time as to find out exactly what it was. But one of those seems to have done the trick.

Results of screen317's Security Check version 0.99.83 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2014 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Adobe Reader XI 
Google Chrome 35.0.1916.114 
*````````Process Check: objlist.exe by Laurent````````* 
AVG avgwdsvc.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 1% 
*````````````````````End of Log``````````````````````*


----------



## Mark1956 (May 7, 2011)

This one is a bit of a mystery for sure.

Have you run the Combofix removal as that is quite important to follow?

The security check isn't showing Java, as it normally does.

Go here: http://www.java.com/en/download/testjava.jsp click on the big red button to verify the Java you have installed.


----------



## RushMaster (Jun 27, 2007)

I tried removing combofix using the method you described and somehow instead ended up running it by mistake. Once you start it you can't stop, and unfortunately I didn't get the option to disable my AVG anti-virus in time :s...Hopefully that didn't cause any harm. I figure I might as well post the log for you to see just in case. The run prompt method of uninstalling it didnt work so i tried renaming it to uninstall.exe and double click it and it just opened. Should I just skip it?

ComboFix 14-05-19.01 - Millar 05/21/2014 3:56.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6096 [GMT -4:00]
Running from: c:\users\Millar\Desktop\Uninstall.exe.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-04-21 to 2014-05-21 )))))))))))))))))))))))))))))))
.
.
2014-05-21 08:00 . 2014-05-21 08:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-21 07:32 . 2014-05-21 07:32	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-21 07:32 . 2014-05-21 07:32	--------	d-----w-	c:\program files\iTunes
2014-05-21 07:32 . 2014-05-21 07:32	--------	d-----w-	c:\program files (x86)\iTunes
2014-05-21 07:01 . 2014-05-21 07:01	--------	d-----w-	c:\program files\Java
2014-05-21 06:39 . 2014-05-21 06:39	--------	d-----w-	c:\program files\CCleaner
2014-05-21 06:22 . 2014-02-08 16:18	599840	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-05-21 06:22 . 2014-02-08 17:42	6712608	----a-w-	c:\windows\system32\nvcpl.dll
2014-05-21 06:22 . 2014-02-08 17:42	3498272	----a-w-	c:\windows\system32\nvsvc64.dll
2014-05-21 06:22 . 2014-02-08 17:42	923936	----a-w-	c:\windows\system32\nvvsvc.exe
2014-05-21 06:22 . 2014-02-08 17:42	63776	----a-w-	c:\windows\system32\nvshext.dll
2014-05-21 06:22 . 2014-02-08 17:42	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-05-21 06:22 . 2014-02-05 17:52	3573739	----a-w-	c:\windows\system32\nvcoproc.bin
2014-05-21 05:23 . 2014-05-21 07:11	313256	----a-w-	c:\windows\system32\javaws.exe
2014-05-21 05:23 . 2014-05-21 07:11	189352	----a-w-	c:\windows\system32\javaw.exe
2014-05-21 05:23 . 2014-05-21 07:11	189352	----a-w-	c:\windows\system32\java.exe
2014-05-21 05:23 . 2014-05-21 07:11	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-21 05:20 . 2014-05-21 05:20	--------	d-----w-	C:\Files
2014-05-21 04:59 . 2014-05-21 04:59	--------	d-----w-	C:\$WINDOWS.~BT
2014-05-21 04:12 . 2014-05-21 04:12	--------	d-----w-	c:\program files (x86)\Tweaking.com
2014-05-21 04:07 . 2014-05-21 04:14	181064	----a-w-	c:\windows\PSEXESVC.EXE
2014-05-21 03:52 . 2014-05-21 05:38	--------	d-----w-	C:\MATS
2014-05-20 15:29 . 2014-05-20 15:29	--------	d-----w-	c:\program files (x86)\RegCleaner
2014-05-20 03:10 . 2014-05-21 05:52	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-05-16 19:31 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-16 19:31 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-16 19:31 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-16 19:31 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-16 19:23 . 2014-05-16 19:23	--------	d-----w-	c:\program files\iPod
2014-05-16 19:11 . 2010-08-30 12:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-05-16 18:42 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-05-16 18:42 . 2014-05-09 06:14	477184	----a-w-	c:\windows\system32\aepdu.dll
2014-05-16 18:42 . 2014-05-09 06:11	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-16 18:37 . 2014-05-21 05:50	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-16 18:35 . 2014-05-16 18:35	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-16 18:35 . 2014-04-03 13:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-16 18:35 . 2014-04-03 13:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-16 13:58 . 2014-05-16 13:58	--------	d-----w-	c:\users\Millar\AppData\Roaming\SUPERAntiSpyware.com
2014-05-16 13:57 . 2014-05-16 18:29	--------	d-----w-	c:\program files\SUPERAntiSpyware
2014-05-16 13:57 . 2014-05-16 13:57	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2014-05-16 13:20 . 2014-05-20 19:14	--------	d-----w-	C:\FRST
2014-05-15 21:20 . 2014-05-20 16:28	--------	d-----w-	C:\AdwCleaner
2014-05-15 17:39 . 2014-05-15 17:39	--------	d-sh--w-	c:\users\Millar\AppData\Local\EmieUserList
2014-05-15 17:39 . 2014-05-15 17:39	--------	d-sh--w-	c:\users\Millar\AppData\Local\EmieSiteList
2014-05-14 17:24 . 2014-05-14 17:24	--------	d-----w-	c:\users\Millar\AppData\Local\AOL
2014-05-13 18:20 . 2014-05-13 18:20	235800	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2014-05-13 18:06 . 2014-05-13 18:06	323352	----a-w-	c:\windows\system32\drivers\avgloga.sys
2014-05-13 18:05 . 2014-05-13 18:05	130328	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 18:04 . 2014-05-13 18:04	31512	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2014-05-07 00:00 . 2014-05-16 19:37	--------	d-s---w-	c:\windows\system32\CompatTel
2014-04-21 16:14 . 2014-04-15 00:13	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-16 19:29 . 2013-01-08 02:48	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-04-18 19:01 . 2014-04-18 19:01	237336	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2014-04-03 13:50 . 2013-01-08 03:38	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-03-31 20:20 . 2014-03-31 20:20	274200	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-03-28 02:14 . 2014-03-28 02:14	192792	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2014-03-28 02:14 . 2014-03-28 02:14	153368	----a-w-	c:\windows\system32\drivers\avgdiska.sys
2014-03-06 09:31 . 2014-04-17 21:12	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-17 21:11	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-17 21:12	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-17 21:11	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-17 21:11	2767360	----a-w-	c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-17 21:11	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-17 21:12	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-17 21:12	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-17 21:11	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-17 21:11	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-17 21:11	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-17 21:11	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-17 21:11	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-17 21:11	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-17 21:12	586240	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-17 21:11	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-17 21:12	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-17 21:11	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-17 21:12	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-17 21:11	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-17 21:11	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-17 21:11	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-17 21:11	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-17 21:11	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-17 21:11	628736	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-17 21:11	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-17 21:11	2043904	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-17 21:11	13551104	----a-w-	c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-17 21:11	1967104	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-17 21:11	2260480	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-17 21:11	1400832	----a-w-	c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-17 21:11	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-17 21:11	1789440	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-10 14:08	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-10 14:08	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-10 14:08	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-10 14:08	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-10 14:08	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-10 14:08	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-10 14:08	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-10 14:08	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-10 14:08	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-10 14:08	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-10 14:08	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-08 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2007-05-07 159744]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-15 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\Drivers\pcouffin64a.sys;c:\windows\SYSNATIVE\Drivers\pcouffin64a.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe;c:\windows\SYSNATIVE\lxbkcoms.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-20 19:24	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-20 19:23]
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-20 19:23]
.
2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{D3103DA3-9219-4F5A-A448-A88473116F6A}: NameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\02\14\03\13&G"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-21 04:03:04
ComboFix-quarantined-files.txt 2014-05-21 08:03
ComboFix2.txt 2014-05-20 22:40
.
Pre-Run: 268,484,968,448 bytes free
Post-Run: 268,443,217,920 bytes free
.
- - End Of File - - 1C95DB77078A69BCD1FFD5715A454331
A36C5E4F47E84449FF07ED3517B43A31


----------



## RushMaster (Jun 27, 2007)

Mark1956 said:


> This one is a bit of a mystery for sure.
> 
> Have you run the Combofix removal as that is quite important to follow?
> 
> ...


I mentioned my trouble with the uninstall above.

Yes I know, the java install was a mess, I spent about an hour on that one. I tried several times to verify my install and it just kept popping up to install the plugin, and when I did that it just directed me to a fresh install of java, at which point it would tell me I already have it installed. It appears in my control panel/programs as java 7 update 55 (64bit) so i have to assume its there, however I never was able to verify. It wont work. Possibly because chrome is a 32 bit browser and im using a 64 bit version of windows?


----------



## Mark1956 (May 7, 2011)

Try the rename method again with Combofix, but this time just change the name to Combofix, the .exe part is hidden (I must update my instructions as this is misleading). You can see in the above log it is now named Combofix.exe.exe

For Java, you do not need the 64bit version as all browsers are 32bit, it does not relate to the bit rate of the OS.

Uninstall the 64bit version then go here to get the latest, it will automatically give you the 32bit version: Java Download


----------



## Mark1956 (May 7, 2011)

Just made a mistake in the Combofix instruction I gave above.

As the log shows it has been renamed to Uninstall.exe.exe you need to edit this to just* Uninstall *then try again, don't add the .exe.


----------



## RushMaster (Jun 27, 2007)

Java is definitely the issue ive been having all along. Long story short, i just had it back briefly, but it was causing the issues again, and im still having trouble getting a proper 32 bit version. I'll explain in my next post, in the meantime...

EDIT: It uninstalled successfully.

Anyways, when I try to install java from the link you gave me, it detects that java already exists on my PC, then asks if i want to re-install it, but then a windows installer error pops up and says it is only for existing versions of java. So this is where the issues are...

I've tried removing it all with revo uninstaller, a program called Everything, and of course the straight control panel uninstall. However its still not letting me install a new version.

The only way it DOES let me install a new version, is if I use JavaRa, which is an application that automatically does it all for you. But I think its installing a 64 bit version. Hence why its not working.


----------



## RushMaster (Jun 27, 2007)

Look better? =D

Results of screen317's Security Check version 0.99.83 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2014 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Java 7 Update 55 
Adobe Reader XI 
Google Chrome 35.0.1916.114 
*````````Process Check: objlist.exe by Laurent````````* 
AVG avgwdsvc.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0% 
*````````````````````End of Log``````````````````````*


----------



## RushMaster (Jun 27, 2007)

Everything was working 100% after installing the 32 bit java. 

Restarted, back to broken again. It's gotta be something caused from the latest release of Java....I wonder if theyre aware of it.


----------



## Mark1956 (May 7, 2011)

I doubt it is an issue with the latest update as I have had many people including myself update to it without any reported issues, but in your case it certainly sounds like it could be related.

Did you get Combofix to uninstall?

Try this: Run JavaRa to remove it, but don't allow it to continue with the install of the new version.

Open Windows Explorer, click on Organize then Folder and Search Options, then the View tab. Click on the circle next to Show hidden files folders and drives so it is clear, click on Apply and OK. If it is already clear leave it that way.

Then navigate to this folder: C:\Users\NAME\Appdata\LocalLow look for and delete the Sun folder. If there is also an Oracle folder, delete that also. (NAME is obviously your user name).

Then reboot the system. Go to the Java download page here: http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html

Click on the small button to accept the license agreement, then click on the download tab next to *Windows x86 Offline*, this will download the installer for the 32bit version. Install it and let me know what happens.


----------



## RushMaster (Jun 27, 2007)

I can't uninstall it in normal mode because applications are no longer opening now that java is installed.

I can't uninstall it in safe mode either as far as I know...Certain applications refuse to uninstall without msiexec operating.


----------



## RushMaster (Jun 27, 2007)

Okay so like I did last time, I had to use revo-uninstaller to get rid of it (had to do in safe mode since nothing opens) the normal uninstaller for java wouldnt open being that it was safe mode and it needs msiexec, but the revo uninstaller went ahead and deleted all the files and registry items anyway. I then used microsoft fix it utility to uninstall any remaining java items, I changed folder options and deleted the folders in locallow as you suggested, and I ran Everything.exe to manually remove any folders or files java related.

Upon booting to normal windows mode, i got the usual "this has already been installed, do you want to re-install it? Yes, then you get the msiexec error where it says it only works on installed versions. So at this point you need to download javamsifix http://forums.whatthetech.com/index.php?app=downloads&showfile=41

Did that, and then used your link to java you provided, and it installed correctly. Verified version on the java website.

Regedit, msconfig, and all other "16 bit applications" as my computers calls it...run as per normal.

Now, when I goto restart again, my guess is that it will revert back to having problems again. Should I do anything before restarting to where it will be broken again? What's your read?


----------



## Mark1956 (May 7, 2011)

Nothing I can think of, go ahead and reboot, fingers crossed.


----------



## RushMaster (Jun 27, 2007)

Back to being broken after restart. Lol...


----------



## Mark1956 (May 7, 2011)

Go back to my earlier instructions to put the system in Selective start up, you can set this up in Safe Mode then boot back into Normal Mode and see how it is. This might help us to identify anything that may be causing the issue with Java.

Before you go any further please answer my question about the Combofix uninstall, did it work or not?


----------



## RushMaster (Jun 27, 2007)

Yes I successfully uninstalled combofix after renaming it uninstall. Sorry about that.

I did some research online about my original error message i was getting "too many 16 bit applications are running please close one or more or use config.sys etc etc"

Turns out a good fix for it is to go into your control panel and goto user settings under administrator and slide the security slider all the way to the bottom. That got rid of "consent.exe" and conhost.exe out of my processes and now everything works fine, even after startups. I realize that turning my security bar down isnt probably the best idea, but its literally the only thing that seems to work, and other people online were saying they had to do it too. Looks like it's a glitch with windows 7 service pack 1. So other than getting rid of the service pack, i guess thats the best i can do. I guess I'll just leave it like this.


----------



## Mark1956 (May 7, 2011)

Ok, it's up to you if you want to leave it like that and I would not advise you to remove SP1 as it contains a lot of bug and security fixes that your system needs to remain stable and secure.

Using Selective Startup would have been a way to find out what was causing the problem, up to you if you wish to try it.


----------



## RushMaster (Jun 27, 2007)

To be honest it's been too daunting to even bother trying to figure out what exactly is causing it at this point, whatever works for the time being. I'll probably do a fresh install down the road anyways, if I ever get time to take all my important files off. I'm just glad we got to the bottom of it. Thanks for all your help Mark!


----------



## Mark1956 (May 7, 2011)

You're welcome and that is fine, at least we know the PC is clean.

Just a little advice, you should always have back ups of all your important data saved to external media and not just leave it until you want to do a reinstall. You never know when the hard drive may fail (which they all do) or something else may go wrong. The only data you should not back up is the stuff you don't mind losing.

You can remove any of the remaining tools used and any saved logs by right clicking on them and selecting Delete. I would recommend keeping Adwcleaner and running regular scans with it.


----------

