Trojan found - please help

jsa112

looks good, let me know if avg/mbam keeps finding things and if the pc is giving you any problems

sandra_b

Yupiiii

One question: I keep getting prompt in IE saying "I am about to leave secure connection". Is that ok to say don't prompt me again?

jsa112

yeah that's grand, some sites are secure and some aren't

although try not use internet explorer as its a POS and more likely to get you infected again. Use chrome

askU

ur clogging up my system

sandra_b

jsa112 wrote: »

yeah that's grand, some sites are secure and some aren't

although try not use internet explorer as its a POS and more likely to get you infected again. Use chrome

It prompts secure warning for comobofix and for google. Maybe security settings have been reseted by combofix? I'll google it to find out Maybe it is ok just to check the box "don't show this message again".

And sorry for the big picture I didn't realize

I know about Chrome....but I am used to IE.
Shell I run adwcleaner regullary to clean?

jsa112

yeah check that box, its nothing to worry about

no need to run adwcleaner, do run mbam and avg occasionally, you can pm me if they find anything

sandra_b

Its people like you who make a difference to this world Thank you again. All the best.

jsa112

yep i'm great, good night and good luck

sandra_b

Tdsskiller log:

16:00:55.0633 0x16f4 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
16:01:20.0817 0x16f4 ============================================================
16:01:20.0818 0x16f4 Current date / time: 2014/01/01 16:01:20.0817
16:01:20.0818 0x16f4 SystemInfo:
16:01:20.0818 0x16f4
16:01:20.0818 0x16f4 OS Version: 6.0.6002 ServicePack: 2.0
16:01:20.0818 0x16f4 Product type: Workstation
16:01:20.0818 0x16f4 ComputerName: LAPTOP-PC
16:01:20.0819 0x16f4 UserName: Laptop
16:01:20.0819 0x16f4 Windows directory: C:\Windows
16:01:20.0819 0x16f4 System windows directory: C:\Windows
16:01:20.0819 0x16f4 Processor architecture: Intel x86
16:01:20.0819 0x16f4 Number of processors: 2
16:01:20.0819 0x16f4 Page size: 0x1000
16:01:20.0819 0x16f4 Boot type: Normal boot
16:01:20.0819 0x16f4 ============================================================
16:01:27.0393 0x16f4 KLMD registered as C:\Windows\system32\drivers\59677234.sys
16:01:29.0688 0x16f4 System UUID: {8B73D1E6-BFA3-55BE-C168-014BDB79FF90}
16:01:32.0981 0x16f4 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:01:33.0048 0x16f4 ============================================================
16:01:33.0048 0x16f4 \Device\Harddisk0\DR0:
16:01:33.0049 0x16f4 MBR partitions:
16:01:33.0049 0x16f4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x128E800, BlocksNum 0x2EE000
16:01:33.0049 0x16f4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x157C800, BlocksNum 0x1149C800
16:01:33.0049 0x16f4 ============================================================
16:01:33.0113 0x16f4 C: <-> \Device\Harddisk0\DR0\Partition2
16:01:33.0145 0x16f4 S: <-> \Device\Harddisk0\DR0\Partition1
16:01:33.0349 0x16f4 ============================================================
16:01:33.0349 0x16f4 Initialize success
16:01:33.0349 0x16f4 ============================================================
16:01:47.0061 0x0cb8 ============================================================
16:01:47.0062 0x0cb8 Scan started
16:01:47.0062 0x0cb8 Mode: Manual;
16:01:47.0062 0x0cb8 ============================================================
16:01:47.0062 0x0cb8 KSN ping started
16:01:48.0330 0x0cb8 KSN ping finished: true
16:01:49.0645 0x0cb8 ================ Scan system memory ========================
16:01:49.0645 0x0cb8 System memory - ok
16:01:49.0646 0x0cb8 ================ Scan services =============================
16:01:49.0870 0x0cb8 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:01:49.0894 0x0cb8 ACPI - ok
16:01:50.0060 0x0cb8 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:01:50.0143 0x0cb8 AdobeFlashPlayerUpdateSvc - ok
16:01:50.0235 0x0cb8 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:01:50.0270 0x0cb8 adp94xx - ok
16:01:50.0318 0x0cb8 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:01:50.0350 0x0cb8 adpahci - ok
16:01:50.0380 0x0cb8 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:01:50.0388 0x0cb8 adpu160m - ok
16:01:50.0420 0x0cb8 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:01:50.0431 0x0cb8 adpu320 - ok
16:01:50.0484 0x0cb8 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:01:50.0487 0x0cb8 AeLookupSvc - ok
16:01:50.0565 0x0cb8 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
16:01:50.0590 0x0cb8 AFD - ok
16:01:50.0711 0x0cb8 [ DE9DF7A02803E923C7695B343678AC25, 3DD340E3B1FA6058EB6AA25BE0087BB44D0A343E30A79544B57F39D81A7A8D6C ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
16:01:50.0803 0x0cb8 AgereSoftModem - ok
16:01:50.0879 0x0cb8 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:01:50.0884 0x0cb8 agp440 - ok
16:01:50.0941 0x0cb8 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:01:50.0948 0x0cb8 aic78xx - ok
16:01:50.0999 0x0cb8 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
16:01:51.0003 0x0cb8 ALG - ok
16:01:51.0049 0x0cb8 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
16:01:51.0052 0x0cb8 aliide - ok
16:01:51.0074 0x0cb8 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:01:51.0079 0x0cb8 amdagp - ok
16:01:51.0129 0x0cb8 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
16:01:51.0133 0x0cb8 amdide - ok
16:01:51.0148 0x0cb8 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:01:51.0154 0x0cb8 AmdK7 - ok
16:01:51.0182 0x0cb8 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:01:51.0188 0x0cb8 AmdK8 - ok
16:01:51.0221 0x0cb8 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
16:01:51.0224 0x0cb8 Appinfo - ok
16:01:51.0297 0x0cb8 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
16:01:51.0304 0x0cb8 arc - ok
16:01:51.0357 0x0cb8 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:01:51.0364 0x0cb8 arcsas - ok
16:01:51.0397 0x0cb8 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:01:51.0401 0x0cb8 AsyncMac - ok
16:01:51.0436 0x0cb8 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
16:01:51.0439 0x0cb8 atapi - ok
16:01:51.0512 0x0cb8 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:01:51.0537 0x0cb8 AudioEndpointBuilder - ok
16:01:51.0568 0x0cb8 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:01:51.0584 0x0cb8 Audiosrv - ok
16:01:51.0673 0x0cb8 [ 9C7C45DE9E167F6268D32D6D10133F7D, 58005B49AE6D5CABB3ECEFF0D800F53D6E81A67B5EFE25E9374EC061FEC5601F ] Avgdiskx C:\Windows\system32\DRIVERS\avgdiskx.sys
16:01:51.0684 0x0cb8 Avgdiskx - ok
16:01:52.0073 0x0cb8 [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent C:\Program Files\AVG\AVG2014\avgidsagent.exe
16:01:52.0306 0x0cb8 AVGIDSAgent - ok
16:01:52.0391 0x0cb8 [ C66B17D93F94622293608C2FB91C5806, 5BA6948A5328D73B1BAF6DACC7B2A842FD0072246DD416DE39F6993EAABC2997 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
16:01:52.0406 0x0cb8 AVGIDSDriver - ok
16:01:52.0488 0x0cb8 [ 0C70FAB4B08DC1FF6612AA3F352CFCA9, 6991B6A9E5063611C280968F758E6B0F431E19EB8539808531C6293A0F313C47 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
16:01:52.0498 0x0cb8 AVGIDSHX - ok
16:01:52.0530 0x0cb8 [ 4118A9D326A76D485713A36988102C3E, 10C494165258D091AB31533C37FA05C29013471D5B2D6BDA60F731715FA02248 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
16:01:52.0534 0x0cb8 AVGIDSShim - ok
16:01:52.0636 0x0cb8 [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
16:01:52.0658 0x0cb8 Avgldx86 - ok
16:01:52.0941 0x0cb8 [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
16:01:53.0157 0x0cb8 Avglogx - ok
16:01:53.0342 0x0cb8 [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
16:01:53.0395 0x0cb8 Avgmfx86 - ok
16:01:53.0717 0x0cb8 [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
16:01:53.0739 0x0cb8 Avgrkx86 - ok
16:01:53.0877 0x0cb8 [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
16:01:53.0958 0x0cb8 Avgtdix - ok
16:01:54.0087 0x0cb8 [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
16:01:54.0114 0x0cb8 avgtp - ok
16:01:54.0419 0x0cb8 [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd C:\Program Files\AVG\AVG2014\avgwdsvc.exe
16:01:54.0718 0x0cb8 avgwd - ok
16:01:54.0904 0x0cb8 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
16:01:54.0927 0x0cb8 Beep - ok
16:01:55.0349 0x0cb8 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
16:01:55.0509 0x0cb8 BFE - ok
16:01:55.0679 0x0cb8 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\system32\qmgr.dll
16:01:55.0737 0x0cb8 BITS - ok
16:01:55.0790 0x0cb8 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:01:55.0796 0x0cb8 blbdrive - ok
16:01:55.0849 0x0cb8 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:01:55.0856 0x0cb8 bowser - ok
16:01:55.0898 0x0cb8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:01:55.0903 0x0cb8 BrFiltLo - ok
16:01:55.0923 0x0cb8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:01:55.0926 0x0cb8 BrFiltUp - ok
16:01:55.0960 0x0cb8 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
16:01:55.0967 0x0cb8 Browser - ok
16:01:56.0024 0x0cb8 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:01:56.0032 0x0cb8 Brserid - ok
16:01:56.0065 0x0cb8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:01:56.0070 0x0cb8 BrSerWdm - ok
16:01:56.0126 0x0cb8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:01:56.0130 0x0cb8 BrUsbMdm - ok
16:01:56.0187 0x0cb8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:01:56.0190 0x0cb8 BrUsbSer - ok
16:01:56.0263 0x0cb8 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:01:56.0267 0x0cb8 BTHMODEM - ok
16:01:56.0317 0x0cb8 catchme - ok
16:01:56.0371 0x0cb8 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:01:56.0379 0x0cb8 cdfs - ok
16:01:56.0460 0x0cb8 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:01:56.0467 0x0cb8 cdrom - ok
16:01:56.0520 0x0cb8 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
16:01:56.0524 0x0cb8 CertPropSvc - ok
16:01:56.0586 0x0cb8 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
16:01:56.0591 0x0cb8 circlass - ok
16:01:56.0686 0x0cb8 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
16:01:56.0702 0x0cb8 CLFS - ok
16:01:56.0805 0x0cb8 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:01:56.0812 0x0cb8 clr_optimization_v2.0.50727_32 - ok
16:01:56.0929 0x0cb8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:01:56.0939 0x0cb8 clr_optimization_v4.0.30319_32 - ok
16:01:57.0009 0x0cb8 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:01:57.0013 0x0cb8 CmBatt - ok
16:01:57.0046 0x0cb8 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:01:57.0050 0x0cb8 cmdide - ok
16:01:57.0116 0x0cb8 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:01:57.0119 0x0cb8 Compbatt - ok
16:01:57.0128 0x0cb8 COMSysApp - ok
16:01:57.0151 0x0cb8 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:01:57.0156 0x0cb8 crcdisk - ok
16:01:57.0206 0x0cb8 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:01:57.0213 0x0cb8 Crusoe - ok
16:01:57.0314 0x0cb8 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:01:57.0324 0x0cb8 CryptSvc - ok
16:01:57.0471 0x0cb8 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:01:57.0517 0x0cb8 DcomLaunch - ok
16:01:57.0590 0x0cb8 DeviceManager - ok
16:01:57.0640 0x0cb8 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:01:57.0646 0x0cb8 DfsC - ok
16:01:57.0831 0x0cb8 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
16:01:57.0975 0x0cb8 DFSR - ok
16:01:58.0084 0x0cb8 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:01:58.0097 0x0cb8 Dhcp - ok
16:01:58.0129 0x0cb8 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
16:01:58.0134 0x0cb8 disk - ok
16:01:58.0202 0x0cb8 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:01:58.0210 0x0cb8 Dnscache - ok
16:01:58.0269 0x0cb8 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
16:01:58.0281 0x0cb8 dot3svc - ok
16:01:58.0322 0x0cb8 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
16:01:58.0332 0x0cb8 DPS - ok
16:01:58.0365 0x0cb8 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:01:58.0368 0x0cb8 drmkaud - ok
16:01:58.0455 0x0cb8 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:01:58.0512 0x0cb8 DXGKrnl - ok
16:01:58.0546 0x0cb8 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:01:58.0556 0x0cb8 E1G60 - ok
16:01:58.0594 0x0cb8 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
16:01:58.0599 0x0cb8 EapHost - ok
16:01:58.0686 0x0cb8 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
16:01:58.0703 0x0cb8 Ecache - ok
16:01:58.0787 0x0cb8 [ 3A511ED3C9A9DA2CD5A50FF46178063A, FA8732D1B078E01EC2337BE1997B58B37BC3C39747D932F8CAB1B98C6BC754F5 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:01:58.0823 0x0cb8 ehRecvr - ok
16:01:58.0845 0x0cb8 [ A3D94C93333619458AF4BDE7531234C5, E01860EDC1AA3D9B58F9EC5BE20838A7C7B0A1F68B0264281AEDD6F5B69AA1BD ] ehSched C:\Windows\ehome\ehsched.exe
16:01:58.0853 0x0cb8 ehSched - ok
16:01:58.0862 0x0cb8 [ 487BA5C5BB442BD172F120DC197811C2, C43068044443FFB2368BAD0008DADF5D4218D0DCD9AB9F1D492540DE9CDC7EB9 ] ehstart C:\Windows\ehome\ehstart.dll
16:01:58.0865 0x0cb8 ehstart - ok
16:01:58.0931 0x0cb8 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:01:58.0966 0x0cb8 elxstor - ok
16:01:59.0062 0x0cb8 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:01:59.0106 0x0cb8 EMDMgmt - ok
16:01:59.0143 0x0cb8 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:01:59.0146 0x0cb8 ErrDev - ok
16:01:59.0210 0x0cb8 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
16:01:59.0233 0x0cb8 EventSystem - ok
16:01:59.0291 0x0cb8 [ 0F40E249E4DD0CE47C7CA19C5C8FB48A, EBF4A9DCEF2913095BDDACC64D02925B30CC1D779D21D31A1C3B59532D1C97E3 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
16:01:59.0301 0x0cb8 ewusbnet - ok
16:01:59.0391 0x0cb8 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7, 9AAF39AA22372FB8582C1422581C08E61444BF843E1CE2E199EB00FBEA6F9C06 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:01:59.0399 0x0cb8 ew_hwusbdev - ok
16:01:59.0495 0x0cb8 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
16:01:59.0507 0x0cb8 exfat - ok
16:01:59.0538 0x0cb8 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:01:59.0549 0x0cb8 fastfat - ok
16:01:59.0599 0x0cb8 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:01:59.0603 0x0cb8 fdc - ok
16:01:59.0635 0x0cb8 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
16:01:59.0638 0x0cb8 fdPHost - ok
16:01:59.0663 0x0cb8 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
16:01:59.0667 0x0cb8 FDResPub - ok
16:01:59.0687 0x0cb8 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:01:59.0698 0x0cb8 FileInfo - ok
16:01:59.0740 0x0cb8 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:01:59.0744 0x0cb8 Filetrace - ok
16:01:59.0766 0x0cb8 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:01:59.0789 0x0cb8 flpydisk - ok
16:01:59.0895 0x0cb8 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:01:59.0909 0x0cb8 FltMgr - ok
16:02:00.0022 0x0cb8 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
16:02:00.0085 0x0cb8 FontCache - ok
16:02:00.0157 0x0cb8 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:02:00.0161 0x0cb8 FontCache3.0.0.0 - ok
16:02:00.0192 0x0cb8 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:02:00.0195 0x0cb8 Fs_Rec - ok
16:02:00.0224 0x0cb8 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:02:00.0230 0x0cb8 gagp30kx - ok
16:02:00.0281 0x0cb8 [ 75ECD9BBFACA8B6DEDC0C4B27D4DE93A, F77DA5A703783F6B00F9EFF488C15EAD257A17CDC4C444C54299256DD084DEFB ] GpdDevDPort C:\Windows\system32\directport.sys
16:02:00.0285 0x0cb8 GpdDevDPort - ok
16:02:00.0320 0x0cb8 [ 6BDC233AD6E8826E90BDC0C71443CB22, 0DDAAABEA394BAA1DC73F3A5747A336C9B11AF181B23820898C7F9D2F16E8EEE ] GpdKbFilter C:\Windows\system32\kbfiltr.sys
16:02:00.0325 0x0cb8 GpdKbFilter - ok
16:02:00.0413 0x0cb8 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
16:02:00.0459 0x0cb8 gpsvc - ok
16:02:00.0568 0x0cb8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:02:00.0578 0x0cb8 gupdate - ok
16:02:00.0601 0x0cb8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:02:00.0609 0x0cb8 gupdatem - ok
16:02:00.0672 0x0cb8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:02:00.0685 0x0cb8 gusvc - ok
16:02:00.0740 0x0cb8 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:02:00.0758 0x0cb8 HdAudAddService - ok
16:02:00.0829 0x0cb8 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:02:00.0875 0x0cb8 HDAudBus - ok
16:02:00.0906 0x0cb8 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:02:00.0910 0x0cb8 HidBth - ok
16:02:00.0936 0x0cb8 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
16:02:00.0946 0x0cb8 HidIr - ok
16:02:01.0008 0x0cb8 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
16:02:01.0012 0x0cb8 hidserv - ok
16:02:01.0049 0x0cb8 [ 3C64042B95E583B366BA4E5D2450235E, B431F9692D66188AFEE372F312581178B14F49D763F8D1100D264623A239002A ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:02:01.0053 0x0cb8 HidUsb - ok
16:02:01.0112 0x0cb8 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
16:02:01.0119 0x0cb8 hkmsvc - ok
16:02:01.0186 0x0cb8 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:02:01.0190 0x0cb8 HpCISSs - ok
16:02:01.0255 0x0cb8 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:02:01.0291 0x0cb8 HTTP - ok
16:02:01.0359 0x0cb8 [ B17651DA8D2E003BB7EF9FCA31819B3A, B521564887C7933A9BCDF407DB4886B10205EEA84A9FC4D1BB66411ED0E2672F ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
16:02:01.0369 0x0cb8 huawei_cdcacm - ok
16:02:01.0392 0x0cb8 [ 202FC4C97D650ABDAC6C8BF27DD41FC4, FAA4A830D3DB0BE9F302F934602EF80C08E489BCE4C491F1A898731DF5FEBFC3 ] huawei_cdcecm C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
16:02:01.0398 0x0cb8 huawei_cdcecm - ok
16:02:01.0441 0x0cb8 [ C36F38662751810F96A4170C0F7DB0F1, C0E1DE17322BA26F2FC93720A76880BB4309B85E606D46A842A8E8E7C869F6CA ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:02:01.0451 0x0cb8 huawei_enumerator - ok
16:02:01.0502 0x0cb8 [ 283B862A34ABCE1EC6D9EF50F84CDDEA, 0E23D17411393E388A4C24E3F8D9B85E90B9E9F99C7692E81209EB2EA43E0B48 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
16:02:01.0506 0x0cb8 huawei_ext_ctrl - ok
16:02:01.0562 0x0cb8 [ 92CA47DA32009CCC00A5ADED04ABBD78, 2159A632B9C519D94180A2EED24AB8A91BE8717F0C13BEC916CF4F70E4DB5D47 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:02:01.0571 0x0cb8 hwdatacard - ok
16:02:01.0653 0x0cb8 HWDeviceService.exe - ok
16:02:01.0681 0x0cb8 hwusbdev - ok
16:02:01.0727 0x0cb8 [ 1D4D6D24256F61E6B08A3CF8184A78B8, 037218C662C43E588921A8BA72F4AE1BA22983167F1216E06CE5C5820DA8CC7B ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
16:02:01.0735 0x0cb8 hwusbfake - ok
16:02:01.0787 0x0cb8 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:02:01.0791 0x0cb8 i2omp - ok
16:02:01.0822 0x0cb8 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:02:01.0827 0x0cb8 i8042prt - ok
16:02:02.0425 0x0cb8 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
16:02:03.0747 0x0cb8 ialm - ok
16:02:03.0852 0x0cb8 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:02:03.0883 0x0cb8 iaStorV - ok
16:02:04.0001 0x0cb8 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:02:04.0077 0x0cb8 idsvc - ok
16:02:04.0852 0x0cb8 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:02:05.0417 0x0cb8 igfx - ok
16:02:05.0526 0x0cb8 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:02:05.0530 0x0cb8 iirsp - ok
16:02:05.0603 0x0cb8 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
16:02:05.0636 0x0cb8 IKEEXT - ok
16:02:05.0809 0x0cb8 [ 219CA9A36D6DE2EC04F958C907673436, 44B5501263F5DA324E90D59264F8B39F69F4B3EADAFCFC983196A4CEB2C8F54C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:02:05.0941 0x0cb8 IntcAzAudAddService - ok
16:02:06.0005 0x0cb8 [ 8DAB99684CFE8B4DDD5D6D0C5D55FDAC, 1FE5ED643332F9851B6895F2C0340D81EFD47C5A5F9DAC0F292AFE818C98E04F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:02:06.0014 0x0cb8 IntcHdmiAddService - ok
16:02:06.0047 0x0cb8 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
16:02:06.0050 0x0cb8 intelide - ok
16:02:06.0100 0x0cb8 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:02:06.0108 0x0cb8 intelppm - ok
16:02:06.0155 0x0cb8 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:02:06.0162 0x0cb8 IPBusEnum - ok
16:02:06.0207 0x0cb8 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:02:06.0212 0x0cb8 IpFilterDriver - ok
16:02:06.0278 0x0cb8 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:02:06.0292 0x0cb8 iphlpsvc - ok
16:02:06.0303 0x0cb8 IpInIp - ok
16:02:06.0328 0x0cb8 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:02:06.0334 0x0cb8 IPMIDRV - ok
16:02:06.0357 0x0cb8 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:02:06.0366 0x0cb8 IPNAT - ok
16:02:06.0417 0x0cb8 [ E50A95179211B12946F7E035D60AF560, 69765E2548BA708FF35545EC944DBA1940AD4065AF90E53B97A7792AC231DCF7 ] irda C:\Windows\system32\DRIVERS\irda.sys
16:02:06.0426 0x0cb8 irda - ok
16:02:06.0448 0x0cb8 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:02:06.0451 0x0cb8 IRENUM - ok
16:02:06.0484 0x0cb8 [ CBB0D940221A281BCFEAEA695BD1CDA5, D05D192019524A02FE3FAE6827B98A942FA1AD651BF7AA53530A8A6F4ADFB7EB ] Irmon C:\Windows\System32\irmon.dll
16:02:06.0494 0x0cb8 Irmon - ok
16:02:06.0508 0x0cb8 [ 5896B5FF6332AB2BE1582523E9656A67, EA61CF0B108DDA2D32A2A9B28B2AD296E6941839114C99384D343B883ECAB7F8 ] irsir C:\Windows\system32\DRIVERS\irsir.sys
16:02:06.0512 0x0cb8 irsir - ok
16:02:06.0563 0x0cb8 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:02:06.0569 0x0cb8 isapnp - ok
16:02:06.0635 0x0cb8 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:02:06.0647 0x0cb8 iScsiPrt - ok
16:02:06.0671 0x0cb8 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:02:06.0676 0x0cb8 iteatapi - ok
16:02:06.0701 0x0cb8 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:02:06.0705 0x0cb8 iteraid - ok
16:02:06.0728 0x0cb8 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:02:06.0732 0x0cb8 kbdclass - ok
16:02:06.0754 0x0cb8 [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:02:06.0758 0x0cb8 kbdhid - ok
16:02:06.0812 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
16:02:06.0816 0x0cb8 KeyIso - ok
16:02:06.0894 0x0cb8 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:02:06.0928 0x0cb8 KSecDD - ok
16:02:06.0990 0x0cb8 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:02:07.0026 0x0cb8 KtmRm - ok
16:02:07.0078 0x0cb8 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
16:02:07.0090 0x0cb8 LanmanServer - ok
16:02:07.0185 0x0cb8 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:02:07.0202 0x0cb8 LanmanWorkstation - ok
16:02:07.0267 0x0cb8 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:02:07.0273 0x0cb8 lltdio - ok
16:02:07.0315 0x0cb8 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:02:07.0329 0x0cb8 lltdsvc - ok
16:02:07.0367 0x0cb8 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:02:07.0371 0x0cb8 lmhosts - ok
16:02:07.0404 0x0cb8 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:02:07.0412 0x0cb8 LSI_FC - ok
16:02:07.0435 0x0cb8 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:02:07.0442 0x0cb8 LSI_SAS - ok
16:02:07.0472 0x0cb8 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:02:07.0480 0x0cb8 LSI_SCSI - ok
16:02:07.0502 0x0cb8 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
16:02:07.0514 0x0cb8 luafv - ok
16:02:07.0547 0x0cb8 [ 3BD2AD18179DEAD6652E87157FB98E4A, 66416F10BF5E29CA8E47D8DB8A906164669C722EDF985598A605C096A92A87AF ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:02:07.0554 0x0cb8 Mcx2Svc - ok
16:02:07.0591 0x0cb8 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
16:02:07.0596 0x0cb8 megasas - ok
16:02:07.0655 0x0cb8 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:02:07.0689 0x0cb8 MegaSR - ok
16:02:07.0716 0x0cb8 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
16:02:07.0723 0x0cb8 MMCSS - ok
16:02:07.0756 0x0cb8 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
16:02:07.0761 0x0cb8 Modem - ok
16:02:07.0792 0x0cb8 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:02:07.0797 0x0cb8 monitor - ok
16:02:07.0820 0x0cb8 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:02:07.0824 0x0cb8 mouclass - ok
16:02:07.0866 0x0cb8 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\drivers\mouhid.sys
16:02:07.0870 0x0cb8 mouhid - ok
16:02:07.0902 0x0cb8 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:02:07.0908 0x0cb8 MountMgr - ok
16:02:07.0975 0x0cb8 [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:02:07.0985 0x0cb8 MozillaMaintenance - ok
16:02:08.0009 0x0cb8 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:02:08.0018 0x0cb8 mpio - ok
16:02:08.0069 0x0cb8 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:02:08.0075 0x0cb8 mpsdrv - ok
16:02:08.0163 0x0cb8 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:02:08.0220 0x0cb8 MpsSvc - ok
16:02:08.0254 0x0cb8 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:02:08.0260 0x0cb8 Mraid35x - ok
16:02:08.0297 0x0cb8 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:02:08.0306 0x0cb8 MRxDAV - ok
16:02:08.0353 0x0cb8 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:02:08.0363 0x0cb8 mrxsmb - ok
16:02:08.0422 0x0cb8 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:02:08.0436 0x0cb8 mrxsmb10 - ok
16:02:08.0461 0x0cb8 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:02:08.0468 0x0cb8 mrxsmb20 - ok
16:02:08.0507 0x0cb8 [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci C:\Windows\system32\drivers\msahci.sys
16:02:08.0511 0x0cb8 msahci - ok
16:02:08.0551 0x0cb8 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:02:08.0559 0x0cb8 msdsm - ok
16:02:08.0601 0x0cb8 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
16:02:08.0613 0x0cb8 MSDTC - ok
16:02:08.0661 0x0cb8 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:02:08.0670 0x0cb8 Msfs - ok
16:02:08.0703 0x0cb8 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:02:08.0707 0x0cb8 msisadrv - ok
16:02:08.0757 0x0cb8 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:02:08.0767 0x0cb8 MSiSCSI - ok
16:02:08.0798 0x0cb8 msiserver - ok
16:02:08.0836 0x0cb8 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:02:08.0839 0x0cb8 MSKSSRV - ok
16:02:08.0853 0x0cb8 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:02:08.0857 0x0cb8 MSPCLOCK - ok
16:02:08.0871 0x0cb8 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:02:08.0874 0x0cb8 MSPQM - ok
16:02:08.0946 0x0cb8 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:02:08.0958 0x0cb8 MsRPC - ok
16:02:08.0989 0x0cb8 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:02:08.0993 0x0cb8 mssmbios - ok
16:02:09.0013 0x0cb8 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:02:09.0017 0x0cb8 MSTEE - ok
16:02:09.0049 0x0cb8 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
16:02:09.0055 0x0cb8 Mup - ok
16:02:09.0146 0x0cb8 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
16:02:09.0203 0x0cb8 napagent - ok
16:02:09.0308 0x0cb8 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:02:09.0319 0x0cb8 NativeWifiP - ok
16:02:09.0396 0x0cb8 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:02:09.0470 0x0cb8 NDIS - ok
16:02:09.0484 0x0cb8 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:02:09.0488 0x0cb8 NdisTapi - ok
16:02:09.0522 0x0cb8 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:02:09.0531 0x0cb8 Ndisuio - ok
16:02:09.0597 0x0cb8 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:02:09.0609 0x0cb8 NdisWan - ok
16:02:09.0647 0x0cb8 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:02:09.0657 0x0cb8 NDProxy - ok
16:02:09.0693 0x0cb8 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:02:09.0701 0x0cb8 NetBIOS - ok
16:02:09.0763 0x0cb8 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:02:09.0776 0x0cb8 netbt - ok
16:02:09.0801 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
16:02:09.0804 0x0cb8 Netlogon - ok
16:02:09.0852 0x0cb8 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
16:02:09.0875 0x0cb8 Netman - ok
16:02:09.0913 0x0cb8 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
16:02:09.0930 0x0cb8 netprofm - ok
16:02:09.0982 0x0cb8 [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:02:10.0014 0x0cb8 NetTcpPortSharing - ok
16:02:10.0056 0x0cb8 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:02:10.0061 0x0cb8 nfrd960 - ok
16:02:10.0111 0x0cb8 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
16:02:10.0125 0x0cb8 NlaSvc - ok
16:02:10.0175 0x0cb8 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:02:10.0180 0x0cb8 Npfs - ok
16:02:10.0203 0x0cb8 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
16:02:10.0209 0x0cb8 nsi - ok
16:02:10.0220 0x0cb8 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:02:10.0232 0x0cb8 nsiproxy - ok
16:02:10.0359 0x0cb8 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:02:10.0447 0x0cb8 Ntfs - ok
16:02:10.0477 0x0cb8 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:02:10.0489 0x0cb8 ntrigdigi - ok
16:02:10.0521 0x0cb8 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
16:02:10.0525 0x0cb8 Null - ok
16:02:10.0555 0x0cb8 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:02:10.0565 0x0cb8 nvraid - ok
16:02:10.0592 0x0cb8 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:02:10.0598 0x0cb8 nvstor - ok
16:02:10.0624 0x0cb8 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:02:10.0633 0x0cb8 nv_agp - ok
16:02:10.0654 0x0cb8 NwlnkFlt - ok
16:02:10.0668 0x0cb8 NwlnkFwd - ok
16:02:10.0708 0x0cb8 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:02:10.0714 0x0cb8 ohci1394 - ok
16:02:10.0787 0x0cb8 [ B7EDD9FD6387802DFAA795372AECF212, 53E8EACC9CD678BC4FFBD22A0F463A7834B1E68D2741518C65CC8883757CD912 ] OsdService C:\Program Files\OEM\OSD_1.2\OsdService.exe
16:02:10.0805 0x0cb8 OsdService - ok
16:02:10.0872 0x0cb8 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:02:10.0880 0x0cb8 ose - ok
16:02:10.0980 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:02:11.0026 0x0cb8 p2pimsvc - ok
16:02:11.0096 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
16:02:11.0129 0x0cb8 p2psvc - ok
16:02:11.0266 0x0cb8 [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:02:11.0274 0x0cb8 Parport - ok
16:02:11.0337 0x0cb8 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:02:11.0344 0x0cb8 partmgr - ok
16:02:11.0375 0x0cb8 [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:02:11.0378 0x0cb8 Parvdm - ok
16:02:11.0434 0x0cb8 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
16:02:11.0440 0x0cb8 PcaSvc - ok
16:02:11.0493 0x0cb8 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
16:02:11.0505 0x0cb8 pci - ok
16:02:11.0527 0x0cb8 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
16:02:11.0531 0x0cb8 pciide - ok
16:02:11.0571 0x0cb8 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:02:11.0584 0x0cb8 pcmcia - ok
16:02:11.0662 0x0cb8 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:02:11.0737 0x0cb8 PEAUTH - ok
16:02:11.0880 0x0cb8 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
16:02:11.0982 0x0cb8 pla - ok
16:02:12.0061 0x0cb8 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:02:12.0079 0x0cb8 PlugPlay - ok
16:02:12.0147 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:02:12.0180 0x0cb8 PNRPAutoReg - ok
16:02:12.0246 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:02:12.0280 0x0cb8 PNRPsvc - ok
16:02:12.0328 0x0cb8 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:02:12.0363 0x0cb8 PolicyAgent - ok
16:02:12.0408 0x0cb8 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:02:12.0414 0x0cb8 PptpMiniport - ok
16:02:12.0439 0x0cb8 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
16:02:12.0444 0x0cb8 Processor - ok
16:02:12.0511 0x0cb8 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
16:02:12.0525 0x0cb8 ProfSvc - ok
16:02:12.0545 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
16:02:12.0548 0x0cb8 ProtectedStorage - ok
16:02:12.0717 0x0cb8 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:02:12.0778 0x0cb8 PSched - ok
16:02:12.0993 0x0cb8 [ 9CCF89372C5A04E97CD89B58AE697796, 4156C2C7726E2DF794E2CEEDD944218D536D445F05C8513D9BD44F575F136971 ] qcusbser C:\Windows\system32\DRIVERS\qcusbser.sys
16:02:13.0080 0x0cb8 qcusbser - ok
16:02:13.0607 0x0cb8 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:02:14.0142 0x0cb8 ql2300 - ok
16:02:14.0231 0x0cb8 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:02:14.0240 0x0cb8 ql40xx - ok
16:02:14.0337 0x0cb8 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
16:02:14.0393 0x0cb8 QWAVE - ok
16:02:14.0457 0x0cb8 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:02:14.0461 0x0cb8 QWAVEdrv - ok
16:02:14.0570 0x0cb8 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:02:14.0574 0x0cb8 RasAcd - ok
16:02:14.0641 0x0cb8 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
16:02:14.0650 0x0cb8 RasAuto - ok
16:02:14.0734 0x0cb8 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:02:14.0746 0x0cb8 Rasl2tp - ok
16:02:14.0824 0x0cb8 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
16:02:14.0845 0x0cb8 RasMan - ok
16:02:14.0900 0x0cb8 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:02:14.0906 0x0cb8 RasPppoe - ok
16:02:14.0967 0x0cb8 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:02:14.0975 0x0cb8 RasSstp - ok
16:02:15.0047 0x0cb8 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:02:15.0063 0x0cb8 rdbss - ok
16:02:15.0115 0x0cb8 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:02:15.0119 0x0cb8 RDPCDD - ok
16:02:15.0180 0x0cb8 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:02:15.0196 0x0cb8 rdpdr - ok
16:02:15.0235 0x0cb8 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:02:15.0239 0x0cb8 RDPENCDD - ok
16:02:15.0333 0x0cb8 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:02:15.0346 0x0cb8 RDPWD - ok
16:02:15.0440 0x0cb8 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
16:02:15.0448 0x0cb8 RemoteAccess - ok
16:02:15.0511 0x0cb8 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:02:15.0521 0x0cb8 RemoteRegistry - ok
16:02:15.0573 0x0cb8 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
16:02:15.0593 0x0cb8 RpcLocator - ok
16:02:15.0671 0x0cb8 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\System32\rpcss.dll
16:02:15.0716 0x0cb8 RpcSs - ok
16:02:15.0751 0x0cb8 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:02:15.0758 0x0cb8 rspndr - ok
16:02:15.0810 0x0cb8 [ 2FC33077F85D7DC0D03678C06D43898C, 2C1EAE33E6BBDBEDC6A9D987891DCE34FC9E0FA79CBB1162704AEBBD46319BC0 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
16:02:15.0819 0x0cb8 RTL8169 - ok
16:02:15.0872 0x0cb8 [ 918068C01C1CE0258E64BB586385745C, D52EBCE7F18B19D2F4755DDC7DA072C67A5116D92832A43860D673F89B466E8B ] RTL8187Se C:\Windows\system32\DRIVERS\RTL8187Se.sys
16:02:15.0907 0x0cb8 RTL8187Se - ok
16:02:15.0963 0x0cb8 [ 830B682CB24206F457EA8A617605209F, D8EA85CA64CC10C5D6E906B15E5FB8EB04470718D254F3C3E6A37DE3C0291444 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
16:02:15.0970 0x0cb8 RTSTOR - ok
16:02:15.0989 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
16:02:15.0993 0x0cb8 SamSs - ok
16:02:16.0033 0x0cb8 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:02:16.0041 0x0cb8 sbp2port - ok
16:02:16.0129 0x0cb8 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:02:16.0139 0x0cb8 SCardSvr - ok
16:02:16.0388 0x0cb8 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
16:02:16.0452 0x0cb8 Schedule - ok
16:02:16.0475 0x0cb8 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
16:02:16.0479 0x0cb8 SCPolicySvc - ok
16:02:16.0515 0x0cb8 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:02:16.0533 0x0cb8 SDRSVC - ok
16:02:16.0558 0x0cb8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:02:16.0563 0x0cb8 secdrv - ok
16:02:16.0591 0x0cb8 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
16:02:16.0597 0x0cb8 seclogon - ok
16:02:16.0621 0x0cb8 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll
16:02:16.0628 0x0cb8 SENS - ok
16:02:16.0673 0x0cb8 [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:02:16.0678 0x0cb8 Serenum - ok
16:02:16.0728 0x0cb8 [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:02:16.0736 0x0cb8 Serial - ok
16:02:16.0780 0x0cb8 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:02:16.0784 0x0cb8 sermouse - ok
16:02:16.0840 0x0cb8 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
16:02:16.0850 0x0cb8 SessionEnv - ok
16:02:16.0873 0x0cb8 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:02:16.0877 0x0cb8 sffdisk - ok
16:02:16.0905 0x0cb8 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:02:16.0908 0x0cb8 sffp_mmc - ok
16:02:16.0955 0x0cb8 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:02:16.0959 0x0cb8 sffp_sd - ok
16:02:16.0984 0x0cb8 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:02:16.0988 0x0cb8 sfloppy - ok
16:02:17.0046 0x0cb8 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:02:17.0103 0x0cb8 SharedAccess - ok
16:02:17.0176 0x0cb8 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:02:17.0195 0x0cb8 ShellHWDetection - ok
16:02:17.0229 0x0cb8 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:02:17.0236 0x0cb8 sisagp - ok
16:02:17.0273 0x0cb8 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:02:17.0279 0x0cb8 SiSRaid2 - ok
16:02:17.0318 0x0cb8 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:02:17.0325 0x0cb8 SiSRaid4 - ok
16:02:17.0593 0x0cb8 [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:02:17.0834 0x0cb8 Skype C2C Service - ok
16:02:18.0150 0x0cb8 [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:02:18.0234 0x0cb8 SkypeUpdate - ok
16:02:19.0128 0x0cb8 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
16:02:20.0633 0x0cb8 slsvc - ok
16:02:20.0739 0x0cb8 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:02:20.0764 0x0cb8 SLUINotify - ok
16:02:20.0836 0x0cb8 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:02:20.0865 0x0cb8 Smb - ok
16:02:20.0963 0x0cb8 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:02:20.0968 0x0cb8 SNMPTRAP - ok
16:02:20.0999 0x0cb8 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
16:02:21.0004 0x0cb8 spldr - ok
16:02:21.0062 0x0cb8 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
16:02:21.0084 0x0cb8 Spooler - ok
16:02:21.0194 0x0cb8 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
16:02:21.0233 0x0cb8 srv - ok
16:02:21.0379 0x0cb8 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:02:21.0438 0x0cb8 srv2 - ok
16:02:21.0476

sandra_b

aswMBR is stil running, but there were 3 Trojans found by AVG in this time.
I clicked option on AVG to remove it and it did.
I see there are some files listed in aswMBR screen, I'll post when it completes.

sandra_b

Found something:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-01 16:07:14

---

16:07:14.522 OS Version: Windows 6.0.6002 Service Pack 2
16:07:14.522 Number of processors: 2 586 0xF0D
16:07:14.525 ComputerName: LAPTOP-PC UserName: Laptop
16:07:20.770 Initialize success
16:23:04.596 The log file has been saved successfully to "C:\Users\Laptop\Documents\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-01 16:07:14

---

16:07:14.522 OS Version: Windows 6.0.6002 Service Pack 2
16:07:14.522 Number of processors: 2 586 0xF0D
16:07:14.525 ComputerName: LAPTOP-PC UserName: Laptop
16:07:20.770 Initialize success
16:23:04.596 The log file has been saved successfully to "C:\Users\Laptop\Documents\aswMBR.txt"
16:25:33.002 AVAST engine defs: 14010100
16:34:01.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:34:01.855 Disk 0 Vendor: FUJITSU_MHZ2160BH 00000009 Size: 152627MB BusType: 3
16:34:02.445 Disk 0 MBR read successfully
16:34:02.451 Disk 0 MBR scan
16:34:03.878 Disk 0 Windows VISTA default MBR code
16:34:03.917 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9500 MB offset 2048
16:34:04.451 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 19458048
16:34:04.548 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 141625 MB offset 22530048
16:34:04.681 Disk 0 scanning sectors +312578048
16:34:05.498 Disk 0 scanning C:\Windows\system32\drivers
16:35:20.421 Service scanning
16:37:47.988 Modules scanning
16:38:28.037 Disk 0 trace - called modules:
16:38:28.103 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
16:38:28.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85db6ac8]
16:38:28.128 3 CLASSPNP.SYS[83ba38b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x849408a0]
16:38:45.849 AVAST engine scan C:\Windows
16:38:53.710 AVAST engine scan C:\Windows\system32
16:50:05.008 AVAST engine scan C:\Windows\system32\drivers
16:50:54.807 AVAST engine scan C:\Users\Laptop
16:59:53.795 File: C:\Users\Laptop\AppData\Local\temp\chrome.exe **INFECTED** Win32:Dropper-gen [Drp]
16:59:58.138 File: C:\Users\Laptop\AppData\Local\temp\kgtdohfp.exe **INFECTED** Win32:Dropper-gen [Drp]
17:00:16.737 File: C:\Users\Laptop\AppData\Local\temp\msotuo.bat **INFECTED** Win32:Malware-gen
17:01:25.766 File: C:\Users\Laptop\AppData\Local\temp\~tmf2866005090776815605.tmp **INFECTED** Win32:Malware-gen
17:01:26.057 File: C:\Users\Laptop\AppData\Local\temp\~tmf3907897545022973279.tmp **INFECTED** Win32:Malware-gen
17:09:48.030 AVAST engine scan C:\ProgramData
17:17:11.094 Scan finished successfully
17:20:30.009 Disk 0 MBR has been saved successfully to "C:\Users\Laptop\Documents\MBR.dat"
17:20:30.097 The log file has been saved successfully to "C:\Users\Laptop\Documents\aswMBR.txt"

jsa112

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

sandra_b

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by Laptop (administrator) on LAPTOP-PC on 01-01-2014 18:02:36
Running from C:\Users\Laptop\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(TODO: <公司名稱>) C:\Program Files\OEM\OSD_1.2\OsdService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Spare Messaging\MessagingApp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Mobilni Internet\ModemListener.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(The TechGuys) C:\Program Files\The TechGuys\Launch\Launch.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(ODM) C:\Program Files\OEM\OSD_1.2\osd.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\Broadband to go\Broadband to go.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
() C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SpareMessaging] - C:\Program Files\Spare Messaging\MessagingApp.exe [42824 2007-11-28] ()
HKLM\...\Run: [ModemListener] - C:\Program Files\Mobilni Internet\ModemListener.exe [98304 2010-07-12] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjMyNzYyMjI3LVBMKzktWE8zNisxLU4xRCsxLVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUxTRCsyLUREVCsw"&"prod=90"&"ver=10.0.1382
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [135680 2008-07-17] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-09-12] (Google Inc.)
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Laptop\LOCALS~1\Temp\msotuo.bat <===== ATTENTION
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {4186E915-6684-410A-A99C-66AF1C7C2FBF} URL = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{B69C798C-C9E4-4294-9585-642735622220}: [NameServer]212.129.64.220 212.129.64.221

FireFox:
========
FF ProfilePath: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default
FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: The Camelizer - Amazon Price Tracker - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\izer@camelcamelcamel.com.xpi
FF Extension: Property Bee - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-06-17] ()
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
R2 OsdService; C:\Program Files\OEM\OSD_1.2\OsdService.exe [94208 2008-02-22] (TODO: <公司名稱>)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
R3 GpdDevDPort; C:\Windows\system32\directport.sys [7168 2008-05-21] ()
R3 GpdKbFilter; C:\Windows\system32\kbfiltr.sys [8192 2008-04-22] (Windows (R) Codename Longhorn DDK provider)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89984 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [64128 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-21] (Microsoft Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2010-06-17] (TCT International Mobile Ltd)
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [331776 2008-07-10] (Realtek Semiconductor Corporation )
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [197504 2009-07-22] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [148992 2009-07-22] (Sierra Wireless Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [x]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [x]
U3 aswMBR; \??\C:\Users\Laptop\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 18:07 - 2014-01-01 18:07 - 00000000 _____ C:\Users\Laptop\AppData\Roaming\system.ini
2014-01-01 18:05 - 2014-01-01 17:59 - 00329216 __RSH C:\ProgramData\819827392234.exe
2014-01-01 18:04 - 2014-01-01 18:07 - 00000216 _____ C:\Users\Laptop\AppData\Roaming\msconfig.ini
2014-01-01 18:03 - 2014-01-01 18:05 - 00000000 ___HD C:\ProgramData\COMHOST
2014-01-01 18:02 - 2014-01-01 18:07 - 00017702 _____ C:\Users\Laptop\Desktop\FRST.txt
2014-01-01 18:02 - 2014-01-01 18:02 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinRAR
2014-01-01 17:58 - 2014-01-01 17:58 - 00000000 ____D C:\FRST
2014-01-01 17:56 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
2014-01-01 17:51 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Downloads\FRST.exe
2014-01-01 17:20 - 2014-01-01 17:20 - 00000512 _____ C:\Users\Laptop\Documents\MBR.dat
2014-01-01 16:23 - 2014-01-01 17:20 - 00003065 _____ C:\Users\Laptop\Documents\aswMBR.txt
2014-01-01 16:00 - 2014-01-01 16:06 - 00175754 _____ C:\Users\Laptop\Downloads\report.txt
2014-01-01 15:45 - 2014-01-01 15:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Laptop\Downloads\tdsskiller.exe
2014-01-01 15:42 - 2014-01-01 15:43 - 04745728 _____ (AVAST Software) C:\Users\Laptop\Downloads\aswMBR.exe
2014-01-01 10:58 - 2014-01-01 10:58 - 00072696 _____ C:\Users\Laptop\Desktop\OTL-after.Txt
2014-01-01 10:52 - 2014-01-01 10:52 - 00146136 _____ C:\Windows\Minidump\Mini010114-01.dmp
2014-01-01 10:51 - 2014-01-01 10:51 - 139320433 _____ C:\Windows\MEMORY.DMP
2014-01-01 09:50 - 2014-01-01 09:50 - 00072696 _____ C:\Users\Laptop\Downloads\OTL-after.Txt
2014-01-01 09:26 - 2014-01-01 09:26 - 00001392 _____ C:\Users\Laptop\Desktop\Adw.txt
2014-01-01 04:52 - 2014-01-01 04:52 - 00000104 _____ C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
2014-01-01 04:50 - 2014-01-01 04:50 - 00070982 _____ C:\Users\Laptop\Desktop\OTL-before.Txt
2014-01-01 03:34 - 2014-01-01 03:34 - 00000495 _____ C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
2014-01-01 03:33 - 2014-01-01 03:33 - 00000536 _____ C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
2014-01-01 02:37 - 2014-01-01 02:37 - 00001564 _____ C:\Users\Laptop\Desktop\Computer.lnk
2014-01-01 02:36 - 2014-01-01 02:36 - 00000288 _____ C:\Users\Laptop\AppData\Roaming\76278BBE.reg
2014-01-01 02:13 - 2014-01-01 03:22 - 00000000 ____D C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
2014-01-01 00:47 - 2014-01-01 00:47 - 00010970 _____ C:\ComboFix.txt
2014-01-01 00:19 - 2014-01-01 00:47 - 00000000 ____D C:\ComboFix
2014-01-01 00:19 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-01 00:19 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-01 00:19 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-01 00:15 - 2014-01-01 00:47 - 00000000 ____D C:\Qoobox
2014-01-01 00:13 - 2014-01-01 00:45 - 00000000 ____D C:\Windows\erdnt
2014-01-01 00:02 - 2014-01-01 00:03 - 05160176 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2013-12-31 21:42 - 2013-12-31 21:42 - 00000512 _____ C:\PhysicalMBR.bin
2013-12-31 17:36 - 2013-12-31 17:36 - 00000000 ____D C:\_OTL
2013-12-31 17:21 - 2014-01-01 09:23 - 00000000 ____D C:\AdwCleaner
2013-12-31 15:56 - 2013-12-31 15:56 - 01233962 _____ C:\Users\Laptop\Downloads\AdwCleaner.exe
2013-12-31 01:29 - 2013-12-31 01:29 - 00035056 _____ C:\Users\Laptop\Downloads\Extras.Txt
2013-12-31 01:23 - 2014-01-01 09:49 - 00072696 _____ C:\Users\Laptop\Downloads\OTL.Txt
2013-12-30 23:14 - 2013-12-30 23:14 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
2013-12-30 19:06 - 2013-12-30 19:07 - 00000000 ____D C:\Users\Laptop\AppData\Local\dumps
2013-12-30 01:01 - 2014-01-01 03:16 - 00004328 _____ C:\Windows\PFRO.log
2013-12-30 00:13 - 2013-12-30 00:13 - 00000871 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 01:24 - 2013-12-21 01:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 02:37 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 02:37 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 02:37 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 02:37 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 02:37 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 02:37 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 02:37 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 02:37 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 02:37 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 02:37 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 02:37 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 02:37 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 02:37 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:33 - 2013-10-30 02:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 00:33 - 2013-10-30 01:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 00:33 - 2013-10-30 00:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 00:32 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 00:32 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 00:32 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 00:32 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 00:32 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 00:31 - 2013-10-30 00:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 00:30 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

==================== One Month Modified Files and Folders =======

2014-01-01 18:07 - 2014-01-01 18:07 - 00000000 _____ C:\Users\Laptop\AppData\Roaming\system.ini
2014-01-01 18:07 - 2014-01-01 18:04 - 00000216 _____ C:\Users\Laptop\AppData\Roaming\msconfig.ini
2014-01-01 18:07 - 2014-01-01 18:02 - 00017702 _____ C:\Users\Laptop\Desktop\FRST.txt
2014-01-01 18:06 - 2012-07-18 20:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 18:05 - 2014-01-01 18:03 - 00000000 ___HD C:\ProgramData\COMHOST
2014-01-01 18:02 - 2014-01-01 18:02 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinRAR
2014-01-01 17:59 - 2014-01-01 18:05 - 00329216 __RSH C:\ProgramData\819827392234.exe
2014-01-01 17:58 - 2014-01-01 17:58 - 00000000 ____D C:\FRST
2014-01-01 17:51 - 2014-01-01 17:56 - 01064333 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
2014-01-01 17:51 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Downloads\FRST.exe
2014-01-01 17:24 - 2006-11-02 12:47 - 00005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 17:24 - 2006-11-02 12:47 - 00005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 17:20 - 2014-01-01 17:20 - 00000512 _____ C:\Users\Laptop\Documents\MBR.dat
2014-01-01 17:20 - 2014-01-01 16:23 - 00003065 _____ C:\Users\Laptop\Documents\aswMBR.txt
2014-01-01 17:17 - 2010-09-28 23:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 17:10 - 2010-10-24 09:20 - 00000000 ____D C:\ProgramData\MFAData
2014-01-01 17:06 - 2010-09-19 17:29 - 01529444 _____ C:\Windows\WindowsUpdate.log
2014-01-01 16:06 - 2014-01-01 16:00 - 00175754 _____ C:\Users\Laptop\Downloads\report.txt
2014-01-01 15:45 - 2014-01-01 15:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Laptop\Downloads\tdsskiller.exe
2014-01-01 15:43 - 2014-01-01 15:42 - 04745728 _____ (AVAST Software) C:\Users\Laptop\Downloads\aswMBR.exe
2014-01-01 13:18 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2014-01-01 13:17 - 2010-09-28 23:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 13:16 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 11:30 - 2006-11-02 13:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-01 10:58 - 2014-01-01 10:58 - 00072696 _____ C:\Users\Laptop\Desktop\OTL-after.Txt
2014-01-01 10:52 - 2014-01-01 10:52 - 00146136 _____ C:\Windows\Minidump\Mini010114-01.dmp
2014-01-01 10:52 - 2011-02-07 01:44 - 00000000 ____D C:\Windows\Minidump
2014-01-01 10:51 - 2014-01-01 10:51 - 139320433 _____ C:\Windows\MEMORY.DMP
2014-01-01 09:50 - 2014-01-01 09:50 - 00072696 _____ C:\Users\Laptop\Downloads\OTL-after.Txt
2014-01-01 09:49 - 2013-12-31 01:23 - 00072696 _____ C:\Users\Laptop\Downloads\OTL.Txt
2014-01-01 09:47 - 2006-11-02 10:33 - 00740680 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 09:26 - 2014-01-01 09:26 - 00001392 _____ C:\Users\Laptop\Desktop\Adw.txt
2014-01-01 09:23 - 2013-12-31 17:21 - 00000000 ____D C:\AdwCleaner
2014-01-01 04:52 - 2014-01-01 04:52 - 00000104 _____ C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
2014-01-01 04:50 - 2014-01-01 04:50 - 00070982 _____ C:\Users\Laptop\Desktop\OTL-before.Txt
2014-01-01 03:54 - 2010-09-27 19:21 - 00000000 ____D C:\Mirjana
2014-01-01 03:34 - 2014-01-01 03:34 - 00000495 _____ C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
2014-01-01 03:33 - 2014-01-01 03:33 - 00000536 _____ C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
2014-01-01 03:23 - 2013-09-25 21:34 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-01 03:22 - 2014-01-01 02:13 - 00000000 ____D C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
2014-01-01 03:16 - 2013-12-30 01:01 - 00004328 _____ C:\Windows\PFRO.log
2014-01-01 03:16 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\schemas
2014-01-01 02:37 - 2014-01-01 02:37 - 00001564 _____ C:\Users\Laptop\Desktop\Computer.lnk
2014-01-01 02:36 - 2014-01-01 02:36 - 00000288 _____ C:\Users\Laptop\AppData\Roaming\76278BBE.reg
2014-01-01 00:47 - 2014-01-01 00:47 - 00010970 _____ C:\ComboFix.txt
2014-01-01 00:47 - 2014-01-01 00:19 - 00000000 ____D C:\ComboFix
2014-01-01 00:47 - 2014-01-01 00:15 - 00000000 ____D C:\Qoobox
2014-01-01 00:47 - 2006-11-02 11:18 - 00000000 ___RD C:\Users\Public
2014-01-01 00:45 - 2014-01-01 00:13 - 00000000 ____D C:\Windows\erdnt
2014-01-01 00:43 - 2006-11-02 10:23 - 00000215 _____ C:\Windows\system.ini
2014-01-01 00:03 - 2014-01-01 00:02 - 05160176 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2013-12-31 21:42 - 2013-12-31 21:42 - 00000512 _____ C:\PhysicalMBR.bin
2013-12-31 17:36 - 2013-12-31 17:36 - 00000000 ____D C:\_OTL
2013-12-31 15:56 - 2013-12-31 15:56 - 01233962 _____ C:\Users\Laptop\Downloads\AdwCleaner.exe
2013-12-31 01:29 - 2013-12-31 01:29 - 00035056 _____ C:\Users\Laptop\Downloads\Extras.Txt
2013-12-30 23:14 - 2013-12-30 23:14 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
2013-12-30 21:41 - 2011-12-26 20:41 - 00000742 _____ C:\Users\Laptop\Desktop\pesme.txt
2013-12-30 19:07 - 2013-12-30 19:06 - 00000000 ____D C:\Users\Laptop\AppData\Local\dumps
2013-12-30 02:27 - 2006-11-02 12:37 - 00000000 ____D C:\Windows\twain_32
2013-12-30 00:13 - 2013-12-30 00:13 - 00000871 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-30 00:13 - 2010-11-21 01:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-21 15:43 - 2012-04-26 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 01:26 - 2013-12-21 01:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-20 02:47 - 2010-09-19 17:33 - 00000000 ____D C:\Users\Laptop
2013-12-12 21:41 - 2013-05-05 22:44 - 00000000 ___RD C:\Program Files\Skype
2013-12-12 02:47 - 2006-11-02 10:23 - 00000240 _____ C:\Windows\win.ini
2013-12-12 02:44 - 2013-07-14 01:33 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 02:40 - 2006-11-02 10:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-10 22:10 - 2012-07-18 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 22:10 - 2011-05-21 16:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 10:22 - 2008-09-12 17:29 - 00000000 ____D C:\Program Files\Google
2013-12-05 21:37 - 2011-12-27 00:21 - 00001936 _____ C:\Users\Public\Desktop\Google Chrome.lnk

Files to move or delete:
====================
C:\Users\Laptop\AppData\Roaming\system.ini
C:\ProgramData\819827392234.exe
C:\Users\Laptop\avgremover.exe
C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
C:\Users\Laptop\ccsetup236.exe
C:\Users\Laptop\mbam-setup-1.46.exe
C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
C:\Users\Laptop\SkypeSetupFull.exe
C:\Users\Laptop\winzip145.exe
C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
C:\Users\Laptop\AppData\Roaming\msconfig.ini


Some content of TEMP:
====================
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
C:\Users\Laptop\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-01 15:44

==================== End Of Log ============================

sandra_b

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-12-2013
Ran by Laptop at 2014-01-01 18:09:29
Running from C:\Users\Laptop\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

3Connect (Version: 2.0.0 - 3 Mobile Broadband)
7-Zip 4.65 (Version: - )
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (Version: 8.3.1 - Adobe Systems Incorporated)
Agere Systems HDA Modem (Version: - Agere Systems)
AVG 2014 (Version: 14.0.3658 - AVG Technologies)
AVG 2014 (Version: 14.0.4259 - AVG Technologies)
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Broadband to go (Version: 11.300.05.06.394 - Huawei Technologies Co.,Ltd)
CCleaner (Version: 2.36 - Piriform)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (Version: 1.0.1622 - CyberLink Corp.)
eircom mobile broadband (Version: 11.300.05.04.474 - Huawei Technologies Co.,Ltd)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.)
Huawei modem (Version: - )
Intel(R) Graphics Media Accelerator Driver (Version: - Intel Corporation)
Java 7 Update 7 (Version: 7.0.70 - Oracle)
Java(TM) 6 Update 39 (Version: 6.0.390 - Oracle)
Launch (Version: 1.0.0 - The TechGuys)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Mobilni Internet (Version: - Mobilni Internet)
Mozilla Firefox 26.0 (x86 en-GB) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
O2 Broadband (Version: 11.302.09.13.116 - Huawei Technologies Co.,Ltd)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation)
OSD_1.2 (Version: 1.0.0 - OEM)
Power2Go (Version: 5.6.3321a - CyberLink Corp.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5618 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version: - Realtek Semiconductor Corp.)
Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (Version: 6.3.105 - Skype Technologies S.A.)
Spare Messaging (Version: 1.00.0000 - Spare Backup, Inc)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

05-11-2013 14:36:42 Scheduled Checkpoint
07-11-2013 00:33:04 Scheduled Checkpoint
07-11-2013 22:00:23 Scheduled Checkpoint
10-11-2013 19:57:32 Scheduled Checkpoint
11-11-2013 21:03:04 Scheduled Checkpoint
14-11-2013 01:02:28 Windows Update
01-12-2013 21:06:43 Scheduled Checkpoint
12-12-2013 02:32:36 Windows Update
29-12-2013 03:13:15 Scheduled Checkpoint
29-12-2013 20:33:22 Scheduled Checkpoint
31-12-2013 17:50:07 OTL Restore Point - 31/12/2013 17:50:06
31-12-2013 21:42:30 OTL Restore Point - 31/12/2013 21:42:30

==================== Hosts content: ==========================

2006-11-02 10:23 - 2013-12-31 17:49 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {51F79D52-09F3-4927-825F-5D633AD71979} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-28] (Google Inc.)
Task: {7A5C19D4-714D-490F-A89E-D54500D02D9C} - System32\Tasks\task17135539 => C:\Users\Laptop\AppData\Local\Temp\temp1764937569.exe <==== ATTENTION
Task: {7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} - System32\Tasks\task18809524 => C:\Users\Laptop\AppData\Local\Temp\temp601693151.exe <==== ATTENTION
Task: {81CA2254-7D25-4716-97CD-2C6275E7C352} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {853B68ED-ADD2-4A05-A1D3-A2F1871D6A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-28] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-07-31 16:43 - 2008-07-31 16:43 - 00021200 _____ () C:\Program Files\The TechGuys\Launch\MVVMFramework.dll
2013-06-06 21:06 - 2007-08-23 15:39 - 00014848 _____ () C:\Program Files\Broadband to go\isaputrace.dll
2013-06-06 21:06 - 2009-04-15 09:24 - 00098304 _____ () C:\Program Files\Broadband to go\DeviceMgrPlugin.dll
2013-06-06 21:06 - 2009-04-15 09:20 - 00118784 _____ () C:\Program Files\Broadband to go\NetInfoPlugin.dll
2013-06-06 21:06 - 2009-04-15 09:17 - 00086016 _____ () C:\Program Files\Broadband to go\DialUpPlugin.dll
2013-06-06 21:06 - 2009-04-15 09:26 - 00057344 _____ () C:\Program Files\Broadband to go\ConfigFilePlugin.dll
2013-06-06 21:06 - 2009-04-15 09:06 - 00856064 _____ () C:\Program Files\Broadband to go\NDISAPI.dll
2013-06-06 21:06 - 2008-11-08 14:15 - 00151552 _____ () C:\Program Files\Broadband to go\DetectDev.dll
2013-06-06 21:06 - 2008-11-08 14:15 - 00552960 _____ () C:\Program Files\Broadband to go\atcomm.dll
2013-06-06 21:06 - 2008-11-08 14:15 - 00061440 _____ () C:\Program Files\Broadband to go\XCodec.dll
2013-06-06 21:06 - 2008-11-08 14:15 - 00061440 _____ () C:\Program Files\Broadband to go\DeviceOperate.dll
2013-06-06 21:06 - 2009-04-15 09:32 - 00135168 _____ () C:\Program Files\Broadband to go\LocaleMgrPlugin.dll
2013-06-06 21:06 - 2009-04-15 09:30 - 00032768 _____ () C:\Program Files\Broadband to go\NotifyServicePlugin.dll
2013-06-06 21:06 - 2009-04-15 09:16 - 00159744 _____ () C:\Program Files\Broadband to go\DeviceMgrUIPlugin.dll
2013-06-06 21:06 - 2007-07-31 14:50 - 00090112 _____ () C:\Program Files\Broadband to go\FileManager.dll
2013-06-06 21:06 - 2009-04-15 09:31 - 00159744 _____ () C:\Program Files\Broadband to go\SMSPlugin.dll
2013-12-05 21:37 - 2013-12-04 02:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 21:37 - 2013-12-04 02:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 21:36 - 2013-12-04 02:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 21:36 - 2013-12-04 02:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 21:36 - 2013-12-04 02:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 21:37 - 2013-12-04 02:48 - 13586896 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2013-12-21 01:26 - 2013-12-21 01:26 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-10 22:10 - 2013-12-10 22:10 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2014 01:17:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2014 10:53:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 09:26:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2008 00:03:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2008 00:07:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 04:00:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 03:24:18 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f74
Start Time: 01cf06a0a2449d56
Termination Time: 0

Error: (01/01/2014 03:18:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/01/2014 01:18:56 PM) (Source: DCOM) (User: )
Description: {7F6316B4-4D69-4765-B0A3-B2598F2FA80A}

Error: (01/01/2014 01:18:06 PM) (Source: Service Control Manager) (User: )
Description: vToolbarUpdater17.2.0%%2

Error: (01/01/2014 01:18:06 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/01/2014 11:30:05 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (01/01/2014 10:53:37 AM) (Source: Service Control Manager) (User: )
Description: vToolbarUpdater17.2.0%%2

Error: (01/01/2014 10:53:37 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/01/2014 10:52:10 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:50:55 on 01/01/2014 was unexpected.

Error: (01/01/2014 09:26:40 AM) (Source: Service Control Manager) (User: )
Description: vToolbarUpdater17.2.0%%2

Error: (01/01/2014 09:26:40 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (04/24/2008 00:03:31 AM) (Source: DCOM) (User: )
Description: {7F6316B4-4D69-4765-B0A3-B2598F2FA80A}


Microsoft Office Sessions:
=========================
Error: (01/01/2014 01:17:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D

Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D

Error: (01/01/2014 10:53:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 09:26:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2008 00:03:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2008 00:07:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 04:00:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 03:24:18 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16526f7401cf06a0a2449d560

Error: (01/01/2014 03:18:57 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe


CodeIntegrity Errors:
===================================
Date: 2014-01-01 18:07:17.324
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 18:07:16.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 18:07:15.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 18:07:14.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 18:07:12.668
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 18:07:11.512
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 18:07:10.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 18:07:08.865
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 09:36:23.395
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 09:36:22.724
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 81%
Total physical RAM: 984.18 MB
Available physical RAM: 184.77 MB
Total Pagefile: 2716.01 MB
Available Pagefile: 1051.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.64 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:138.31 GB) (Free:79.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Broadband to go) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive s: (System) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: C8FE0ADA)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=138 GB) - (Type=07 NTFS)

==================== End Of Log ============================

jsa112

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

sandra_b

Hi Jsa112,

I can't connect to internet on that laptop any more. When I started again AVG was turned off. I clicked on it, but nothing happened. I try to go to C:/Program data/AVG but i don't have permission.

Do I need to be connected to internet in order to run this script? I am typing this from another laptop which I can use temporary to download things. Or should I fix AVG before running the script?

Thank you!

jsa112

don't worry about avg for the time being

use that other PC to download the fixlist.txt and put it onto the infected PC

sandra_b

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-12-2013
Ran by Laptop at 2014-01-01 20:59:57 Run:1
Running from C:\Users\Laptop\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Laptop\LOCALS~1\Temp\msotuo.bat <===== ATTENTION
2014-01-01 18:07 - 2014-01-01 18:07 - 00000000 _____ C:\Users\Laptop\AppData\Roaming\system.ini
2014-01-01 18:05 - 2014-01-01 17:59 - 00329216 __RSH C:\ProgramData\819827392234.exe
2014-01-01 18:04 - 2014-01-01 18:07 - 00000216 _____ C:\Users\Laptop\AppData\Roaming\msconfig.ini
2014-01-01 18:03 - 2014-01-01 18:05 - 00000000 ___HD C:\ProgramData\COMHOST
2014-01-01 17:59 - 2014-01-01 18:05 - 00329216 __RSH C:\ProgramData\819827392234.exe
C:\Users\Laptop\AppData\Roaming\system.ini
C:\ProgramData\819827392234.exe
C:\Users\Laptop\AppData\Roaming\msconfig.ini
Task: {7A5C19D4-714D-490F-A89E-D54500D02D9C} - System32\Tasks\task17135539 => C:\Users\Laptop\AppData\Local\Temp\temp1764937569.exe <==== ATTENTION
Task: {7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} - System32\Tasks\task18809524 => C:\Users\Laptop\AppData\Local\Temp\temp601693151.exe <==== ATTENTION

*****************

C:\Users\Laptop\AppData\Local\temp\008e3d40.exe => No running process found
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
C:\Users\Laptop\AppData\Roaming\system.ini => Moved successfully.
C:\ProgramData\819827392234.exe => Moved successfully.
C:\Users\Laptop\AppData\Roaming\msconfig.ini => Moved successfully.
C:\ProgramData\COMHOST => Moved successfully.
"C:\ProgramData\819827392234.exe" => File/Directory not found.
"C:\Users\Laptop\AppData\Roaming\system.ini" => File/Directory not found.
"C:\ProgramData\819827392234.exe" => File/Directory not found.
"C:\Users\Laptop\AppData\Roaming\msconfig.ini" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A5C19D4-714D-490F-A89E-D54500D02D9C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A5C19D4-714D-490F-A89E-D54500D02D9C} => Key deleted successfully.
C:\Windows\System32\Tasks\task17135539 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task17135539 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} => Key deleted successfully.
C:\Windows\System32\Tasks\task18809524 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task18809524 => Key deleted successfully.

==== End of Fixlog ====

sandra_b

Shell I restart now?

jsa112

yeah and tell me how its running, hopefully that will have removed it

sandra_b

AVG fail to start I can't connect to internet.
I have downloaded AVG removal - shell I run that and install new one?

I downloaded from here:

http://www.avg.com/ww-en/utilities

Is it ok?

sandra_b

Problem is that I can uninstall AVG from Control Panel - nothing happens when I click on it.

jsa112

yep do that, when did the internet problem happen ?

jsa112

you can use this to remove avg

http://www.softpedia.com/get/Tweak/Uninstallers/AVG-Remover.shtml

sandra_b

After I sent you frst log - before fix log I shut it down. then I started again (not restart, just start).
Then AVG fail to start and I can't access the folder where it is located.
I'll try removal and let you know

sandra_b

I am going to post you the log that AVG removal tool created - does it look OK to you?
I am going to install new one, but it asks to connect to internet. I hope it is ok to connect without AVG now? I won't open any browsers.

jsa112

do this after


Right click on FRST to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.

jsa112

dont install anything yet, no need to post the avg log. do the step above first

sandra_b

"Running zap for product code {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}:01/01/2014 21:16:20.93"

C:\Users\Laptop\Desktop>C:\Users\Laptop\AppData\Local\Temp\avg-c033a478-b74a-405c-9730-6f1a94e73624.exe TW! {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} /nologo


***** Zapping data for user S-1-5-18 for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} cached package. . .
Could not delete file: C:\Windows\Installer\d15f4.msi
The process cannot access the file because it is being used by another process.


Searching for install property data for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}. . .
Removed \7BDA79B31AD34694CB018683B46A6AF6\InstallProperties
Searching for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} data in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. . .
Removed \{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}
Searching user's global config location for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} data. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Removed upgrade code '7BDA79B31AD34694CB018683B46A6AF6' at HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes
Searching for patches for product 7BDA79B31AD34694CB018683B46A6AF6 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDA79B31AD34694CB018683B46A6AF6\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDA79B31AD34694CB018683B46A6AF6 for product data. . .
Removed \Features
Removed \Patches
Removed \Usage
Removed \Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDA79B31AD34694CB018683B46A6AF6
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\7BDA79B31AD34694CB018683B46A6AF6 for product feature data. . .
Searching per-machine global config location for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} data. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 7BDA79B31AD34694CB018683B46A6AF6 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDA79B31AD34694CB018683B46A6AF6\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDA79B31AD34694CB018683B46A6AF6 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\7BDA79B31AD34694CB018683B46A6AF6 for product feature data. . .
Searching old global config location for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} data. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product 7BDA79B31AD34694CB018683B46A6AF6 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\7BDA79B31AD34694CB018683B46A6AF6 for product feature data. . .
Searching per-machine location for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} data. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Removed upgrade code '7BDA79B31AD34694CB018683B46A6AF6' at HKLM\Software\Classes\Installer\UpgradeCodes
Searching for patches for product 7BDA79B31AD34694CB018683B46A6AF6 in Software\Classes\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}. . .
Searching HKLM\Software\Classes\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6 for product data. . .
Removed \Media
Removed \Net
Removed \SourceList
Removed \Software\Classes\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6
Searching HKLM\Software\Classes\Installer\Features\7BDA79B31AD34694CB018683B46A6AF6 for product feature data. . .
Removed \Software\Classes\Installer\Features\7BDA79B31AD34694CB018683B46A6AF6
Searching for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} in per-user managed location. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product 7BDA79B31AD34694CB018683B46A6AF6 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\7BDA79B31AD34694CB018683B46A6AF6 for product feature data. . .
Searching for shared DLL counts for components tied to the product 7BDA79B31AD34694CB018683B46A6AF6. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 7BDA79B31AD34694CB018683B46A6AF6. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 client info data. . .
Removed client of component 003DACB09341D224FA6375ED6BCAC29D
Removed client of component 019D6DCC9830FE942BEF507646214642
Removed client of component 027C7C4F208E36D49A77947C93A6BE7C
Removed client of component 02D3475DA821A3C44916BDFD77F2902A
Removed client of component 030B0D1B7BA3DBD4589C3E5B2FC35CDD
Removed client of component 032661D862AC7F54AA51705383D42861
Removed client of component 03AE73B2D936C65488D20805B4DF97C7
Removed client of component 05AFA7267A7742D4DBA8CF1002690639
Removed client of component 06FA72EED76A1E11F9B98D11168807B9
Removed client of component 0817335BEE101BC47A132CC6C853050C
Removed client of component 0958544750741B549AE9266E52CD8217
Removed client of component 0AB0C2F37FEF9894C9D872712B6AAF55
Removed client of component 0B4CC547FCAFB14488075578ABE6AC00
Removed client of component 0D59DBAA68ED7DE48AACDC7285302973
Removed client of component 0D6E1289A538F7041AF021373989F7D9
Removed client of component 0E68FBB9C7BBCB4438B1AAD93B162A24
Removed client of component 0F956CAAD8A39D04BA5C963AF60AE313
Removed client of component 112615B997AF0CF4287076051A166DAF
Removed client of component 11926B6746E35284EB89A488A81AAEDE
Removed client of component 11A5E72A3C6C1234983CCB5E60EF5473
Removed client of component 121D01E5046E0C647AA9593ABAA3C803
Removed client of component 1250B690B093C3E4F99E84BA5829810F
Removed client of component 125DA4F5CC4BBF243B9F56A5AA992797
Removed client of component 130204F19BA5E494F8483C8F844585EB
Removed client of component 1302810D9A38C2F49A6FD3AC5253281A
Removed client of component 143C6102133658F428FDBCB902FFC43D
Removed client of component 14F1A0B2597DDEB4997BFF9F6AF71AA2
Removed client of component 1580EAD0E9B456C4095CEDE5706B0FC9
Removed client of component 15D0CEF43FAE16340B3F4BDA57983F30
Removed client of component 162735E4B33ABD44F87E254121F5F818
Removed client of component 170D99C3FC8781A45BDBEA5966D8C9A3
Removed client of component 1736B97F3D294D74CB2CF3A76880D9E3
Removed client of component 17B548971C3E0134FAD245E50D3E3823
Removed client of component 19768A0158855164AAC2BA58C2FEAF43
Removed client of component 198168DF455D9434C88B055D93C951FE
Removed client of component 1993C86839574DD45BD92E8E321605DA
Removed client of component 19AD0C630C80CB045A9BB10090B976AD
Removed client of component 1B280650FE06B68458276D597CA85EDC
Removed client of component 1C28AAD2D6BDFBF4B9C0DA4434F5952E
Removed client of component 1D4BA4A7392E3A4479A224109C53701E
Removed client of component 1D96A6DE8CA9AB841AA8C5745917E03A
Removed client of component 1E9AF0842D912A645AB387DCF55224AA
Removed client of component 1EA2606CACDC9B543957B7B29BC7C5A3
Removed client of component 1EB1E940B1CA3F448BCA4C17CEA5968C
Removed client of component 20DA03FE3C742E248A8DB5835C365E59
Removed client of component 21C493F576FA1C142836A4C47F9BE7AE
Removed client of component 227A84C561A4FCB42B34275B71083610
Removed client of component 23E1F04D30FBE3D42A1EA30A70F40504
Removed client of component 23E662EFBD9C30943B63359B5C432865
Removed client of component 23E715FD58DEA984283F2ABC486DA1CF
Removed client of component 23E735B1D4DAD114CAAE81671348B04F
Removed client of component 24311E6A37225F64297697145DD9B7F8
Removed client of component 24523D21C99EC374CA5F4DC243E374CC
Removed client of component 2520E86DE367C8244BEF3A186FAEE3FA
Removed client of component 25EADE91F12A3BC43AE750688F021C84
Removed client of component 28933658B2ADFB24D98CC0223F7B09B1
Removed client of component 294BAA1F4B1FE1644A6F5BCDD81E7751
Removed client of component 29A897313E2C8A44E989EF6142329EB6
Removed client of component 29D45267676B8224FAA45F37D5FD3EFE
Removed client of component 2A2C03623FAED9F4E96C811E1F76B28B
Removed client of component 2B0407540ED841A449789914A41A6668
Removed client of component 2CC639D7D71063F429EE0FEFAD74A1B3
Removed client of component 2CE8AC9E1C268664182188E0B87DE7BD
Removed client of component 2D944CD02EE67FA4C93EB299B455A791
Removed client of component 2DC753D5984B8384B8DA8196C661DCD4
Removed client of component 2DC93E3E77C679A469F22B2F7DB0A0E9
Removed client of component 2E93BF84413E08D4A9C6688322F253A7
Removed client of component 2F21CD9C39811274798A4BAE8C85F8ED
Removed client of component 3107A8D1EB7673E4F93FF0526117023F
Removed client of component 3118304BC24558549A72C2CCFA626E6A
Removed client of component 32DB5648D539A164A9B90B68CFF3C7E8
Removed client of component 33ED7A994BBB8754DB14638F896D36D3
Removed client of component 3434D62C2093DC04797E15550EA4F6A2
Removed client of component 344848DD31882FD49BC4BBC2D0DB41F6
Removed client of component 3497740298909B74BA8BA843CB4E4A11
Removed client of component 35E7F773C56946D4D813954AC0E35EC1
Removed client of component 37CBE185811AE1C4388EBB175B71A4C8
Removed client of component 3958941706B53D845908204A6B23CE60
Removed client of component 3961A18A47BB5324AA145BFC71209D86
Removed client of component 3B45F74BAC12D914A950050905D31255
Removed client of component 3B5D8DDF76CDC304B993B2E6BE2EEBAD
Removed client of component 3BAFDE2C80506B145BD3A4D66FE83ECB
Removed client of component 3C7873194CF42EA498C0A773924CF5AB
Removed client of component 3CE5C85CD618C904281DCBC1B4A1DFB8
Removed client of component 3D299224A5C620B4794036740D1DD8CB
Removed client of component 3D9F3ED53B1CAFA43B42648BB895EF93
Removed client of component 3E50E0F5227E31B4C9692FAABE07044F
Removed client of component 3E583B6FDB2573947A16C81BA5BFD079
Removed client of component 3EBBACAFEA873EE4EBF775BEABDA4DB8
Removed client of component 3F1D22CD5C854164E83BACF6BFE167B5
Removed client of component 3FF0132B8A8E43346BE1D645F3A66023
Removed client of component 402C78B217148CA4FBB82BF292039E76
Removed client of component 41869D34C2C0FB24BB0F6AD4CB36F3B5
Removed client of component 421C936DB40364544A70696FCCA6AF0A
Removed client of component 42880575DF40D6342B4D6C02576F4287
Removed client of component 44D41E65811F7BB408760448BE847397
Removed client of component 45F91B88A504156478FFD22A825BAF01
Removed client of component 464F30629EC6C794E8F18BF4C5145A37
Removed client of component 47ABA1BCEFA4011408D57CA1B85F6D0F
Removed client of component 4805B53BF1A6B344AAD7F148D10F869B
Removed client of component 48F53776BB675444CBDA040D3B91705A
Removed client of component 4A22416726B8B6B499B3697412F34582
Removed client of component 4AE07606FC567CB4FA73EDACC242C0CF
Removed client of component 4C762B8E9A924EA4894E8ADA529CED0A
Removed client of component 4CE2ED4BAC71A6C42A5C3169C32956AE
Removed client of component 4D0FEAB30221B8246BC30CA1C34A77CF
Removed client of component 4EB7C6CCEDFF9704891A608A5B900FF3
Removed client of component 4F2CE14525C93024198F620C6D51B8DB
Removed client of component 4F6C26AADFDE0F144B9B5D6505DB4C66
Removed client of component 5103F56A313CD2E458596535E73E1DF9
Removed client of component 521C63A6C65BF0947AD077CA85D5E0C0
Removed client of component 528AAAA5719DB2540B64251808055520
Removed client of component 539689B749990024F80D1DCE93CC7EA4
Removed client of component 54486E81CEF9C9249B6182AFA9E761EE
Removed client of component 54DE936E7F5822245AB1101EEEC9DEB0
Removed client of component 5508BEBA30B7E514593684C4A59DB2B3
Removed client of component 550D8EF204542CF47A1444F7F82C896C
Removed client of component 5581C31C6C52D79409F71A72DABD2BDB
Removed client of component 58870A97F1C30FF44950CF8BC5592C27
Removed client of component 58C1C29F9C5576044B25820853117E41
Removed client of component 5952616282E06534C9E2A024D2C150D2
Removed client of component 5C605206CB26CE24590B6200589C909A
Removed client of component 5C67311FB2195ED40B081EE3303D953A
Removed client of component 5CC057EE62249B64A8B2DB398EFF216B
Removed client of component 5E29EC7BE68CAC143BDC2942523F3470
Removed client of component 5F40799971E057147A8E4EE7B8ADAF0F
Removed client of component 5FC14D54BA9B55B4BB0931035A54808E
Removed client of component 605DA653F01A97B40BBE97216F0BB29C
Removed client of component 609485A502660E5409114C601E39F957
Removed client of component 60EFD1FC571CBF948B9E5DE9FAEAA429
Removed client of component 624BB461518C0F94CB88FFBA9572EEC0
Removed client of component 635A8BDBB1417E246A2DA2A681000CA5
Removed client of component 63EAE62B8178BF4488B63F7588FE7606
Removed client of component 6447070F131AE214DB84E406233E3376
Removed client of component 6468CB58E2A5BA04BB76B459D96BE698
Removed client of component 654FD6FD7F74FF047BBF46A837C689F5
Removed client of component 656BDDB1A266A7F40A533F293263BCD0
Removed client of component 656FD3C6A7E3EFB4F9E663F93B6FF3F9
Removed client of component 671E5A2686CD4174A96325F252161B32
Removed client of component 679DBB467F3964A40B7A4B8E6C00B92C
Removed client of component 679EF077FD9A35D49AC6A389FDDBB345
Removed client of component 6875890B4B1EB4B48B7CD97D5BA9F9F1
Removed client of component 6956878232AC7A44AA8B267A79811FA9
Removed client of component 69A6F144A153F364499AD9E627047D55
Removed client of component 6A93A02ADE963AB4EA3963505708CD0D
Removed client of component 6BA6F96819F8470439D8D52879235EA1
Removed client of component 6C119490142FAD046A599B72B8192015
Removed client of component 6C52FB974CDEE5A46A91901A86715672
Removed client of component 6C8E845A1F4ECE841997FF7FE5540F92
Removed client of component 6F41F9934D1EE594AA13B115836A5AE5
Removed client of component 701C047C78925CF4BA13D63FB4BEF156
Removed client of component 725C7A427990F9D41A64CB4791162A3A
Removed client of component 7283A35AD7AA84F4AA82587F9EAD6275
Removed client of component 75619BD490AAF2C40BEFED3C5F21F27D
Removed client of component 759CD54ED64971649BB1D7BF25E4E813
Removed client of component 76775FC731E0873419FA2178219A612B
Removed client of component 76A77C56381948D4BBB885C5C27E2E76
Removed client of component 7831E34F306CF3B4385B4A21D7C7EFF9
Removed client of component 78FC5F53088CCFA4FA6C6A6E0E32BFA7
Removed client of component 7A63B484BC06A9F4A838A24633672248
Removed client of component 7AB633B85A12D8548B626C28C75B5A4B
Removed client of component 7AE8A4C6FA6F1144EB0A7F8EDC02E54C
Removed client of component 7B2F0B76E1570C3448A4A7742FFFEB9E
Removed client of component 7B8CD8CE9A63B5F40BD50B14D21B5344
Removed client of component 7CDFD764AF40A4F40861F7A14601FD16
Removed client of component 7CFC371DA037B5046BB80C9CAB41FFED
Removed client of component 7D7F109C2D9DA16409481062B5920528
Removed client of component 7F2195191CEF3C24693DF3C8D16CB932
Removed client of component 7F7E60C8284EDD741874FC4AEA1EFE41
Removed client of component 8059EF54980851B49974AF1D327398BA
Removed client of component 80E2C898EE900CC4EBAE6EC804996A73
Removed client of component 8210034744FD2914EBB2659E8ECBD7F7
Removed client of component 82B4CB870A8CD27419F6DB8D16EFCEFE
Removed client of component 830A55BE899B01C44BBFAE5712F6C4B5
Removed client of component 83964F2D8053DFD42A0A1FBAB20C4371
Removed client of component 83E922B0150D1AE4298388B40B4D2C30
Removed client of component 84C197CBE2D2AF74495BCFFE1CBA2BC1
Removed client of component 8522735B715FF9646A75E84257E915D9
Removed client of component 85BF9D7E4F676984CAFAAFB20F4D5FE0
Removed client of component 85D574270999EE94086CD4B30E819F47
Removed client of component 85EC1D8B7BE494A4A9DE14D2271176C6
Removed client of component 86E12799030AE2F40B4F5DDADCB061B0
Removed client of component 871FCE025568BB1468C1D39235630C79
Removed client of component 8727F171D840B9F4F8FFF4B164365B0D
Removed client of component 87B564C177E0BE54BB972C2B384611DE
Removed client of component 884EEF98BA55AFF4588444169FC94135
Removed client of component 8887837B4F0847A459EAC26B33E2BF7B
Removed client of component 8A04B02DB6821D142A61298817670BD1
Removed client of component 8A375CE46E2775E4D868F9EFC08A3E4A
Removed client of component 8B4D9423A4CE8E143898292C762029DD
Removed client of component 8B5BC1C170CABFA4D85081BEEA06E6A9
Removed client of component 8C2E657456ED1984BB6C1C5183A8C8F4
Removed client of component 8CC88827D720A8640B39141AE7548DDB
Removed client of component 8D3C17FB35F3ACA41AAA91894C690638
Removed client of component 8D7386A606C4D5D45ABFD54C565F04CB
Removed client of component 8D90F2D0F770F544D909FA9F0511E0F9
Removed client of component 8E9D40AB6EE535040BC15A009861EEE8
Removed client of component 8EA7E5CD887B88C4C8B1A88EA9EF7E7D
Removed client of component 8EE5CE7E4D014A24BA92094AAEB35D39
Removed client of component 8FFB5185772C1BF41B0C7551346671DD
Removed client of component 90AA7B13B3A32E047A5317B0F156B9EE
Removed client of component 915B43CD22A990A4CA5780D379B2D127
Removed client of component 917BDB8D9B59B164798D001D1B48AA5D
Removed client of component 917C67D9BD30C264B8C3B138CD9B5DD9
Removed client of component 91975046B981F2A4DA138797B3131B85
Removed client of component 93F89FA5CEDA5414AA9B4A4C6BDED02B
Removed client of component 9438C12B5E177394293C8595D010F18F
Removed client of component 961294F76542D2D428C51933F45EFD0A
Removed client of component 964A33E77500CC34B8D3F5DEAD6212A6
Removed client of component 96D113D2C113AB94AAA517A76B84D4C8
Removed client of component 98E80A6CE9FA94F45B296DA261564FEF
Removed client of component 98EF22373F469D341A70C5AF10B012C6
Removed client of component 9B618C1E60FA66045865E3205C388624
Removed client of component 9B61C5D3160AE7C4DA29050A8AD3CC92
Removed client of component 9C1BA1C806590894EBF9CE4E7BC456C3
Removed client of component 9C60C99396F43BC41A781845CF9F3BE6
Removed client of component 9CF8B479511867147A4102AE77C2AA10
Removed client of component 9E39ABF2EC3247C49A382D984DB78622
Removed client of component 9F7D003A4C74E8E4490EDE8BD86C0A0A
Removed client of component A0824B094F51E7E41BFD0AF90A9CE633
Removed client of component A11187FA89AD8394287CFD2CB071DD2F
Removed client of component A169FC6F5B33BFF4389DBBFC9D40F9A7
Removed client of component A1DDD0BD4FEBE9F4789BBD2A48F89DCC
Removed client of component A23FE14B5B245794589AD97950AAD2F8
Removed client of component A2B4F39C5B6F9374CA926CDE194C0D9C
Removed client of component A3AF548DE6643B2498E0100590EAA0A8
Removed client of component A4A90605B01B67B4AADADD7F26826E53
Removed client of component A5EFD6C72C40E534C9EF8B6D4A0B0B86
Removed client of component A6B14596E83E013449DB9EC7844D9E62
Removed client of component A73F5A4BF80CF2E4CB1F213802A925FC
Removed client of component A754AE0AE1C52EC498470B0914896271
Removed client of component A7E5F875B0C626D45AFAFEBFAD92B3D8
Removed client of component AA08BB493F1FE4D4989938D60D476DFD
Removed client of component ABFA16D808E59734B8D958D17860E418
Removed client of component AD0214EBBAB58D14FB61017894F1CBD3
Removed client of component ADE21E5C0B17A914AA051E1145F81AD8
Removed client of component ADF6B64A39E5F264BA2504E5611ABCB1
Removed client of component AF56F2F4D3FA99E4B8B9684D3B9FA998
Removed client of component B0DE7004B5DA2D74BA4F8E32F70C88A4
Removed client of component B188C5D62A5D5554D82A085502AD428D
Removed client of component B2E7C13409C24AB478DEB358022B60B3
Removed client of component B3485883A8E71E34B8BC9B8AFAB208A6
Removed client of component B39530A550A53C64984B643532F9A624
Removed client of component B3F4924CDBAC6E54B9CA02F36EDA1097
Removed client of component B64552107FD914B449CD3E4B548DF4CA
Removed client of component B650FB65012D5B94F901706F3053D050
Removed client of component B6D0804A314D9794CB2DC1CA9447CC87
Removed client of component B779F7A2943FC6F4BA775B43893566A4
Removed client of component B81D3F89B8E181F4392AE7E09F442D98
Removed client of component B8E38A0C875F67046A612609185B51CD
Removed client of component B92BAAC16586D264EA21412030CDFDF9
Removed client of component B949150D9C99A2C46BD35A4D4513E928
Removed client of component BA592DD5801166A4783B2ABB7DFCAAEA
Removed client of component BBFEF3221A429D843A78B92D22C67516
Removed client of component BD2B62E916116C0428427FB7151B2934
Removed client of component C115007211C1E7541A87010681E9293B
Removed client of component C18BE537A267FA84F830D74B09B61EB5
Removed client of component C1B0B4BD5E4E9C140BC05BCDD7D62650
Removed client of component C2CCFFEAC77E4964093102C0E214D690
Removed client of component C2E44BF9D8785574B82B31975CBDD55B
Removed client of component C35C96E5318F87943BA2C7FF213600DF
Removed client of component C4510237E76B4AB48B7745003B5EE7FB
Removed client of component C578AEDF79545DC4FA7732DF49328387
Removed client of component C592FDC18B833C4408CA695E805DC7CC
Removed client of component C5B4D3C1056FEDE4F95BD77B9A57883F
Removed client of component C628190E7ED52444D893E0F3B47B7D05
Removed client of component C637BB50A17037A4BAE009DE9BC69F26
Removed client of component C6A7BA118CFC52A44909A0A61D383D2E
Removed client of component C758BF4D52D046247BCC050EFA4268F5
Removed client of component C86ECB0254D2EA0459006533318ADEC5
Removed client of component C92DFE61F97EA4E4EBE3148B852F4184
Removed client of component CA51165322F7379488F13166D55C0589
Removed client of component CBAA1F4125BA4774A98AF795628BAE1C
Removed client of component CC77A605D1DBFCE4BBC5EC60E85884DB
Removed client of component CD23AAA257CE4154B9100C07C7A16CE0
Removed client of component CD82E369DC0CBC14296A09E49A627E74
Removed client of component CF163BC562949F64689449A9BABDAAAE
Removed client of component D01F0BE85A9772D42B0E74095F0C8D28
Removed client of component D05431EB880834344AF50EFB3D7C82D4
Removed client of component D2FD539E0FDD6B24E85F7C905980CD3A
Removed client of component D3CE37D9CFFFF6444B6A5C70F9ACDA36
Removed client of component D6A513C5405ACA3488AFDDFAF7FD3B60
Removed client of component D78F64769AB6A8045B0DABF06D587428
Removed client of component D7A7EA6353183174F8C4B01101F30F9F
Removed client of component D7EBAC522A7713B4F914293B55FFD01A
Removed client of component D9B31D81F4D0A2D4BABB2B9629A34864
Removed client of component D9C08DEDA66394B43931B6659B0CCA85
Removed client of component D9EEE8E3E726D0B418C54641D93DFB58
Removed client of component DA4BBCFE1E541324683E3F51F6261BF6
Removed client of component DB58CEE8BF737534DB601050A92A2CB6
Removed client of component DBBEA02C5416932448CA1C638F0A2FC6
Removed client of component DC5AA9E7B1949194288FAAF038800A45
Removed client of component DE8E0966D77D625488B0098AA84D3EA7
Removed client of component DF9213F23D92CE0428F20FFCEF3B5DA7
Removed client of component E3D4B6373899A6348BD4CA35349EB05F
Removed client of component E57DAFE4B5BBD3B4CA68718C36F1EAFC
Removed client of component E71B47F3C43642F4E9CCA42E49EB20A9
Removed client of component E72C9A94447E454458826F9C868B56CF
Removed client of component E9952EB11D12A744BA39916FDD0AA194
Removed client of component EA27225FFDF2795408752A64623D29C8
Removed client of component EB06BD404D6EB77448B48C83D896EEAE
Removed client of component EB0D5A0E3774A00418837869F2BF994D
Removed client of component EC7E7AE3F2B2E7F458439A44586357C8
Removed client of component ED008D54A0A6EFE46AD71916B57D6456
Removed client of component EDCF07883D3DBFF45B0975C777C72C40
Removed client of component EE30CAF1CC0336C4794F78416D385089
Removed client of component EEC2AF5E4944A4247B34F4194B93F590
Removed client of component EF16F1D5F59B3314A8E0E40F356E3BD0
Removed client of component EF6A6E4CC534DDB448C30B580F09BF04
Removed client of component F2D4F2DCECB7373458FC26FDAAAF3CA0
Removed client of component F325D7BB7989D8F4D876651E5811E2A6
Removed client of component F3E1445D12DC4E24C95C6F285418EB9D
Removed client of component F56AFC852A30654418BC16C5210A79FB
Removed client of component F5BE904EDB27C2040ABBD98C2DC92170
Removed client of component F5D2DBB4F91C46543BC47161133ACA85
Removed client of component F6659B2B6CBE121408E2145D7F9CFBA1
Removed client of component F90929B552959724E88DE687FDA596C9
Removed client of component F90F221982E38F54C94EA836D167B4F5
Removed client of component F91F9D38A6E8BE641A615DE460EC9877
Removed client of component F9C0C8D8BAA8A7C4AA144B5125AB7F7A
Removed client of component FA19CEB8B751F644D90141FA48E92E81
Removed client of component FA1C54E1AEB2213419544FADAA8B30D3
Removed client of component FA58C0EAFF729D1489AC20086AFC9A25
Removed client of component FA6D43A07B7C18D48B55E235CDDFF894
Removed client of component FAAD009E1CDE20E47B9E20950884B35E
Removed client of component FB6AF74955D4C804896834D35A77C457
Removed client of component FF490D268516ABE4F85EEB97FE67903E
Removed client of component FFBE0AD2B8A30A54294B6BC63339CE55
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 client info data. . .
Searching for Installer files and folders associated with the product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder
Removed file: C:\Windows\Installer\$PatchCache$\Managed\7BDA79B31AD34694CB018683B46A6AF6\14.0.4259\safeguard.exe
Removed folder: C:\Windows\Installer\$PatchCache$\Managed\7BDA79B31AD34694CB018683B46A6AF6\14.0.4259
Removed folder: C:\Windows\Installer\$PatchCache$\Managed\7BDA79B31AD34694CB018683B46A6AF6
FAILED to clear all data.
"Running zap for product code {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}:01/01/2014 21:16:23.33"

C:\Users\Laptop\Desktop>C:\Users\Laptop\AppData\Local\Temp\avg-c033a478-b74a-405c-9730-6f1a94e73624.exe TW! {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} /nologo


***** Zapping data for user S-1-5-18 for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} cached package. . .
Removed file: C:\Windows\Installer\e1073c.msi
Searching for install property data for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Removed \BAEFEA94B01AE8E45B772278CA2A8BFA\InstallProperties
Searching for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. . .
Removed \{49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}
Searching user's global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Removed upgrade code 'BAEFEA94B01AE8E45B772278CA2A8BFA' at HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Removed \Features
Removed \Patches
Removed \Usage
Removed \Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching per-machine global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching old global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching per-machine location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Classes\Installer\UpgradeCodes...
Removed upgrade code 'BAEFEA94B01AE8E45B772278CA2A8BFA' at HKLM\Software\Classes\Installer\UpgradeCodes
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Classes\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Removed \Media
Removed \Net
Removed \SourceList
Removed \Software\Classes\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA
Searching HKLM\Software\Classes\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Removed \Software\Classes\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA
Searching for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} in per-user managed location. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching for shared DLL counts for components tied to the product BAEFEA94B01AE8E45B772278CA2A8BFA. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product BAEFEA94B01AE8E45B772278CA2A8BFA. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA client info data. . .
Removed client of component 693BC5DC9FF71574B87DD599AF3E300C
Removed client of component A9C098029425A694BBF981F10841469F
Removed client of component AC395BE4B2B8635489A419917C137F01
Removed client of component D4CEAD7A152772141BBD7E21B03D8469
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA client info data. . .
Searching for Installer files and folders associated with the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder


***** Zapping data for user S-1-5-18 for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} cached package. . .
Searching for install property data for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching user's global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching per-machine global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching old global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching per-machine location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Classes\Installer\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Classes\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Classes\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} in per-user managed location. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching for shared DLL counts for components tied to the product BAEFEA94B01AE8E45B772278CA2A8BFA. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product BAEFEA94B01AE8E45B772278CA2A8BFA. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA client info data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA client info data. . .
Searching for Installer files and folders associated with the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder

sandra_b

Ok I'll run your removal and let you know