Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hjacked by Search.gboxapp.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 16th, 2012, 8:40 am

https://www.virustotal.com/file/868aefd ... tector.dll
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm
Advertisement
Register to Remove

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 16th, 2012, 8:46 am

Hello,

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Users\Erik The Red\AppData\Local\Babylon\Setup\Babylon.dat moved successfully.
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\babylon48.png moved successfully.
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll moved successfully.
C:\ProgramData\Babylon folder moved successfully.
File\Folder C:\Users\All Users\Babylon not found.
C:\Users\Erik The Red\AppData\Local\Babylon\Setup\searchplugins folder moved successfully.
C:\Users\Erik The Red\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Erik The Red\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Erik The Red\AppData\Local\Babylon folder moved successfully.
C:\Users\Erik The Red\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows\IETldCache folder moved successfully.
C:\Users\Erik The Red\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows folder moved successfully.
C:\Users\Erik The Red\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft folder moved successfully.
C:\Users\Erik The Red\AppData\LocalLow\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Users\Erik The Red\AppData\LocalLow\BabylonToolbar folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Erik The Red\Desktop\cmd.bat deleted successfully.
C:\Users\Erik The Red\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Erik The Red
->Temp folder emptied: 982950 bytes
->Temporary Internet Files folder emptied: 9574676 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08162012_064312

Files\Folders moved on Reboot...
C:\Users\Erik The Red\AppData\Local\Temp\Low\REG5475.tmp moved successfully.
C:\Users\Erik The Red\AppData\Local\Temp\Low\REG90D9.tmp moved successfully.
C:\Users\Erik The Red\AppData\Local\Temp\Low\~DF3E070BE704700EF5.TMP moved successfully.
C:\Users\Erik The Red\AppData\Local\Temp\Low\~DFC0E4A12438BB33FD.TMP moved successfully.
C:\Users\Erik The Red\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Erik The Red\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{10F4E782-F19E-4770-9343-082B6F631808}.tmp not found!
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5BED7C8A-5BEC-4F14-A062-6C14FB1C4813}.tmp moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D01B8511-3B60-41FA-813A-5325C2AC2826}.tmp moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FACA88D7-7B18-45AA-9CA8-25ECC2C32055}.tmp moved successfully.

PendingFileRenameOperations files...
File C:\Users\Erik The Red\AppData\Local\Temp\Low\REG5475.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\REG90D9.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\~DF3E070BE704700EF5.TMP not found!
File C:\Users\Erik The Red\AppData\Local\Temp\Low\~DFC0E4A12438BB33FD.TMP not found!
File C:\Users\Erik The Red\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Erik The Red\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{10F4E782-F19E-4770-9343-082B6F631808}.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5BED7C8A-5BEC-4F14-A062-6C14FB1C4813}.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D01B8511-3B60-41FA-813A-5325C2AC2826}.tmp not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FACA88D7-7B18-45AA-9CA8-25ECC2C32055}.tmp not found!

Registry entries deleted on Reboot...
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 16th, 2012, 8:53 am

Update on computer performance:

The computer still seems to be hijacked by the Search.gboxapp.com search engine. I can't change my homepage to anything other than this.

I would say the computer seems a bit faster and more responsive and I haven't noticed any new problems.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 16th, 2012, 10:39 am

Hi,
Run another OTL scan for me please.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, one Notepad file will open.
    • OTL.txt <-- Will be opened
    • Please post the contents of this Notepad file in your next reply.

    Next.

    Download TDSSKiller and save it to your Desktop.

    • Right click TDSSKiller.exe and select " Run as administrator " to run it.
    • Under Additional Options check Verify file digital signatures
    • IMPORTANT: Ensure Detect TDLFS file system remains UNchecked.
    • Click Start scan and allow it to scan for Malicious objects.

      • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
      • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
      • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue

      DO NOT change the default actions.

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
    • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
      for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
    • If no reboot is required, click on Report. A log file should appear.
    • Please post the contents in your next reply


    Logs/Information to Post in your Next Reply

    • OTL.txt.
    • TDSSKiller log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 16th, 2012, 7:17 pm

OTL logfile created on: 8/16/2012 5:11:32 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.11% Memory free
7.50 Gb Paging File | 5.98 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 489.20 Gb Free Space | 84.00% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
PRC - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
PRC - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
PRC - [2012/06/13 19:52:05 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/07 14:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/02/05 13:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/24 19:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 19:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 16:22:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:22:51 | 002,074,208 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
MOD - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
MOD - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/29 16:21:38 | 002,004,472 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll
MOD - [2012/06/13 19:52:05 | 011,742,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012/06/13 19:52:05 | 008,227,560 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012/06/13 19:52:05 | 002,554,088 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012/06/13 19:52:05 | 002,430,184 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012/06/13 19:52:05 | 002,297,576 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012/06/13 19:52:05 | 002,267,368 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012/06/13 19:52:05 | 001,298,152 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012/06/13 19:52:05 | 000,979,176 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012/06/13 19:52:05 | 000,343,784 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012/06/13 19:52:05 | 000,224,488 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012/06/13 19:52:05 | 000,200,424 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012/06/13 19:52:05 | 000,195,304 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012/06/13 19:52:05 | 000,105,192 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012/06/13 19:52:05 | 000,030,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2012/05/31 11:25:42 | 000,379,392 | ---- | M] () -- c:\Program Files (x86)\SProtector\sprotector.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 20:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/08/15 06:53:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe -- (bProtector)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 12:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 16:36:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/11 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/29 23:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/06/19 02:21:54 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.theglobeandmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
IE - HKCU\..\SearchScopes\{5CCE306A-31A7-4BD2-A765-851298E737E9}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA395CA396
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F2611222-4229-4FC8-B7EF-82E20D14C6BF}&mid=47e58320959147d09570d16f6bcbcaef-8b313f9efaddc80e9418f5e2b827a7797b54bff4&lang=en&ds=AVG&pr=fr&d=2012-06-18 16:48:23&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQxAO6fBC&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\20\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/08/14 17:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 18:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:22:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension

[2012/05/16 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT28019 ... hSource=48
CHR - Extension: No name found = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKLM..\RunOnce: [TheBflixUpdater] C:\ProgramData\TheBflixUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 17:12:38 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Erik The Red\Desktop\tdsskiller.exe
[2012/08/15 17:14:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/14 17:13:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 17:03:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2012/08/11 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/08/11 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\PackageAware
[2012/08/07 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2012/08/06 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/06 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2012/08/04 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/07/30 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games

========== Files - Modified Within 30 Days ==========

[2012/08/16 17:15:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 17:15:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 17:12:38 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Erik The Red\Desktop\tdsskiller.exe
[2012/08/16 17:08:51 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/08/16 17:08:51 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/08/16 17:08:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 17:08:50 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/16 17:08:25 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/16 17:08:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 17:08:17 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 17:40:14 | 000,165,376 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/15 17:34:58 | 000,429,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 17:26:27 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 17:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 21:29:28 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/07 15:38:22 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/07/29 10:42:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 10:42:05 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 10:42:05 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/08/15 17:40:14 | 000,165,376 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 19:56:12 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/11 19:56:05 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/11 19:56:05 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/11 19:56:04 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 19:09:01 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/29 16:22:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/16 17:38:01 | 000,000,089 | ---- | C] () -- C:\Windows\ka.ini
[2011/07/11 20:10:22 | 000,001,121 | ---- | C] () -- C:\Users\Erik The Red\Documents - Shortcut.lnk
[2011/02/09 20:59:56 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/27 20:41:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/05 07:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/09/05 04:59:03 | 000,000,194 | ---- | C] () -- C:\Windows\QUICKEN.INI

========== LOP Check ==========

[2012/07/15 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar
[2012/08/07 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2011/07/29 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Atari
[2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\AVG2012
[2012/07/30 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2011/12/28 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Canon
[2012/05/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\CasualForge
[2012/08/04 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/01/28 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dora's Ballet Adventures
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2011/08/02 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\funkitron
[2010/11/06 12:11:42 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Gamelab
[2010/12/18 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Happyville__
[2011/12/07 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\ICAClient
[2011/04/29 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Ladia Group
[2010/12/20 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Lonely Troops
[2011/07/02 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Media Get LLC
[2010/09/05 01:43:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\OEM
[2011/05/29 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PlayFirst
[2010/09/05 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PowerCinema
[2012/08/06 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2010/10/16 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Valusoft
[2011/12/10 15:40:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\VC 2 Paradise Resort
[2011/12/03 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Virtual City
[2012/05/12 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\WildTangent
[2011/04/30 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\YoudaGames
[2012/08/16 17:08:25 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012/04/21 10:11:59 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/08/14 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/08/16 17:08:50 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/08/16 17:08:51 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterLogonTask.job
[2012/08/16 17:08:51 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterRefreshTask.job

========== Purity Check ==========



< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 16th, 2012, 7:17 pm

OTL logfile created on: 8/16/2012 5:11:32 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.11% Memory free
7.50 Gb Paging File | 5.98 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 489.20 Gb Free Space | 84.00% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
PRC - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
PRC - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
PRC - [2012/06/13 19:52:05 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/07 14:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/02/05 13:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/24 19:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 19:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 16:22:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:22:51 | 002,074,208 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
MOD - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
MOD - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/29 16:21:38 | 002,004,472 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll
MOD - [2012/06/13 19:52:05 | 011,742,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012/06/13 19:52:05 | 008,227,560 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012/06/13 19:52:05 | 002,554,088 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012/06/13 19:52:05 | 002,430,184 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012/06/13 19:52:05 | 002,297,576 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012/06/13 19:52:05 | 002,267,368 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012/06/13 19:52:05 | 001,298,152 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012/06/13 19:52:05 | 000,979,176 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012/06/13 19:52:05 | 000,343,784 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012/06/13 19:52:05 | 000,224,488 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012/06/13 19:52:05 | 000,200,424 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012/06/13 19:52:05 | 000,195,304 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012/06/13 19:52:05 | 000,105,192 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012/06/13 19:52:05 | 000,030,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2012/05/31 11:25:42 | 000,379,392 | ---- | M] () -- c:\Program Files (x86)\SProtector\sprotector.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 20:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/08/15 06:53:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe -- (bProtector)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 12:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 16:36:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/11 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/29 23:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/06/19 02:21:54 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.theglobeandmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
IE - HKCU\..\SearchScopes\{5CCE306A-31A7-4BD2-A765-851298E737E9}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA395CA396
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F2611222-4229-4FC8-B7EF-82E20D14C6BF}&mid=47e58320959147d09570d16f6bcbcaef-8b313f9efaddc80e9418f5e2b827a7797b54bff4&lang=en&ds=AVG&pr=fr&d=2012-06-18 16:48:23&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQxAO6fBC&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\20\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/08/14 17:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 18:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:22:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension

[2012/05/16 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT28019 ... hSource=48
CHR - Extension: No name found = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKLM..\RunOnce: [TheBflixUpdater] C:\ProgramData\TheBflixUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 17:12:38 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Erik The Red\Desktop\tdsskiller.exe
[2012/08/15 17:14:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/14 17:13:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 17:03:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2012/08/11 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/08/11 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\PackageAware
[2012/08/07 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2012/08/06 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/06 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2012/08/04 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/07/30 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games

========== Files - Modified Within 30 Days ==========

[2012/08/16 17:15:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 17:15:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 17:12:38 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Erik The Red\Desktop\tdsskiller.exe
[2012/08/16 17:08:51 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/08/16 17:08:51 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/08/16 17:08:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 17:08:50 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/16 17:08:25 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/16 17:08:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 17:08:17 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 17:40:14 | 000,165,376 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/15 17:34:58 | 000,429,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 17:26:27 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 17:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 21:29:28 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/07 15:38:22 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/07/29 10:42:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 10:42:05 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 10:42:05 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/08/15 17:40:14 | 000,165,376 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 19:56:12 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/11 19:56:05 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/11 19:56:05 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/11 19:56:04 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 19:09:01 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/29 16:22:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/16 17:38:01 | 000,000,089 | ---- | C] () -- C:\Windows\ka.ini
[2011/07/11 20:10:22 | 000,001,121 | ---- | C] () -- C:\Users\Erik The Red\Documents - Shortcut.lnk
[2011/02/09 20:59:56 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/27 20:41:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/05 07:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/09/05 04:59:03 | 000,000,194 | ---- | C] () -- C:\Windows\QUICKEN.INI

========== LOP Check ==========

[2012/07/15 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar
[2012/08/07 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2011/07/29 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Atari
[2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\AVG2012
[2012/07/30 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2011/12/28 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Canon
[2012/05/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\CasualForge
[2012/08/04 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/01/28 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dora's Ballet Adventures
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2011/08/02 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\funkitron
[2010/11/06 12:11:42 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Gamelab
[2010/12/18 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Happyville__
[2011/12/07 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\ICAClient
[2011/04/29 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Ladia Group
[2010/12/20 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Lonely Troops
[2011/07/02 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Media Get LLC
[2010/09/05 01:43:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\OEM
[2011/05/29 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PlayFirst
[2010/09/05 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PowerCinema
[2012/08/06 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2010/10/16 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Valusoft
[2011/12/10 15:40:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\VC 2 Paradise Resort
[2011/12/03 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Virtual City
[2012/05/12 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\WildTangent
[2011/04/30 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\YoudaGames
[2012/08/16 17:08:25 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012/04/21 10:11:59 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/08/14 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/08/16 17:08:50 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/08/16 17:08:51 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterLogonTask.job
[2012/08/16 17:08:51 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterRefreshTask.job

========== Purity Check ==========



< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 16th, 2012, 7:17 pm

OTL logfile created on: 8/16/2012 5:11:32 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.11% Memory free
7.50 Gb Paging File | 5.98 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 489.20 Gb Free Space | 84.00% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
PRC - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
PRC - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
PRC - [2012/06/13 19:52:05 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/07 14:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/02/05 13:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/24 19:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 19:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 16:22:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:22:51 | 002,074,208 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
MOD - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
MOD - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/29 16:21:38 | 002,004,472 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll
MOD - [2012/06/13 19:52:05 | 011,742,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012/06/13 19:52:05 | 008,227,560 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012/06/13 19:52:05 | 002,554,088 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012/06/13 19:52:05 | 002,430,184 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012/06/13 19:52:05 | 002,297,576 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012/06/13 19:52:05 | 002,267,368 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012/06/13 19:52:05 | 001,298,152 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012/06/13 19:52:05 | 000,979,176 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012/06/13 19:52:05 | 000,343,784 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012/06/13 19:52:05 | 000,224,488 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012/06/13 19:52:05 | 000,200,424 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012/06/13 19:52:05 | 000,195,304 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012/06/13 19:52:05 | 000,105,192 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012/06/13 19:52:05 | 000,030,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2012/05/31 11:25:42 | 000,379,392 | ---- | M] () -- c:\Program Files (x86)\SProtector\sprotector.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 20:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/08/15 06:53:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe -- (bProtector)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 12:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 16:36:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/11 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/29 23:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/06/19 02:21:54 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.theglobeandmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
IE - HKCU\..\SearchScopes\{5CCE306A-31A7-4BD2-A765-851298E737E9}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA395CA396
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F2611222-4229-4FC8-B7EF-82E20D14C6BF}&mid=47e58320959147d09570d16f6bcbcaef-8b313f9efaddc80e9418f5e2b827a7797b54bff4&lang=en&ds=AVG&pr=fr&d=2012-06-18 16:48:23&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQxAO6fBC&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\20\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/08/14 17:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 18:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:22:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension

[2012/05/16 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT28019 ... hSource=48
CHR - Extension: No name found = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKLM..\RunOnce: [TheBflixUpdater] C:\ProgramData\TheBflixUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 17:12:38 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Erik The Red\Desktop\tdsskiller.exe
[2012/08/15 17:14:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/14 17:13:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 17:03:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2012/08/11 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/08/11 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\PackageAware
[2012/08/07 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2012/08/06 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/06 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2012/08/04 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/07/30 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games

========== Files - Modified Within 30 Days ==========

[2012/08/16 17:15:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 17:15:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 17:12:38 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Erik The Red\Desktop\tdsskiller.exe
[2012/08/16 17:08:51 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/08/16 17:08:51 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/08/16 17:08:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 17:08:50 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/16 17:08:25 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/16 17:08:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 17:08:17 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 17:40:14 | 000,165,376 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/15 17:34:58 | 000,429,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 17:26:27 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 17:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 21:29:28 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/07 15:38:22 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/07/29 10:42:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 10:42:05 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 10:42:05 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/08/15 17:40:14 | 000,165,376 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 19:56:12 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/11 19:56:05 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/11 19:56:05 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/11 19:56:04 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 19:09:01 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/29 16:22:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/16 17:38:01 | 000,000,089 | ---- | C] () -- C:\Windows\ka.ini
[2011/07/11 20:10:22 | 000,001,121 | ---- | C] () -- C:\Users\Erik The Red\Documents - Shortcut.lnk
[2011/02/09 20:59:56 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/27 20:41:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/05 07:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/09/05 04:59:03 | 000,000,194 | ---- | C] () -- C:\Windows\QUICKEN.INI

========== LOP Check ==========

[2012/07/15 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar
[2012/08/07 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2011/07/29 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Atari
[2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\AVG2012
[2012/07/30 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2011/12/28 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Canon
[2012/05/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\CasualForge
[2012/08/04 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/01/28 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dora's Ballet Adventures
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2011/08/02 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\funkitron
[2010/11/06 12:11:42 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Gamelab
[2010/12/18 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Happyville__
[2011/12/07 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\ICAClient
[2011/04/29 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Ladia Group
[2010/12/20 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Lonely Troops
[2011/07/02 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Media Get LLC
[2010/09/05 01:43:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\OEM
[2011/05/29 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PlayFirst
[2010/09/05 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PowerCinema
[2012/08/06 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2010/10/16 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Valusoft
[2011/12/10 15:40:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\VC 2 Paradise Resort
[2011/12/03 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Virtual City
[2012/05/12 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\WildTangent
[2011/04/30 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\YoudaGames
[2012/08/16 17:08:25 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012/04/21 10:11:59 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/08/14 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/08/16 17:08:50 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/08/16 17:08:51 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterLogonTask.job
[2012/08/16 17:08:51 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterRefreshTask.job

========== Purity Check ==========



< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 16th, 2012, 7:17 pm

OTL logfile created on: 8/16/2012 5:11:32 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.11% Memory free
7.50 Gb Paging File | 5.98 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 489.20 Gb Free Space | 84.00% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
PRC - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
PRC - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
PRC - [2012/06/13 19:52:05 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/07 14:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/02/05 13:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/24 19:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 19:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 16:22:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:22:51 | 002,074,208 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
MOD - [2012/07/09 16:22:51 | 001,209,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
MOD - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/29 16:21:38 | 002,004,472 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll
MOD - [2012/06/13 19:52:05 | 011,742,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012/06/13 19:52:05 | 008,227,560 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012/06/13 19:52:05 | 002,554,088 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012/06/13 19:52:05 | 002,430,184 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012/06/13 19:52:05 | 002,297,576 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012/06/13 19:52:05 | 002,267,368 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012/06/13 19:52:05 | 001,298,152 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012/06/13 19:52:05 | 000,979,176 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012/06/13 19:52:05 | 000,343,784 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012/06/13 19:52:05 | 000,224,488 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012/06/13 19:52:05 | 000,200,424 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012/06/13 19:52:05 | 000,195,304 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012/06/13 19:52:05 | 000,105,192 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012/06/13 19:52:05 | 000,030,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2012/05/31 11:25:42 | 000,379,392 | ---- | M] () -- c:\Program Files (x86)\SProtector\sprotector.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 20:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/08/15 06:53:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe -- (bProtector)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 12:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 16:36:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/11 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/29 23:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/06/19 02:21:54 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.theglobeandmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
IE - HKCU\..\SearchScopes\{5CCE306A-31A7-4BD2-A765-851298E737E9}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA395CA396
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F2611222-4229-4FC8-B7EF-82E20D14C6BF}&mid=47e58320959147d09570d16f6bcbcaef-8b313f9efaddc80e9418f5e2b827a7797b54bff4&lang=en&ds=AVG&pr=fr&d=2012-06-18 16:48:23&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQxAO6fBC&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\20\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/08/14 17:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 18:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:22:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension

[2012/05/16 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT28019 ... hSource=48
CHR - Extension: No name found = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKLM..\RunOnce: [TheBflixUpdater] C:\ProgramData\TheBflixUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d4b8dd-3d76-11e1-bf6f-00262d2f231c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 17:12:38 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Erik The Red\Desktop\tdsskiller.exe
[2012/08/15 17:14:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/14 17:13:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 17:03:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2012/08/11 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/08/11 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\PackageAware
[2012/08/07 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2012/08/06 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/06 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2012/08/04 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/07/30 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games

========== Files - Modified Within 30 Days ==========

[2012/08/16 17:15:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 17:15:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 17:12:38 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Erik The Red\Desktop\tdsskiller.exe
[2012/08/16 17:08:51 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/08/16 17:08:51 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/08/16 17:08:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 17:08:50 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/16 17:08:25 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/16 17:08:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 17:08:17 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 17:40:14 | 000,165,376 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/15 17:34:58 | 000,429,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 17:26:27 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 17:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 21:29:28 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/07 15:38:22 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/07/29 10:42:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 10:42:05 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 10:42:05 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/08/15 17:40:14 | 000,165,376 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 19:56:12 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/11 19:56:05 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/11 19:56:05 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/11 19:56:04 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 19:09:01 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/29 16:22:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/16 17:38:01 | 000,000,089 | ---- | C] () -- C:\Windows\ka.ini
[2011/07/11 20:10:22 | 000,001,121 | ---- | C] () -- C:\Users\Erik The Red\Documents - Shortcut.lnk
[2011/02/09 20:59:56 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/27 20:41:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/05 07:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/09/05 04:59:03 | 000,000,194 | ---- | C] () -- C:\Windows\QUICKEN.INI

========== LOP Check ==========

[2012/07/15 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar
[2012/08/07 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2011/07/29 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Atari
[2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\AVG2012
[2012/07/30 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[2011/12/28 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Canon
[2012/05/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\CasualForge
[2012/08/04 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/01/28 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Dora's Ballet Adventures
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2011/08/02 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\funkitron
[2010/11/06 12:11:42 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Gamelab
[2010/12/18 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Happyville__
[2011/12/07 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\ICAClient
[2011/04/29 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Ladia Group
[2010/12/20 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Lonely Troops
[2011/07/02 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Media Get LLC
[2010/09/05 01:43:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\OEM
[2011/05/29 09:06:36 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PlayFirst
[2010/09/05 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\PowerCinema
[2012/08/06 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/11 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2010/10/16 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Valusoft
[2011/12/10 15:40:17 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\VC 2 Paradise Resort
[2011/12/03 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\Virtual City
[2012/05/12 16:05:30 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\WildTangent
[2011/04/30 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Erik The Red\AppData\Roaming\YoudaGames
[2012/08/16 17:08:25 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
[2012/04/21 10:11:59 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/08/14 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/08/16 17:08:50 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/08/16 17:08:51 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterLogonTask.job
[2012/08/16 17:08:51 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\TheBflixUpdaterRefreshTask.job

========== Purity Check ==========



< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 16th, 2012, 7:23 pm

Sorry for the extra posts of the OTL Log. I appreciate all of your help. Where are you from?
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 17th, 2012, 5:49 am

Hi,
Sorry for the extra posts of the OTL Log. I appreciate all of your help.

No problem and you're welcome.
Where are you from?

I live in Ireland :)
Did you run TDSSKiller as requested, post the results of the scan in your next reply.
Also upload this file for me please, if you get a message saying it has been tested before, submit it again for testing.

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:
C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Logs/Information to Post in your Next Reply

  • TDSSKiller log.
  • Virustotal or jotti results.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 17th, 2012, 8:26 am

06:25:09.0880 4828 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
06:25:10.0301 4828 ============================================================
06:25:10.0301 4828 Current date / time: 2012/08/17 06:25:10.0301
06:25:10.0301 4828 SystemInfo:
06:25:10.0301 4828
06:25:10.0301 4828 OS Version: 6.1.7600 ServicePack: 0.0
06:25:10.0301 4828 Product type: Workstation
06:25:10.0302 4828 ComputerName: ERIKTHERED-PC
06:25:10.0302 4828 UserName: Erik The Red
06:25:10.0302 4828 Windows directory: C:\Windows
06:25:10.0302 4828 System windows directory: C:\Windows
06:25:10.0302 4828 Running under WOW64
06:25:10.0302 4828 Processor architecture: Intel x64
06:25:10.0302 4828 Number of processors: 2
06:25:10.0302 4828 Page size: 0x1000
06:25:10.0302 4828 Boot type: Normal boot
06:25:10.0302 4828 ============================================================
06:25:11.0243 4828 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:25:11.0252 4828 ============================================================
06:25:11.0252 4828 \Device\Harddisk0\DR0:
06:25:11.0252 4828 MBR partitions:
06:25:11.0252 4828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
06:25:11.0252 4828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x48CCD2B0
06:25:11.0252 4828 ============================================================
06:25:11.0278 4828 C: <-> \Device\Harddisk0\DR0\Partition2
06:25:11.0278 4828 ============================================================
06:25:11.0278 4828 Initialize success
06:25:11.0278 4828 ============================================================
06:25:23.0420 3548 ============================================================
06:25:23.0420 3548 Scan started
06:25:23.0420 3548 Mode: Manual; SigCheck;
06:25:23.0420 3548 ============================================================
06:25:24.0093 3548 ================ Scan services =============================
06:25:24.0222 3548 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
06:25:24.0328 3548 1394ohci - ok
06:25:24.0344 3548 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
06:25:24.0362 3548 ACPI - ok
06:25:24.0367 3548 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
06:25:24.0419 3548 AcpiPmi - ok
06:25:24.0523 3548 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:25:24.0536 3548 AdobeFlashPlayerUpdateSvc - ok
06:25:24.0570 3548 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
06:25:24.0590 3548 adp94xx - ok
06:25:24.0617 3548 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
06:25:24.0634 3548 adpahci - ok
06:25:24.0641 3548 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
06:25:24.0656 3548 adpu320 - ok
06:25:24.0673 3548 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:25:24.0798 3548 AeLookupSvc - ok
06:25:24.0839 3548 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys
06:25:24.0908 3548 AFD - ok
06:25:24.0937 3548 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
06:25:24.0949 3548 agp440 - ok
06:25:24.0966 3548 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
06:25:24.0988 3548 ALG - ok
06:25:25.0004 3548 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
06:25:25.0016 3548 aliide - ok
06:25:25.0020 3548 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
06:25:25.0033 3548 amdide - ok
06:25:25.0037 3548 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
06:25:25.0084 3548 AmdK8 - ok
06:25:25.0092 3548 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
06:25:25.0123 3548 AmdPPM - ok
06:25:25.0155 3548 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:25:25.0168 3548 amdsata - ok
06:25:25.0179 3548 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
06:25:25.0195 3548 amdsbs - ok
06:25:25.0209 3548 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:25:25.0220 3548 amdxata - ok
06:25:25.0232 3548 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
06:25:25.0316 3548 AppID - ok
06:25:25.0329 3548 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:25:25.0405 3548 AppIDSvc - ok
06:25:25.0440 3548 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
06:25:25.0560 3548 Appinfo - ok
06:25:25.0565 3548 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
06:25:25.0579 3548 arc - ok
06:25:25.0584 3548 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
06:25:25.0597 3548 arcsas - ok
06:25:25.0611 3548 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:25:25.0659 3548 AsyncMac - ok
06:25:25.0679 3548 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
06:25:25.0689 3548 atapi - ok
06:25:25.0713 3548 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:25:25.0764 3548 AudioEndpointBuilder - ok
06:25:25.0775 3548 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:25:25.0813 3548 AudioSrv - ok
06:25:25.0848 3548 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
06:25:25.0863 3548 AVGIDSHA - ok
06:25:25.0884 3548 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
06:25:25.0899 3548 Avgtdia - ok
06:25:25.0956 3548 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
06:25:25.0968 3548 avgwd - ok
06:25:25.0992 3548 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:25:26.0055 3548 AxInstSV - ok
06:25:26.0087 3548 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
06:25:26.0137 3548 b06bdrv - ok
06:25:26.0158 3548 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:25:26.0193 3548 b57nd60a - ok
06:25:26.0214 3548 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
06:25:26.0244 3548 BDESVC - ok
06:25:26.0262 3548 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
06:25:26.0312 3548 Beep - ok
06:25:26.0357 3548 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\Windows\System32\bfe.dll
06:25:26.0424 3548 BFE - ok
06:25:26.0456 3548 [ 7f0c323fe3da28aa4aa1bda3f575707f ] BITS C:\Windows\System32\qmgr.dll
06:25:26.0524 3548 BITS - ok
06:25:26.0546 3548 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:25:26.0566 3548 blbdrive - ok
06:25:26.0594 3548 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:25:26.0621 3548 bowser - ok
06:25:26.0725 3548 [ e43299f393be33f14c5690d968bb393a ] bProtector C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
06:25:26.0774 3548 bProtector - ok
06:25:26.0794 3548 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:25:26.0828 3548 BrFiltLo - ok
06:25:26.0832 3548 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:25:26.0848 3548 BrFiltUp - ok
06:25:26.0891 3548 [ 6b054c67aaa87843504e8e3c09102009 ] Browser C:\Windows\System32\browser.dll
06:25:26.0917 3548 Browser - ok
06:25:26.0942 3548 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:25:26.0989 3548 Brserid - ok
06:25:26.0994 3548 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:25:27.0023 3548 BrSerWdm - ok
06:25:27.0029 3548 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:25:27.0078 3548 BrUsbMdm - ok
06:25:27.0082 3548 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:25:27.0113 3548 BrUsbSer - ok
06:25:27.0119 3548 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
06:25:27.0139 3548 BTHMODEM - ok
06:25:27.0165 3548 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
06:25:27.0201 3548 bthserv - ok
06:25:27.0211 3548 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:25:27.0263 3548 cdfs - ok
06:25:27.0292 3548 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:25:27.0307 3548 cdrom - ok
06:25:27.0327 3548 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
06:25:27.0380 3548 CertPropSvc - ok
06:25:27.0390 3548 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
06:25:27.0406 3548 circlass - ok
06:25:27.0420 3548 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
06:25:27.0438 3548 CLFS - ok
06:25:27.0496 3548 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:25:27.0512 3548 clr_optimization_v2.0.50727_32 - ok
06:25:27.0534 3548 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:25:27.0547 3548 clr_optimization_v2.0.50727_64 - ok
06:25:27.0606 3548 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:25:27.0637 3548 clr_optimization_v4.0.30319_32 - ok
06:25:27.0655 3548 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:25:27.0667 3548 clr_optimization_v4.0.30319_64 - ok
06:25:27.0694 3548 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:25:27.0720 3548 CmBatt - ok
06:25:27.0739 3548 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
06:25:27.0750 3548 cmdide - ok
06:25:27.0799 3548 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\Windows\system32\Drivers\cng.sys
06:25:27.0823 3548 CNG - ok
06:25:27.0834 3548 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:25:27.0845 3548 Compbatt - ok
06:25:27.0879 3548 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
06:25:27.0912 3548 CompositeBus - ok
06:25:27.0924 3548 COMSysApp - ok
06:25:27.0983 3548 cpuz132 - ok
06:25:27.0991 3548 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
06:25:28.0004 3548 crcdisk - ok
06:25:28.0042 3548 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:25:28.0071 3548 CryptSvc - ok
06:25:28.0105 3548 [ 15c2afd86d8a58354fc100434c78b621 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
06:25:28.0133 3548 dc3d - ok
06:25:28.0163 3548 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:25:28.0224 3548 DcomLaunch - ok
06:25:28.0249 3548 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
06:25:28.0301 3548 defragsvc - ok
06:25:28.0329 3548 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:25:28.0369 3548 DfsC - ok
06:25:28.0391 3548 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
06:25:28.0461 3548 Dhcp - ok
06:25:28.0476 3548 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
06:25:28.0529 3548 discache - ok
06:25:28.0573 3548 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
06:25:28.0585 3548 Disk - ok
06:25:28.0615 3548 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:25:28.0632 3548 Dnscache - ok
06:25:28.0649 3548 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
06:25:28.0691 3548 dot3svc - ok
06:25:28.0702 3548 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
06:25:28.0750 3548 DPS - ok
06:25:28.0766 3548 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:25:28.0794 3548 drmkaud - ok
06:25:28.0831 3548 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:25:28.0857 3548 DXGKrnl - ok
06:25:28.0865 3548 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
06:25:28.0915 3548 EapHost - ok
06:25:28.0973 3548 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
06:25:29.0062 3548 ebdrv - ok
06:25:29.0083 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe
06:25:29.0130 3548 EFS - ok
06:25:29.0164 3548 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:25:29.0216 3548 ehRecvr - ok
06:25:29.0231 3548 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
06:25:29.0257 3548 ehSched - ok
06:25:29.0283 3548 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
06:25:29.0303 3548 elxstor - ok
06:25:29.0311 3548 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
06:25:29.0331 3548 ErrDev - ok
06:25:29.0371 3548 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
06:25:29.0409 3548 EventSystem - ok
06:25:29.0415 3548 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
06:25:29.0473 3548 exfat - ok
06:25:29.0493 3548 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:25:29.0542 3548 fastfat - ok
06:25:29.0581 3548 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
06:25:29.0625 3548 Fax - ok
06:25:29.0634 3548 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:25:29.0672 3548 fdc - ok
06:25:29.0683 3548 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
06:25:29.0724 3548 fdPHost - ok
06:25:29.0736 3548 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
06:25:29.0792 3548 FDResPub - ok
06:25:29.0814 3548 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:25:29.0826 3548 FileInfo - ok
06:25:29.0837 3548 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:25:29.0884 3548 Filetrace - ok
06:25:29.0901 3548 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:25:29.0915 3548 flpydisk - ok
06:25:29.0940 3548 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:25:29.0956 3548 FltMgr - ok
06:25:29.0981 3548 [ 6cd6bb45bd3e0eef6ce496bf52854ff1 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys
06:25:30.0013 3548 FlyUsb - ok
06:25:30.0059 3548 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\Windows\system32\FntCache.dll
06:25:30.0135 3548 FontCache - ok
06:25:30.0166 3548 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:25:30.0176 3548 FontCache3.0.0.0 - ok
06:25:30.0230 3548 [ a9ff65ea14e4cabfcc1bb8ece111a249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
06:25:30.0258 3548 ForceWare Intelligent Application Manager (IAM) - ok
06:25:30.0267 3548 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:25:30.0279 3548 FsDepends - ok
06:25:30.0300 3548 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:25:30.0311 3548 Fs_Rec - ok
06:25:30.0343 3548 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:25:30.0362 3548 fvevol - ok
06:25:30.0382 3548 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
06:25:30.0396 3548 gagp30kx - ok
06:25:30.0437 3548 [ 551d463e4cceb5240234da6718c93a44 ] GameConsoleService C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
06:25:30.0453 3548 GameConsoleService - ok
06:25:30.0492 3548 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
06:25:30.0504 3548 GamesAppService - ok
06:25:30.0531 3548 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
06:25:30.0577 3548 gpsvc - ok
06:25:30.0632 3548 [ 816fd5a6f3c2f3d600900096632fc60e ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
06:25:30.0667 3548 Greg_Service - ok
06:25:30.0716 3548 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:25:30.0728 3548 gupdate - ok
06:25:30.0750 3548 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:25:30.0761 3548 gupdatem - ok
06:25:30.0786 3548 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:25:30.0830 3548 hcw85cir - ok
06:25:30.0857 3548 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:25:30.0881 3548 HdAudAddService - ok
06:25:30.0899 3548 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
06:25:30.0928 3548 HDAudBus - ok
06:25:30.0932 3548 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
06:25:30.0960 3548 HidBatt - ok
06:25:30.0965 3548 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:25:30.0989 3548 HidBth - ok
06:25:31.0011 3548 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
06:25:31.0025 3548 HidIr - ok
06:25:31.0052 3548 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
06:25:31.0087 3548 hidserv - ok
06:25:31.0107 3548 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:25:31.0138 3548 HidUsb - ok
06:25:31.0160 3548 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:25:31.0195 3548 hkmsvc - ok
06:25:31.0208 3548 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:25:31.0235 3548 HomeGroupListener - ok
06:25:31.0253 3548 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:25:31.0273 3548 HomeGroupProvider - ok
06:25:31.0291 3548 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
06:25:31.0304 3548 HpSAMD - ok
06:25:31.0330 3548 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:25:31.0392 3548 HTTP - ok
06:25:31.0400 3548 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:25:31.0411 3548 hwpolicy - ok
06:25:31.0440 3548 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
06:25:31.0457 3548 i8042prt - ok
06:25:31.0483 3548 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:25:31.0501 3548 iaStorV - ok
06:25:31.0541 3548 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:25:31.0571 3548 idsvc - ok
06:25:31.0597 3548 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
06:25:31.0610 3548 iirsp - ok
06:25:31.0670 3548 [ ce1ee31fff730ca975a5535d8a71af61 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
06:25:31.0681 3548 IJPLMSVC - ok
06:25:31.0712 3548 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
06:25:31.0770 3548 IKEEXT - ok
06:25:31.0843 3548 [ bc64b75e8e0a0b8982ab773483164e72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:25:31.0877 3548 IntcAzAudAddService - ok
06:25:31.0885 3548 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
06:25:31.0898 3548 intelide - ok
06:25:31.0912 3548 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:25:31.0936 3548 intelppm - ok
06:25:31.0950 3548 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:25:31.0985 3548 IPBusEnum - ok
06:25:31.0990 3548 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:25:32.0027 3548 IpFilterDriver - ok
06:25:32.0043 3548 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:25:32.0124 3548 iphlpsvc - ok
06:25:32.0157 3548 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
06:25:32.0177 3548 IPMIDRV - ok
06:25:32.0192 3548 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:25:32.0233 3548 IPNAT - ok
06:25:32.0256 3548 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:25:32.0274 3548 IRENUM - ok
06:25:32.0279 3548 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
06:25:32.0290 3548 isapnp - ok
06:25:32.0317 3548 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
06:25:32.0333 3548 iScsiPrt - ok
06:25:32.0349 3548 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:25:32.0361 3548 kbdclass - ok
06:25:32.0369 3548 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
06:25:32.0395 3548 kbdhid - ok
06:25:32.0416 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe
06:25:32.0429 3548 KeyIso - ok
06:25:32.0454 3548 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:25:32.0467 3548 KSecDD - ok
06:25:32.0479 3548 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:25:32.0493 3548 KSecPkg - ok
06:25:32.0502 3548 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:25:32.0546 3548 ksthunk - ok
06:25:32.0560 3548 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
06:25:32.0609 3548 KtmRm - ok
06:25:32.0632 3548 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\system32\srvsvc.dll
06:25:32.0672 3548 LanmanServer - ok
06:25:32.0699 3548 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:25:32.0753 3548 LanmanWorkstation - ok
06:25:33.0015 3548 [ 24a7d535bd9e58e5bc1ac52ef7e2ec8e ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
06:25:33.0131 3548 LeapFrog Connect Device Service - ok
06:25:33.0156 3548 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:25:33.0203 3548 lltdio - ok
06:25:33.0230 3548 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:25:33.0282 3548 lltdsvc - ok
06:25:33.0300 3548 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:25:33.0337 3548 lmhosts - ok
06:25:33.0357 3548 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
06:25:33.0372 3548 LSI_FC - ok
06:25:33.0387 3548 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
06:25:33.0401 3548 LSI_SAS - ok
06:25:33.0413 3548 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:25:33.0427 3548 LSI_SAS2 - ok
06:25:33.0444 3548 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:25:33.0459 3548 LSI_SCSI - ok
06:25:33.0478 3548 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
06:25:33.0522 3548 luafv - ok
06:25:33.0542 3548 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
06:25:33.0553 3548 MBAMProtector - ok
06:25:33.0602 3548 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:25:33.0630 3548 MBAMService - ok
06:25:33.0647 3548 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:25:33.0672 3548 Mcx2Svc - ok
06:25:33.0677 3548 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
06:25:33.0693 3548 megasas - ok
06:25:33.0736 3548 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
06:25:33.0757 3548 MegaSR - ok
06:25:33.0819 3548 Microsoft SharePoint Workspace Audit Service - ok
06:25:33.0845 3548 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
06:25:33.0882 3548 MMCSS - ok
06:25:33.0886 3548 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
06:25:33.0937 3548 Modem - ok
06:25:33.0952 3548 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:25:33.0973 3548 monitor - ok
06:25:33.0992 3548 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:25:34.0004 3548 mouclass - ok
06:25:34.0019 3548 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:25:34.0033 3548 mouhid - ok
06:25:34.0041 3548 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:25:34.0053 3548 mountmgr - ok
06:25:34.0068 3548 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
06:25:34.0081 3548 mpio - ok
06:25:34.0095 3548 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:25:34.0130 3548 mpsdrv - ok
06:25:34.0154 3548 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\Windows\system32\mpssvc.dll
06:25:34.0230 3548 MpsSvc - ok
06:25:34.0255 3548 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:25:34.0285 3548 MRxDAV - ok
06:25:34.0317 3548 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:25:34.0345 3548 mrxsmb - ok
06:25:34.0375 3548 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:25:34.0395 3548 mrxsmb10 - ok
06:25:34.0408 3548 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:25:34.0435 3548 mrxsmb20 - ok
06:25:34.0451 3548 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
06:25:34.0467 3548 msahci - ok
06:25:34.0480 3548 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
06:25:34.0498 3548 msdsm - ok
06:25:34.0510 3548 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
06:25:34.0541 3548 MSDTC - ok
06:25:34.0565 3548 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:25:34.0602 3548 Msfs - ok
06:25:34.0614 3548 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:25:34.0647 3548 mshidkmdf - ok
06:25:34.0659 3548 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
06:25:34.0670 3548 msisadrv - ok
06:25:34.0691 3548 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:25:34.0733 3548 MSiSCSI - ok
06:25:34.0737 3548 msiserver - ok
06:25:34.0758 3548 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:25:34.0804 3548 MSKSSRV - ok
06:25:34.0809 3548 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:25:34.0864 3548 MSPCLOCK - ok
06:25:34.0872 3548 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:25:34.0921 3548 MSPQM - ok
06:25:34.0942 3548 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:25:34.0963 3548 MsRPC - ok
06:25:34.0974 3548 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
06:25:34.0986 3548 mssmbios - ok
06:25:34.0998 3548 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:25:35.0038 3548 MSTEE - ok
06:25:35.0043 3548 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
06:25:35.0060 3548 MTConfig - ok
06:25:35.0080 3548 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
06:25:35.0092 3548 Mup - ok
06:25:35.0108 3548 [ 6ffecc25b39dc7652a0cec0ada9db589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
06:25:35.0118 3548 mwlPSDFilter - ok
06:25:35.0129 3548 [ 0befe32ca56d6ee89d58175725596a85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
06:25:35.0138 3548 mwlPSDNServ - ok
06:25:35.0152 3548 [ d43bc633b8660463e446e28e14a51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
06:25:35.0163 3548 mwlPSDVDisk - ok
06:25:35.0206 3548 [ 22a4905c958beb68d78385b633c1351b ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
06:25:35.0222 3548 MWLService - ok
06:25:35.0253 3548 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
06:25:35.0305 3548 napagent - ok
06:25:35.0327 3548 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:25:35.0359 3548 NativeWifiP - ok
06:25:35.0397 3548 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
06:25:35.0437 3548 NDIS - ok
06:25:35.0453 3548 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:25:35.0491 3548 NdisCap - ok
06:25:35.0501 3548 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:25:35.0609 3548 NdisTapi - ok
06:25:35.0626 3548 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:25:35.0716 3548 Ndisuio - ok
06:25:35.0731 3548 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:25:35.0772 3548 NdisWan - ok
06:25:35.0789 3548 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:25:35.0834 3548 NDProxy - ok
06:25:35.0907 3548 [ 7d2633295eb6ff2b938185874884059d ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
06:25:35.0940 3548 Nero BackItUp Scheduler 4.0 - ok
06:25:35.0961 3548 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:25:36.0012 3548 NetBIOS - ok
06:25:36.0029 3548 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:25:36.0080 3548 NetBT - ok
06:25:36.0099 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe
06:25:36.0112 3548 Netlogon - ok
06:25:36.0145 3548 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
06:25:36.0185 3548 Netman - ok
06:25:36.0206 3548 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
06:25:36.0255 3548 netprofm - ok
06:25:36.0278 3548 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:25:36.0290 3548 NetTcpPortSharing - ok
06:25:36.0311 3548 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
06:25:36.0327 3548 nfrd960 - ok
06:25:36.0343 3548 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:25:36.0396 3548 NlaSvc - ok
06:25:36.0417 3548 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:25:36.0472 3548 Npfs - ok
06:25:36.0495 3548 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
06:25:36.0541 3548 nsi - ok
06:25:36.0559 3548 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:25:36.0603 3548 nsiproxy - ok
06:25:36.0625 3548 [ c04f5def37e55f6a34428b050f44d3d6 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
06:25:36.0638 3548 nSvcIp - ok
06:25:36.0694 3548 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:25:36.0754 3548 Ntfs - ok
06:25:36.0795 3548 [ 317020d31f1696334679b9d0416eb62e ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
06:25:36.0805 3548 NuidFltr - ok
06:25:36.0827 3548 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
06:25:36.0861 3548 Null - ok
06:25:36.0879 3548 [ a85b4f2ef3a7304a5399ef0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
06:25:36.0905 3548 NVENETFD - ok
06:25:36.0933 3548 [ 181e7fe39211e04128a30708906627d8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
06:25:36.0944 3548 NVHDA - ok
06:25:37.0133 3548 [ 5dcca70aab720c07cea8d4f5ea6db83d ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:25:37.0290 3548 nvlddmkm - ok
06:25:37.0318 3548 [ 956a1f47826514c1ea0c295fe13c7377 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
06:25:37.0331 3548 NVNET - ok
06:25:37.0369 3548 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:25:37.0385 3548 nvraid - ok
06:25:37.0434 3548 [ afde3015bb8d76e26bec3b287c5443a0 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
06:25:37.0465 3548 nvsmu - ok
06:25:37.0486 3548 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:25:37.0502 3548 nvstor - ok
06:25:37.0520 3548 [ 7c7eef51979658ce15bbc04f96a77d56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
06:25:37.0541 3548 nvstor64 - ok
06:25:37.0612 3548 [ 902bb5d857538cc31163009959df0116 ] nvsvc C:\Windows\system32\nvvsvc.exe
06:25:37.0644 3548 nvsvc - ok
06:25:37.0664 3548 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
06:25:37.0678 3548 nv_agp - ok
06:25:37.0682 3548 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
06:25:37.0711 3548 ohci1394 - ok
06:25:37.0760 3548 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:25:37.0777 3548 ose - ok
06:25:37.0924 3548 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:25:38.0064 3548 osppsvc - ok
06:25:38.0094 3548 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:25:38.0133 3548 p2pimsvc - ok
06:25:38.0146 3548 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
06:25:38.0178 3548 p2psvc - ok
06:25:38.0189 3548 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
06:25:38.0218 3548 Parport - ok
06:25:38.0242 3548 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:25:38.0255 3548 partmgr - ok
06:25:38.0267 3548 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:25:38.0295 3548 PcaSvc - ok
06:25:38.0313 3548 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
06:25:38.0327 3548 pci - ok
06:25:38.0416 3548 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
06:25:38.0429 3548 pciide - ok
06:25:38.0444 3548 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
06:25:38.0470 3548 pcmcia - ok
06:25:38.0482 3548 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
06:25:38.0497 3548 pcw - ok
06:25:38.0518 3548 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:25:38.0585 3548 PEAUTH - ok
06:25:38.0653 3548 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:25:38.0672 3548 PerfHost - ok
06:25:38.0714 3548 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
06:25:38.0795 3548 pla - ok
06:25:38.0827 3548 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:25:38.0889 3548 PlugPlay - ok
06:25:38.0908 3548 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:25:38.0926 3548 PNRPAutoReg - ok
06:25:38.0943 3548 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:25:38.0960 3548 PNRPsvc - ok
06:25:38.0987 3548 [ 33328fa8a580885ab0065be6db266e9f ] Point64 C:\Windows\system32\DRIVERS\point64.sys
06:25:38.0997 3548 Point64 - ok
06:25:39.0025 3548 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:25:39.0083 3548 PolicyAgent - ok
06:25:39.0108 3548 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
06:25:39.0158 3548 Power - ok
06:25:39.0185 3548 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:25:39.0231 3548 PptpMiniport - ok
06:25:39.0243 3548 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
06:25:39.0265 3548 Processor - ok
06:25:39.0293 3548 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\Windows\system32\profsvc.dll
06:25:39.0321 3548 ProfSvc - ok
06:25:39.0332 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:25:39.0345 3548 ProtectedStorage - ok
06:25:39.0361 3548 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:25:39.0404 3548 Psched - ok
06:25:39.0442 3548 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
06:25:39.0495 3548 ql2300 - ok
06:25:39.0516 3548 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
06:25:39.0529 3548 ql40xx - ok
06:25:39.0555 3548 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
06:25:39.0575 3548 QWAVE - ok
06:25:39.0586 3548 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:25:39.0619 3548 QWAVEdrv - ok
06:25:39.0624 3548 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:25:39.0670 3548 RasAcd - ok
06:25:39.0692 3548 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:25:39.0725 3548 RasAgileVpn - ok
06:25:39.0738 3548 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
06:25:39.0791 3548 RasAuto - ok
06:25:39.0802 3548 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:25:39.0838 3548 Rasl2tp - ok
06:25:39.0853 3548 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
06:25:39.0917 3548 RasMan - ok
06:25:39.0936 3548 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:25:39.0985 3548 RasPppoe - ok
06:25:39.0990 3548 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:25:40.0036 3548 RasSstp - ok
06:25:40.0050 3548 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:25:40.0090 3548 rdbss - ok
06:25:40.0104 3548 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:25:40.0125 3548 rdpbus - ok
06:25:40.0136 3548 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:25:40.0169 3548 RDPCDD - ok
06:25:40.0189 3548 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:25:40.0232 3548 RDPENCDD - ok
06:25:40.0239 3548 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:25:40.0272 3548 RDPREFMP - ok
06:25:40.0302 3548 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:25:40.0337 3548 RDPWD - ok
06:25:40.0348 3548 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:25:40.0363 3548 rdyboost - ok
06:25:40.0387 3548 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:25:40.0427 3548 RemoteAccess - ok
06:25:40.0440 3548 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:25:40.0486 3548 RemoteRegistry - ok
06:25:40.0531 3548 [ f12a68ed55053940cadd59ca5e3468dd ] RichVideo C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
06:25:40.0547 3548 RichVideo ( UnsignedFile.Multi.Generic ) - warning
06:25:40.0548 3548 RichVideo - detected UnsignedFile.Multi.Generic (1)
06:25:40.0575 3548 [ 5790bca445cc40df8b38c2c48608aac2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
06:25:40.0618 3548 RimUsb - ok
06:25:40.0636 3548 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:25:40.0682 3548 RpcEptMapper - ok
06:25:40.0715 3548 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
06:25:40.0742 3548 RpcLocator - ok
06:25:40.0771 3548 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
06:25:40.0818 3548 RpcSs - ok
06:25:40.0835 3548 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:25:40.0885 3548 rspndr - ok
06:25:40.0908 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe
06:25:40.0919 3548 SamSs - ok
06:25:40.0939 3548 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
06:25:40.0952 3548 sbp2port - ok
06:25:40.0967 3548 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:25:41.0004 3548 SCardSvr - ok
06:25:41.0015 3548 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:25:41.0068 3548 scfilter - ok
06:25:41.0104 3548 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
06:25:41.0166 3548 Schedule - ok
06:25:41.0193 3548 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
06:25:41.0227 3548 SCPolicySvc - ok
06:25:41.0243 3548 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:25:41.0270 3548 SDRSVC - ok
06:25:41.0287 3548 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:25:41.0338 3548 secdrv - ok
06:25:41.0356 3548 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
06:25:41.0397 3548 seclogon - ok
06:25:41.0414 3548 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
06:25:41.0453 3548 SENS - ok
06:25:41.0478 3548 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:25:41.0510 3548 SensrSvc - ok
06:25:41.0527 3548 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
06:25:41.0543 3548 Serenum - ok
06:25:41.0549 3548 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
06:25:41.0564 3548 Serial - ok
06:25:41.0568 3548 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
06:25:41.0592 3548 sermouse - ok
06:25:41.0614 3548 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
06:25:41.0650 3548 SessionEnv - ok
06:25:41.0657 3548 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
06:25:41.0693 3548 sffdisk - ok
06:25:41.0697 3548 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
06:25:41.0729 3548 sffp_mmc - ok
06:25:41.0733 3548 [ 5588b8c6193eb1522490c122eb94dffa ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
06:25:41.0750 3548 sffp_sd - ok
06:25:41.0756 3548 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:25:41.0774 3548 sfloppy - ok
06:25:41.0801 3548 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:25:41.0844 3548 SharedAccess - ok
06:25:41.0858 3548 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:25:41.0893 3548 ShellHWDetection - ok
06:25:41.0910 3548 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:25:41.0922 3548 SiSRaid2 - ok
06:25:41.0944 3548 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
06:25:41.0958 3548 SiSRaid4 - ok
06:25:41.0973 3548 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:25:42.0009 3548 Smb - ok
06:25:42.0024 3548 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:25:42.0043 3548 SNMPTRAP - ok
06:25:42.0047 3548 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
06:25:42.0059 3548 spldr - ok
06:25:42.0101 3548 [ 567977dc43cc13c4c35ed7084c0b84d5 ] Spooler C:\Windows\System32\spoolsv.exe
06:25:42.0141 3548 Spooler - ok
06:25:42.0207 3548 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
06:25:42.0289 3548 sppsvc - ok
06:25:42.0307 3548 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:25:42.0354 3548 sppuinotify - ok
06:25:42.0392 3548 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
06:25:42.0423 3548 srv - ok
06:25:42.0442 3548 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:25:42.0472 3548 srv2 - ok
06:25:42.0496 3548 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:25:42.0519 3548 srvnet - ok
06:25:42.0540 3548 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:25:42.0576 3548 SSDPSRV - ok
06:25:42.0583 3548 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:25:42.0624 3548 SstpSvc - ok
06:25:42.0644 3548 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
06:25:42.0656 3548 stexstor - ok
06:25:42.0682 3548 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
06:25:42.0724 3548 stisvc - ok
06:25:42.0734 3548 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
06:25:42.0746 3548 swenum - ok
06:25:42.0760 3548 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
06:25:42.0814 3548 swprv - ok
06:25:42.0853 3548 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
06:25:42.0915 3548 SysMain - ok
06:25:42.0931 3548 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:25:42.0968 3548 TabletInputService - ok
06:25:42.0984 3548 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
06:25:43.0066 3548 TapiSrv - ok
06:25:43.0082 3548 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
06:25:43.0118 3548 TBS - ok
06:25:43.0174 3548 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:25:43.0233 3548 Tcpip - ok
06:25:43.0270 3548 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:25:43.0308 3548 TCPIP6 - ok
06:25:43.0329 3548 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:25:43.0362 3548 tcpipreg - ok
06:25:43.0374 3548 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:25:43.0392 3548 TDPIPE - ok
06:25:43.0420 3548 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:25:43.0457 3548 TDTCP - ok
06:25:43.0472 3548 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:25:43.0516 3548 tdx - ok
06:25:43.0530 3548 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
06:25:43.0542 3548 TermDD - ok
06:25:43.0571 3548 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
06:25:43.0631 3548 TermService - ok
06:25:43.0639 3548 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
06:25:43.0657 3548 Themes - ok
06:25:43.0678 3548 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
06:25:43.0712 3548 THREADORDER - ok
06:25:43.0735 3548 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
06:25:43.0779 3548 TrkWks - ok
06:25:43.0817 3548 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:25:43.0847 3548 TrustedInstaller - ok
06:25:43.0865 3548 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:25:43.0908 3548 tssecsrv - ok
06:25:43.0925 3548 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:25:43.0986 3548 tunnel - ok
06:25:44.0006 3548 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
06:25:44.0018 3548 uagp35 - ok
06:25:44.0032 3548 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:25:44.0077 3548 udfs - ok
06:25:44.0098 3548 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:25:44.0113 3548 UI0Detect - ok
06:25:44.0121 3548 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
06:25:44.0135 3548 uliagpkx - ok
06:25:44.0153 3548 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:25:44.0180 3548 umbus - ok
06:25:44.0184 3548 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
06:25:44.0199 3548 UmPass - ok
06:25:44.0255 3548 [ f9ec9acd504d823d9b9ca98a4f8d3ca2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
06:25:44.0269 3548 Updater Service - ok
06:25:44.0285 3548 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
06:25:44.0341 3548 upnphost - ok
06:25:44.0368 3548 [ 7b6a127c93ee590e4d79a5f2a76fe46f ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:25:44.0404 3548 usbccgp - ok
06:25:44.0427 3548 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
06:25:44.0449 3548 usbcir - ok
06:25:44.0467 3548 [ 92969ba5ac44e229c55a332864f79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:25:44.0482 3548 usbehci - ok
06:25:44.0504 3548 [ e7df1cfd28ca86b35ef5add0735ceef3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:25:44.0531 3548 usbhub - ok
06:25:44.0552 3548 [ f1bb1e55f1e7a65c5839ccc7b36d773e ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
06:25:44.0578 3548 usbohci - ok
06:25:44.0607 3548 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:25:44.0626 3548 usbprint - ok
06:25:44.0661 3548 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
06:25:44.0683 3548 usbscan - ok
06:25:44.0704 3548 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:25:44.0720 3548 USBSTOR - ok
06:25:44.0753 3548 [ bc3070350a491d84b518d7cca9abd36f ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
06:25:44.0772 3548 usbuhci - ok
06:25:44.0789 3548 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
06:25:44.0832 3548 UxSms - ok
06:25:44.0849 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe
06:25:44.0861 3548 VaultSvc - ok
06:25:44.0878 3548 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
06:25:44.0894 3548 vdrvroot - ok
06:25:44.0922 3548 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
06:25:44.0968 3548 vds - ok
06:25:44.0980 3548 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:25:45.0000 3548 vga - ok
06:25:45.0014 3548 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
06:25:45.0057 3548 VgaSave - ok
06:25:45.0075 3548 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
06:25:45.0092 3548 vhdmp - ok
06:25:45.0096 3548 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
06:25:45.0109 3548 viaide - ok
06:25:45.0119 3548 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
06:25:45.0133 3548 volmgr - ok
06:25:45.0151 3548 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:25:45.0171 3548 volmgrx - ok
06:25:45.0178 3548 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
06:25:45.0195 3548 volsnap - ok
06:25:45.0218 3548 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:25:45.0233 3548 vsmraid - ok
06:25:45.0269 3548 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
06:25:45.0339 3548 VSS - ok
06:25:45.0446 3548 [ 8ed347bad8d1fb7c40b593bfb01786d2 ] vToolbarUpdater11.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
06:25:45.0479 3548 vToolbarUpdater11.2.0 - ok
06:25:45.0508 3548 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
06:25:45.0527 3548 vwifibus - ok
06:25:45.0550 3548 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
06:25:45.0591 3548 W32Time - ok
06:25:45.0600 3548 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:25:45.0625 3548 WacomPen - ok
06:25:45.0652 3548 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:25:45.0706 3548 WANARP - ok
06:25:45.0726 3548 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:25:45.0763 3548 Wanarpv6 - ok
06:25:45.0818 3548 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:25:45.0863 3548 WatAdminSvc - ok
06:25:45.0911 3548 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
06:25:46.0025 3548 wbengine - ok
06:25:46.0055 3548 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:25:46.0092 3548 WbioSrvc - ok
06:25:46.0119 3548 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:25:46.0166 3548 wcncsvc - ok
06:25:46.0184 3548 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:25:46.0213 3548 WcsPlugInService - ok
06:25:46.0222 3548 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:25:46.0233 3548 Wd - ok
06:25:46.0261 3548 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:25:46.0291 3548 Wdf01000 - ok
06:25:46.0302 3548 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:25:46.0326 3548 WdiServiceHost - ok
06:25:46.0329 3548 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:25:46.0350 3548 WdiSystemHost - ok
06:25:46.0410 3548 [ b1ec8c9300c58ce5e90990f71eea644c ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
06:25:46.0422 3548 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
06:25:46.0422 3548 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
06:25:46.0446 3548 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\Windows\System32\webclnt.dll
06:25:46.0472 3548 WebClient - ok
06:25:46.0487 3548 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:25:46.0540 3548 Wecsvc - ok
06:25:46.0556 3548 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:25:46.0611 3548 wercplsupport - ok
06:25:46.0632 3548 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
06:25:46.0678 3548 WerSvc - ok
06:25:46.0698 3548 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:25:46.0742 3548 WfpLwf - ok
06:25:46.0754 3548 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:25:46.0767 3548 WIMMount - ok
06:25:46.0779 3548 WinDefend - ok
06:25:46.0785 3548 WinHttpAutoProxySvc - ok
06:25:46.0833 3548 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:25:46.0877 3548 Winmgmt - ok
06:25:46.0915 3548 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
06:25:47.0017 3548 WinRM - ok
06:25:47.0061 3548 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
06:25:47.0107 3548 Wlansvc - ok
06:25:47.0120 3548 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
06:25:47.0151 3548 WmiAcpi - ok
06:25:47.0176 3548 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:25:47.0206 3548 wmiApSrv - ok
06:25:47.0230 3548 WMPNetworkSvc - ok
06:25:47.0249 3548 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:25:47.0270 3548 WPCSvc - ok
06:25:47.0283 3548 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:25:47.0309 3548 WPDBusEnum - ok
06:25:47.0322 3548 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:25:47.0355 3548 ws2ifsl - ok
06:25:47.0373 3548 [ 8f9f3969933c02da96eb0f84576db43e ] wscsvc C:\Windows\System32\wscsvc.dll
06:25:47.0395 3548 wscsvc - ok
06:25:47.0399 3548 WSearch - ok
06:25:47.0469 3548 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
06:25:47.0558 3548 wuauserv - ok
06:25:47.0575 3548 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:25:47.0630 3548 WudfPf - ok
06:25:47.0650 3548 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:25:47.0687 3548 WUDFRd - ok
06:25:47.0696 3548 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:25:47.0731 3548 wudfsvc - ok
06:25:47.0740 3548 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
06:25:47.0770 3548 WwanSvc - ok
06:25:47.0792 3548 ================ Scan global ===============================
06:25:47.0817 3548 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
06:25:47.0840 3548 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
06:25:47.0857 3548 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
06:25:47.0872 3548 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
06:25:47.0890 3548 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
06:25:47.0896 3548 [Global] - ok
06:25:47.0896 3548 ================ Scan MBR ==================================
06:25:47.0909 3548 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:25:48.0181 3548 \Device\Harddisk0\DR0 - ok
06:25:48.0184 3548 ================ Scan VBR ==================================
06:25:48.0187 3548 Boot (0x1200) (2b73b44cd2ef0d9b534db59edf0e41c7) \Device\Harddisk0\DR0\Partition1
06:25:48.0189 3548 \Device\Harddisk0\DR0\Partition1 - ok
06:25:48.0203 3548 Boot (0x1200) (11f80443508748a6708b52e1093720e7) \Device\Harddisk0\DR0\Partition2
06:25:48.0205 3548 \Device\Harddisk0\DR0\Partition2 - ok
06:25:48.0208 3548 ============================================================
06:25:48.0208 3548 Scan finished
06:25:48.0208 3548 ============================================================
06:25:48.0220 1436 Detected object count: 2
06:25:48.0220 1436 Actual detected object count: 2
06:25:52.0627 1436 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
06:25:52.0627 1436 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:25:52.0629 1436 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
06:25:52.0629 1436 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 17th, 2012, 8:28 am

06:25:09.0880 4828 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
06:25:10.0301 4828 ============================================================
06:25:10.0301 4828 Current date / time: 2012/08/17 06:25:10.0301
06:25:10.0301 4828 SystemInfo:
06:25:10.0301 4828
06:25:10.0301 4828 OS Version: 6.1.7600 ServicePack: 0.0
06:25:10.0301 4828 Product type: Workstation
06:25:10.0302 4828 ComputerName: ERIKTHERED-PC
06:25:10.0302 4828 UserName: Erik The Red
06:25:10.0302 4828 Windows directory: C:\Windows
06:25:10.0302 4828 System windows directory: C:\Windows
06:25:10.0302 4828 Running under WOW64
06:25:10.0302 4828 Processor architecture: Intel x64
06:25:10.0302 4828 Number of processors: 2
06:25:10.0302 4828 Page size: 0x1000
06:25:10.0302 4828 Boot type: Normal boot
06:25:10.0302 4828 ============================================================
06:25:11.0243 4828 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:25:11.0252 4828 ============================================================
06:25:11.0252 4828 \Device\Harddisk0\DR0:
06:25:11.0252 4828 MBR partitions:
06:25:11.0252 4828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
06:25:11.0252 4828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x48CCD2B0
06:25:11.0252 4828 ============================================================
06:25:11.0278 4828 C: <-> \Device\Harddisk0\DR0\Partition2
06:25:11.0278 4828 ============================================================
06:25:11.0278 4828 Initialize success
06:25:11.0278 4828 ============================================================
06:25:23.0420 3548 ============================================================
06:25:23.0420 3548 Scan started
06:25:23.0420 3548 Mode: Manual; SigCheck;
06:25:23.0420 3548 ============================================================
06:25:24.0093 3548 ================ Scan services =============================
06:25:24.0222 3548 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
06:25:24.0328 3548 1394ohci - ok
06:25:24.0344 3548 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
06:25:24.0362 3548 ACPI - ok
06:25:24.0367 3548 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
06:25:24.0419 3548 AcpiPmi - ok
06:25:24.0523 3548 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:25:24.0536 3548 AdobeFlashPlayerUpdateSvc - ok
06:25:24.0570 3548 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
06:25:24.0590 3548 adp94xx - ok
06:25:24.0617 3548 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
06:25:24.0634 3548 adpahci - ok
06:25:24.0641 3548 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
06:25:24.0656 3548 adpu320 - ok
06:25:24.0673 3548 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:25:24.0798 3548 AeLookupSvc - ok
06:25:24.0839 3548 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys
06:25:24.0908 3548 AFD - ok
06:25:24.0937 3548 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
06:25:24.0949 3548 agp440 - ok
06:25:24.0966 3548 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
06:25:24.0988 3548 ALG - ok
06:25:25.0004 3548 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
06:25:25.0016 3548 aliide - ok
06:25:25.0020 3548 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
06:25:25.0033 3548 amdide - ok
06:25:25.0037 3548 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
06:25:25.0084 3548 AmdK8 - ok
06:25:25.0092 3548 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
06:25:25.0123 3548 AmdPPM - ok
06:25:25.0155 3548 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:25:25.0168 3548 amdsata - ok
06:25:25.0179 3548 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
06:25:25.0195 3548 amdsbs - ok
06:25:25.0209 3548 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:25:25.0220 3548 amdxata - ok
06:25:25.0232 3548 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
06:25:25.0316 3548 AppID - ok
06:25:25.0329 3548 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:25:25.0405 3548 AppIDSvc - ok
06:25:25.0440 3548 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
06:25:25.0560 3548 Appinfo - ok
06:25:25.0565 3548 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
06:25:25.0579 3548 arc - ok
06:25:25.0584 3548 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
06:25:25.0597 3548 arcsas - ok
06:25:25.0611 3548 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:25:25.0659 3548 AsyncMac - ok
06:25:25.0679 3548 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
06:25:25.0689 3548 atapi - ok
06:25:25.0713 3548 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:25:25.0764 3548 AudioEndpointBuilder - ok
06:25:25.0775 3548 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:25:25.0813 3548 AudioSrv - ok
06:25:25.0848 3548 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
06:25:25.0863 3548 AVGIDSHA - ok
06:25:25.0884 3548 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
06:25:25.0899 3548 Avgtdia - ok
06:25:25.0956 3548 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
06:25:25.0968 3548 avgwd - ok
06:25:25.0992 3548 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:25:26.0055 3548 AxInstSV - ok
06:25:26.0087 3548 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
06:25:26.0137 3548 b06bdrv - ok
06:25:26.0158 3548 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:25:26.0193 3548 b57nd60a - ok
06:25:26.0214 3548 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
06:25:26.0244 3548 BDESVC - ok
06:25:26.0262 3548 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
06:25:26.0312 3548 Beep - ok
06:25:26.0357 3548 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\Windows\System32\bfe.dll
06:25:26.0424 3548 BFE - ok
06:25:26.0456 3548 [ 7f0c323fe3da28aa4aa1bda3f575707f ] BITS C:\Windows\System32\qmgr.dll
06:25:26.0524 3548 BITS - ok
06:25:26.0546 3548 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:25:26.0566 3548 blbdrive - ok
06:25:26.0594 3548 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:25:26.0621 3548 bowser - ok
06:25:26.0725 3548 [ e43299f393be33f14c5690d968bb393a ] bProtector C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
06:25:26.0774 3548 bProtector - ok
06:25:26.0794 3548 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:25:26.0828 3548 BrFiltLo - ok
06:25:26.0832 3548 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:25:26.0848 3548 BrFiltUp - ok
06:25:26.0891 3548 [ 6b054c67aaa87843504e8e3c09102009 ] Browser C:\Windows\System32\browser.dll
06:25:26.0917 3548 Browser - ok
06:25:26.0942 3548 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:25:26.0989 3548 Brserid - ok
06:25:26.0994 3548 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:25:27.0023 3548 BrSerWdm - ok
06:25:27.0029 3548 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:25:27.0078 3548 BrUsbMdm - ok
06:25:27.0082 3548 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:25:27.0113 3548 BrUsbSer - ok
06:25:27.0119 3548 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
06:25:27.0139 3548 BTHMODEM - ok
06:25:27.0165 3548 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
06:25:27.0201 3548 bthserv - ok
06:25:27.0211 3548 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:25:27.0263 3548 cdfs - ok
06:25:27.0292 3548 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:25:27.0307 3548 cdrom - ok
06:25:27.0327 3548 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
06:25:27.0380 3548 CertPropSvc - ok
06:25:27.0390 3548 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
06:25:27.0406 3548 circlass - ok
06:25:27.0420 3548 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
06:25:27.0438 3548 CLFS - ok
06:25:27.0496 3548 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:25:27.0512 3548 clr_optimization_v2.0.50727_32 - ok
06:25:27.0534 3548 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:25:27.0547 3548 clr_optimization_v2.0.50727_64 - ok
06:25:27.0606 3548 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:25:27.0637 3548 clr_optimization_v4.0.30319_32 - ok
06:25:27.0655 3548 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:25:27.0667 3548 clr_optimization_v4.0.30319_64 - ok
06:25:27.0694 3548 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:25:27.0720 3548 CmBatt - ok
06:25:27.0739 3548 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
06:25:27.0750 3548 cmdide - ok
06:25:27.0799 3548 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\Windows\system32\Drivers\cng.sys
06:25:27.0823 3548 CNG - ok
06:25:27.0834 3548 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:25:27.0845 3548 Compbatt - ok
06:25:27.0879 3548 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
06:25:27.0912 3548 CompositeBus - ok
06:25:27.0924 3548 COMSysApp - ok
06:25:27.0983 3548 cpuz132 - ok
06:25:27.0991 3548 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
06:25:28.0004 3548 crcdisk - ok
06:25:28.0042 3548 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:25:28.0071 3548 CryptSvc - ok
06:25:28.0105 3548 [ 15c2afd86d8a58354fc100434c78b621 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
06:25:28.0133 3548 dc3d - ok
06:25:28.0163 3548 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:25:28.0224 3548 DcomLaunch - ok
06:25:28.0249 3548 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
06:25:28.0301 3548 defragsvc - ok
06:25:28.0329 3548 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:25:28.0369 3548 DfsC - ok
06:25:28.0391 3548 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
06:25:28.0461 3548 Dhcp - ok
06:25:28.0476 3548 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
06:25:28.0529 3548 discache - ok
06:25:28.0573 3548 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
06:25:28.0585 3548 Disk - ok
06:25:28.0615 3548 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:25:28.0632 3548 Dnscache - ok
06:25:28.0649 3548 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
06:25:28.0691 3548 dot3svc - ok
06:25:28.0702 3548 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
06:25:28.0750 3548 DPS - ok
06:25:28.0766 3548 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:25:28.0794 3548 drmkaud - ok
06:25:28.0831 3548 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:25:28.0857 3548 DXGKrnl - ok
06:25:28.0865 3548 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
06:25:28.0915 3548 EapHost - ok
06:25:28.0973 3548 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
06:25:29.0062 3548 ebdrv - ok
06:25:29.0083 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe
06:25:29.0130 3548 EFS - ok
06:25:29.0164 3548 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:25:29.0216 3548 ehRecvr - ok
06:25:29.0231 3548 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
06:25:29.0257 3548 ehSched - ok
06:25:29.0283 3548 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
06:25:29.0303 3548 elxstor - ok
06:25:29.0311 3548 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
06:25:29.0331 3548 ErrDev - ok
06:25:29.0371 3548 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
06:25:29.0409 3548 EventSystem - ok
06:25:29.0415 3548 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
06:25:29.0473 3548 exfat - ok
06:25:29.0493 3548 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:25:29.0542 3548 fastfat - ok
06:25:29.0581 3548 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
06:25:29.0625 3548 Fax - ok
06:25:29.0634 3548 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:25:29.0672 3548 fdc - ok
06:25:29.0683 3548 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
06:25:29.0724 3548 fdPHost - ok
06:25:29.0736 3548 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
06:25:29.0792 3548 FDResPub - ok
06:25:29.0814 3548 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:25:29.0826 3548 FileInfo - ok
06:25:29.0837 3548 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:25:29.0884 3548 Filetrace - ok
06:25:29.0901 3548 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:25:29.0915 3548 flpydisk - ok
06:25:29.0940 3548 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:25:29.0956 3548 FltMgr - ok
06:25:29.0981 3548 [ 6cd6bb45bd3e0eef6ce496bf52854ff1 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys
06:25:30.0013 3548 FlyUsb - ok
06:25:30.0059 3548 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\Windows\system32\FntCache.dll
06:25:30.0135 3548 FontCache - ok
06:25:30.0166 3548 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:25:30.0176 3548 FontCache3.0.0.0 - ok
06:25:30.0230 3548 [ a9ff65ea14e4cabfcc1bb8ece111a249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
06:25:30.0258 3548 ForceWare Intelligent Application Manager (IAM) - ok
06:25:30.0267 3548 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:25:30.0279 3548 FsDepends - ok
06:25:30.0300 3548 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:25:30.0311 3548 Fs_Rec - ok
06:25:30.0343 3548 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:25:30.0362 3548 fvevol - ok
06:25:30.0382 3548 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
06:25:30.0396 3548 gagp30kx - ok
06:25:30.0437 3548 [ 551d463e4cceb5240234da6718c93a44 ] GameConsoleService C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
06:25:30.0453 3548 GameConsoleService - ok
06:25:30.0492 3548 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
06:25:30.0504 3548 GamesAppService - ok
06:25:30.0531 3548 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
06:25:30.0577 3548 gpsvc - ok
06:25:30.0632 3548 [ 816fd5a6f3c2f3d600900096632fc60e ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
06:25:30.0667 3548 Greg_Service - ok
06:25:30.0716 3548 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:25:30.0728 3548 gupdate - ok
06:25:30.0750 3548 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:25:30.0761 3548 gupdatem - ok
06:25:30.0786 3548 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:25:30.0830 3548 hcw85cir - ok
06:25:30.0857 3548 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:25:30.0881 3548 HdAudAddService - ok
06:25:30.0899 3548 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
06:25:30.0928 3548 HDAudBus - ok
06:25:30.0932 3548 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
06:25:30.0960 3548 HidBatt - ok
06:25:30.0965 3548 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:25:30.0989 3548 HidBth - ok
06:25:31.0011 3548 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
06:25:31.0025 3548 HidIr - ok
06:25:31.0052 3548 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
06:25:31.0087 3548 hidserv - ok
06:25:31.0107 3548 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:25:31.0138 3548 HidUsb - ok
06:25:31.0160 3548 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:25:31.0195 3548 hkmsvc - ok
06:25:31.0208 3548 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:25:31.0235 3548 HomeGroupListener - ok
06:25:31.0253 3548 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:25:31.0273 3548 HomeGroupProvider - ok
06:25:31.0291 3548 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
06:25:31.0304 3548 HpSAMD - ok
06:25:31.0330 3548 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:25:31.0392 3548 HTTP - ok
06:25:31.0400 3548 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:25:31.0411 3548 hwpolicy - ok
06:25:31.0440 3548 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
06:25:31.0457 3548 i8042prt - ok
06:25:31.0483 3548 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:25:31.0501 3548 iaStorV - ok
06:25:31.0541 3548 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:25:31.0571 3548 idsvc - ok
06:25:31.0597 3548 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
06:25:31.0610 3548 iirsp - ok
06:25:31.0670 3548 [ ce1ee31fff730ca975a5535d8a71af61 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
06:25:31.0681 3548 IJPLMSVC - ok
06:25:31.0712 3548 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
06:25:31.0770 3548 IKEEXT - ok
06:25:31.0843 3548 [ bc64b75e8e0a0b8982ab773483164e72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:25:31.0877 3548 IntcAzAudAddService - ok
06:25:31.0885 3548 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
06:25:31.0898 3548 intelide - ok
06:25:31.0912 3548 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:25:31.0936 3548 intelppm - ok
06:25:31.0950 3548 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:25:31.0985 3548 IPBusEnum - ok
06:25:31.0990 3548 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:25:32.0027 3548 IpFilterDriver - ok
06:25:32.0043 3548 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:25:32.0124 3548 iphlpsvc - ok
06:25:32.0157 3548 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
06:25:32.0177 3548 IPMIDRV - ok
06:25:32.0192 3548 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:25:32.0233 3548 IPNAT - ok
06:25:32.0256 3548 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:25:32.0274 3548 IRENUM - ok
06:25:32.0279 3548 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
06:25:32.0290 3548 isapnp - ok
06:25:32.0317 3548 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
06:25:32.0333 3548 iScsiPrt - ok
06:25:32.0349 3548 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:25:32.0361 3548 kbdclass - ok
06:25:32.0369 3548 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
06:25:32.0395 3548 kbdhid - ok
06:25:32.0416 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe
06:25:32.0429 3548 KeyIso - ok
06:25:32.0454 3548 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:25:32.0467 3548 KSecDD - ok
06:25:32.0479 3548 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:25:32.0493 3548 KSecPkg - ok
06:25:32.0502 3548 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:25:32.0546 3548 ksthunk - ok
06:25:32.0560 3548 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
06:25:32.0609 3548 KtmRm - ok
06:25:32.0632 3548 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\system32\srvsvc.dll
06:25:32.0672 3548 LanmanServer - ok
06:25:32.0699 3548 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:25:32.0753 3548 LanmanWorkstation - ok
06:25:33.0015 3548 [ 24a7d535bd9e58e5bc1ac52ef7e2ec8e ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
06:25:33.0131 3548 LeapFrog Connect Device Service - ok
06:25:33.0156 3548 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:25:33.0203 3548 lltdio - ok
06:25:33.0230 3548 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:25:33.0282 3548 lltdsvc - ok
06:25:33.0300 3548 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:25:33.0337 3548 lmhosts - ok
06:25:33.0357 3548 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
06:25:33.0372 3548 LSI_FC - ok
06:25:33.0387 3548 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
06:25:33.0401 3548 LSI_SAS - ok
06:25:33.0413 3548 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:25:33.0427 3548 LSI_SAS2 - ok
06:25:33.0444 3548 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:25:33.0459 3548 LSI_SCSI - ok
06:25:33.0478 3548 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
06:25:33.0522 3548 luafv - ok
06:25:33.0542 3548 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
06:25:33.0553 3548 MBAMProtector - ok
06:25:33.0602 3548 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:25:33.0630 3548 MBAMService - ok
06:25:33.0647 3548 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:25:33.0672 3548 Mcx2Svc - ok
06:25:33.0677 3548 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
06:25:33.0693 3548 megasas - ok
06:25:33.0736 3548 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
06:25:33.0757 3548 MegaSR - ok
06:25:33.0819 3548 Microsoft SharePoint Workspace Audit Service - ok
06:25:33.0845 3548 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
06:25:33.0882 3548 MMCSS - ok
06:25:33.0886 3548 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
06:25:33.0937 3548 Modem - ok
06:25:33.0952 3548 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:25:33.0973 3548 monitor - ok
06:25:33.0992 3548 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:25:34.0004 3548 mouclass - ok
06:25:34.0019 3548 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:25:34.0033 3548 mouhid - ok
06:25:34.0041 3548 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:25:34.0053 3548 mountmgr - ok
06:25:34.0068 3548 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
06:25:34.0081 3548 mpio - ok
06:25:34.0095 3548 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:25:34.0130 3548 mpsdrv - ok
06:25:34.0154 3548 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\Windows\system32\mpssvc.dll
06:25:34.0230 3548 MpsSvc - ok
06:25:34.0255 3548 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:25:34.0285 3548 MRxDAV - ok
06:25:34.0317 3548 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:25:34.0345 3548 mrxsmb - ok
06:25:34.0375 3548 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:25:34.0395 3548 mrxsmb10 - ok
06:25:34.0408 3548 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:25:34.0435 3548 mrxsmb20 - ok
06:25:34.0451 3548 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
06:25:34.0467 3548 msahci - ok
06:25:34.0480 3548 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
06:25:34.0498 3548 msdsm - ok
06:25:34.0510 3548 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
06:25:34.0541 3548 MSDTC - ok
06:25:34.0565 3548 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:25:34.0602 3548 Msfs - ok
06:25:34.0614 3548 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:25:34.0647 3548 mshidkmdf - ok
06:25:34.0659 3548 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
06:25:34.0670 3548 msisadrv - ok
06:25:34.0691 3548 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:25:34.0733 3548 MSiSCSI - ok
06:25:34.0737 3548 msiserver - ok
06:25:34.0758 3548 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:25:34.0804 3548 MSKSSRV - ok
06:25:34.0809 3548 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:25:34.0864 3548 MSPCLOCK - ok
06:25:34.0872 3548 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:25:34.0921 3548 MSPQM - ok
06:25:34.0942 3548 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:25:34.0963 3548 MsRPC - ok
06:25:34.0974 3548 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
06:25:34.0986 3548 mssmbios - ok
06:25:34.0998 3548 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:25:35.0038 3548 MSTEE - ok
06:25:35.0043 3548 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
06:25:35.0060 3548 MTConfig - ok
06:25:35.0080 3548 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
06:25:35.0092 3548 Mup - ok
06:25:35.0108 3548 [ 6ffecc25b39dc7652a0cec0ada9db589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
06:25:35.0118 3548 mwlPSDFilter - ok
06:25:35.0129 3548 [ 0befe32ca56d6ee89d58175725596a85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
06:25:35.0138 3548 mwlPSDNServ - ok
06:25:35.0152 3548 [ d43bc633b8660463e446e28e14a51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
06:25:35.0163 3548 mwlPSDVDisk - ok
06:25:35.0206 3548 [ 22a4905c958beb68d78385b633c1351b ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
06:25:35.0222 3548 MWLService - ok
06:25:35.0253 3548 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
06:25:35.0305 3548 napagent - ok
06:25:35.0327 3548 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:25:35.0359 3548 NativeWifiP - ok
06:25:35.0397 3548 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
06:25:35.0437 3548 NDIS - ok
06:25:35.0453 3548 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:25:35.0491 3548 NdisCap - ok
06:25:35.0501 3548 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:25:35.0609 3548 NdisTapi - ok
06:25:35.0626 3548 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:25:35.0716 3548 Ndisuio - ok
06:25:35.0731 3548 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:25:35.0772 3548 NdisWan - ok
06:25:35.0789 3548 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:25:35.0834 3548 NDProxy - ok
06:25:35.0907 3548 [ 7d2633295eb6ff2b938185874884059d ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
06:25:35.0940 3548 Nero BackItUp Scheduler 4.0 - ok
06:25:35.0961 3548 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:25:36.0012 3548 NetBIOS - ok
06:25:36.0029 3548 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:25:36.0080 3548 NetBT - ok
06:25:36.0099 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe
06:25:36.0112 3548 Netlogon - ok
06:25:36.0145 3548 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
06:25:36.0185 3548 Netman - ok
06:25:36.0206 3548 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
06:25:36.0255 3548 netprofm - ok
06:25:36.0278 3548 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:25:36.0290 3548 NetTcpPortSharing - ok
06:25:36.0311 3548 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
06:25:36.0327 3548 nfrd960 - ok
06:25:36.0343 3548 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:25:36.0396 3548 NlaSvc - ok
06:25:36.0417 3548 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:25:36.0472 3548 Npfs - ok
06:25:36.0495 3548 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
06:25:36.0541 3548 nsi - ok
06:25:36.0559 3548 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:25:36.0603 3548 nsiproxy - ok
06:25:36.0625 3548 [ c04f5def37e55f6a34428b050f44d3d6 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
06:25:36.0638 3548 nSvcIp - ok
06:25:36.0694 3548 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:25:36.0754 3548 Ntfs - ok
06:25:36.0795 3548 [ 317020d31f1696334679b9d0416eb62e ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
06:25:36.0805 3548 NuidFltr - ok
06:25:36.0827 3548 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
06:25:36.0861 3548 Null - ok
06:25:36.0879 3548 [ a85b4f2ef3a7304a5399ef0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
06:25:36.0905 3548 NVENETFD - ok
06:25:36.0933 3548 [ 181e7fe39211e04128a30708906627d8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
06:25:36.0944 3548 NVHDA - ok
06:25:37.0133 3548 [ 5dcca70aab720c07cea8d4f5ea6db83d ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:25:37.0290 3548 nvlddmkm - ok
06:25:37.0318 3548 [ 956a1f47826514c1ea0c295fe13c7377 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
06:25:37.0331 3548 NVNET - ok
06:25:37.0369 3548 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:25:37.0385 3548 nvraid - ok
06:25:37.0434 3548 [ afde3015bb8d76e26bec3b287c5443a0 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
06:25:37.0465 3548 nvsmu - ok
06:25:37.0486 3548 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:25:37.0502 3548 nvstor - ok
06:25:37.0520 3548 [ 7c7eef51979658ce15bbc04f96a77d56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
06:25:37.0541 3548 nvstor64 - ok
06:25:37.0612 3548 [ 902bb5d857538cc31163009959df0116 ] nvsvc C:\Windows\system32\nvvsvc.exe
06:25:37.0644 3548 nvsvc - ok
06:25:37.0664 3548 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
06:25:37.0678 3548 nv_agp - ok
06:25:37.0682 3548 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
06:25:37.0711 3548 ohci1394 - ok
06:25:37.0760 3548 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:25:37.0777 3548 ose - ok
06:25:37.0924 3548 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:25:38.0064 3548 osppsvc - ok
06:25:38.0094 3548 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:25:38.0133 3548 p2pimsvc - ok
06:25:38.0146 3548 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
06:25:38.0178 3548 p2psvc - ok
06:25:38.0189 3548 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
06:25:38.0218 3548 Parport - ok
06:25:38.0242 3548 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:25:38.0255 3548 partmgr - ok
06:25:38.0267 3548 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:25:38.0295 3548 PcaSvc - ok
06:25:38.0313 3548 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
06:25:38.0327 3548 pci - ok
06:25:38.0416 3548 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
06:25:38.0429 3548 pciide - ok
06:25:38.0444 3548 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
06:25:38.0470 3548 pcmcia - ok
06:25:38.0482 3548 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
06:25:38.0497 3548 pcw - ok
06:25:38.0518 3548 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:25:38.0585 3548 PEAUTH - ok
06:25:38.0653 3548 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:25:38.0672 3548 PerfHost - ok
06:25:38.0714 3548 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
06:25:38.0795 3548 pla - ok
06:25:38.0827 3548 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:25:38.0889 3548 PlugPlay - ok
06:25:38.0908 3548 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:25:38.0926 3548 PNRPAutoReg - ok
06:25:38.0943 3548 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:25:38.0960 3548 PNRPsvc - ok
06:25:38.0987 3548 [ 33328fa8a580885ab0065be6db266e9f ] Point64 C:\Windows\system32\DRIVERS\point64.sys
06:25:38.0997 3548 Point64 - ok
06:25:39.0025 3548 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:25:39.0083 3548 PolicyAgent - ok
06:25:39.0108 3548 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
06:25:39.0158 3548 Power - ok
06:25:39.0185 3548 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:25:39.0231 3548 PptpMiniport - ok
06:25:39.0243 3548 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
06:25:39.0265 3548 Processor - ok
06:25:39.0293 3548 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\Windows\system32\profsvc.dll
06:25:39.0321 3548 ProfSvc - ok
06:25:39.0332 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:25:39.0345 3548 ProtectedStorage - ok
06:25:39.0361 3548 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:25:39.0404 3548 Psched - ok
06:25:39.0442 3548 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
06:25:39.0495 3548 ql2300 - ok
06:25:39.0516 3548 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
06:25:39.0529 3548 ql40xx - ok
06:25:39.0555 3548 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
06:25:39.0575 3548 QWAVE - ok
06:25:39.0586 3548 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:25:39.0619 3548 QWAVEdrv - ok
06:25:39.0624 3548 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:25:39.0670 3548 RasAcd - ok
06:25:39.0692 3548 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:25:39.0725 3548 RasAgileVpn - ok
06:25:39.0738 3548 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
06:25:39.0791 3548 RasAuto - ok
06:25:39.0802 3548 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:25:39.0838 3548 Rasl2tp - ok
06:25:39.0853 3548 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
06:25:39.0917 3548 RasMan - ok
06:25:39.0936 3548 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:25:39.0985 3548 RasPppoe - ok
06:25:39.0990 3548 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:25:40.0036 3548 RasSstp - ok
06:25:40.0050 3548 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:25:40.0090 3548 rdbss - ok
06:25:40.0104 3548 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:25:40.0125 3548 rdpbus - ok
06:25:40.0136 3548 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:25:40.0169 3548 RDPCDD - ok
06:25:40.0189 3548 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:25:40.0232 3548 RDPENCDD - ok
06:25:40.0239 3548 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:25:40.0272 3548 RDPREFMP - ok
06:25:40.0302 3548 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:25:40.0337 3548 RDPWD - ok
06:25:40.0348 3548 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:25:40.0363 3548 rdyboost - ok
06:25:40.0387 3548 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:25:40.0427 3548 RemoteAccess - ok
06:25:40.0440 3548 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:25:40.0486 3548 RemoteRegistry - ok
06:25:40.0531 3548 [ f12a68ed55053940cadd59ca5e3468dd ] RichVideo C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
06:25:40.0547 3548 RichVideo ( UnsignedFile.Multi.Generic ) - warning
06:25:40.0548 3548 RichVideo - detected UnsignedFile.Multi.Generic (1)
06:25:40.0575 3548 [ 5790bca445cc40df8b38c2c48608aac2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
06:25:40.0618 3548 RimUsb - ok
06:25:40.0636 3548 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:25:40.0682 3548 RpcEptMapper - ok
06:25:40.0715 3548 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
06:25:40.0742 3548 RpcLocator - ok
06:25:40.0771 3548 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
06:25:40.0818 3548 RpcSs - ok
06:25:40.0835 3548 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:25:40.0885 3548 rspndr - ok
06:25:40.0908 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe
06:25:40.0919 3548 SamSs - ok
06:25:40.0939 3548 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
06:25:40.0952 3548 sbp2port - ok
06:25:40.0967 3548 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:25:41.0004 3548 SCardSvr - ok
06:25:41.0015 3548 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:25:41.0068 3548 scfilter - ok
06:25:41.0104 3548 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
06:25:41.0166 3548 Schedule - ok
06:25:41.0193 3548 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
06:25:41.0227 3548 SCPolicySvc - ok
06:25:41.0243 3548 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:25:41.0270 3548 SDRSVC - ok
06:25:41.0287 3548 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:25:41.0338 3548 secdrv - ok
06:25:41.0356 3548 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
06:25:41.0397 3548 seclogon - ok
06:25:41.0414 3548 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
06:25:41.0453 3548 SENS - ok
06:25:41.0478 3548 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:25:41.0510 3548 SensrSvc - ok
06:25:41.0527 3548 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
06:25:41.0543 3548 Serenum - ok
06:25:41.0549 3548 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
06:25:41.0564 3548 Serial - ok
06:25:41.0568 3548 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
06:25:41.0592 3548 sermouse - ok
06:25:41.0614 3548 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
06:25:41.0650 3548 SessionEnv - ok
06:25:41.0657 3548 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
06:25:41.0693 3548 sffdisk - ok
06:25:41.0697 3548 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
06:25:41.0729 3548 sffp_mmc - ok
06:25:41.0733 3548 [ 5588b8c6193eb1522490c122eb94dffa ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
06:25:41.0750 3548 sffp_sd - ok
06:25:41.0756 3548 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:25:41.0774 3548 sfloppy - ok
06:25:41.0801 3548 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:25:41.0844 3548 SharedAccess - ok
06:25:41.0858 3548 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:25:41.0893 3548 ShellHWDetection - ok
06:25:41.0910 3548 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:25:41.0922 3548 SiSRaid2 - ok
06:25:41.0944 3548 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
06:25:41.0958 3548 SiSRaid4 - ok
06:25:41.0973 3548 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:25:42.0009 3548 Smb - ok
06:25:42.0024 3548 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:25:42.0043 3548 SNMPTRAP - ok
06:25:42.0047 3548 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
06:25:42.0059 3548 spldr - ok
06:25:42.0101 3548 [ 567977dc43cc13c4c35ed7084c0b84d5 ] Spooler C:\Windows\System32\spoolsv.exe
06:25:42.0141 3548 Spooler - ok
06:25:42.0207 3548 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
06:25:42.0289 3548 sppsvc - ok
06:25:42.0307 3548 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:25:42.0354 3548 sppuinotify - ok
06:25:42.0392 3548 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
06:25:42.0423 3548 srv - ok
06:25:42.0442 3548 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:25:42.0472 3548 srv2 - ok
06:25:42.0496 3548 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:25:42.0519 3548 srvnet - ok
06:25:42.0540 3548 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:25:42.0576 3548 SSDPSRV - ok
06:25:42.0583 3548 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:25:42.0624 3548 SstpSvc - ok
06:25:42.0644 3548 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
06:25:42.0656 3548 stexstor - ok
06:25:42.0682 3548 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
06:25:42.0724 3548 stisvc - ok
06:25:42.0734 3548 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
06:25:42.0746 3548 swenum - ok
06:25:42.0760 3548 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
06:25:42.0814 3548 swprv - ok
06:25:42.0853 3548 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
06:25:42.0915 3548 SysMain - ok
06:25:42.0931 3548 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:25:42.0968 3548 TabletInputService - ok
06:25:42.0984 3548 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
06:25:43.0066 3548 TapiSrv - ok
06:25:43.0082 3548 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
06:25:43.0118 3548 TBS - ok
06:25:43.0174 3548 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:25:43.0233 3548 Tcpip - ok
06:25:43.0270 3548 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:25:43.0308 3548 TCPIP6 - ok
06:25:43.0329 3548 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:25:43.0362 3548 tcpipreg - ok
06:25:43.0374 3548 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:25:43.0392 3548 TDPIPE - ok
06:25:43.0420 3548 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:25:43.0457 3548 TDTCP - ok
06:25:43.0472 3548 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:25:43.0516 3548 tdx - ok
06:25:43.0530 3548 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
06:25:43.0542 3548 TermDD - ok
06:25:43.0571 3548 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
06:25:43.0631 3548 TermService - ok
06:25:43.0639 3548 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
06:25:43.0657 3548 Themes - ok
06:25:43.0678 3548 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
06:25:43.0712 3548 THREADORDER - ok
06:25:43.0735 3548 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
06:25:43.0779 3548 TrkWks - ok
06:25:43.0817 3548 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:25:43.0847 3548 TrustedInstaller - ok
06:25:43.0865 3548 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:25:43.0908 3548 tssecsrv - ok
06:25:43.0925 3548 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:25:43.0986 3548 tunnel - ok
06:25:44.0006 3548 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
06:25:44.0018 3548 uagp35 - ok
06:25:44.0032 3548 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:25:44.0077 3548 udfs - ok
06:25:44.0098 3548 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:25:44.0113 3548 UI0Detect - ok
06:25:44.0121 3548 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
06:25:44.0135 3548 uliagpkx - ok
06:25:44.0153 3548 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:25:44.0180 3548 umbus - ok
06:25:44.0184 3548 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
06:25:44.0199 3548 UmPass - ok
06:25:44.0255 3548 [ f9ec9acd504d823d9b9ca98a4f8d3ca2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
06:25:44.0269 3548 Updater Service - ok
06:25:44.0285 3548 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
06:25:44.0341 3548 upnphost - ok
06:25:44.0368 3548 [ 7b6a127c93ee590e4d79a5f2a76fe46f ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:25:44.0404 3548 usbccgp - ok
06:25:44.0427 3548 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
06:25:44.0449 3548 usbcir - ok
06:25:44.0467 3548 [ 92969ba5ac44e229c55a332864f79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:25:44.0482 3548 usbehci - ok
06:25:44.0504 3548 [ e7df1cfd28ca86b35ef5add0735ceef3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:25:44.0531 3548 usbhub - ok
06:25:44.0552 3548 [ f1bb1e55f1e7a65c5839ccc7b36d773e ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
06:25:44.0578 3548 usbohci - ok
06:25:44.0607 3548 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:25:44.0626 3548 usbprint - ok
06:25:44.0661 3548 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
06:25:44.0683 3548 usbscan - ok
06:25:44.0704 3548 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:25:44.0720 3548 USBSTOR - ok
06:25:44.0753 3548 [ bc3070350a491d84b518d7cca9abd36f ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
06:25:44.0772 3548 usbuhci - ok
06:25:44.0789 3548 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
06:25:44.0832 3548 UxSms - ok
06:25:44.0849 3548 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe
06:25:44.0861 3548 VaultSvc - ok
06:25:44.0878 3548 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
06:25:44.0894 3548 vdrvroot - ok
06:25:44.0922 3548 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
06:25:44.0968 3548 vds - ok
06:25:44.0980 3548 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:25:45.0000 3548 vga - ok
06:25:45.0014 3548 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
06:25:45.0057 3548 VgaSave - ok
06:25:45.0075 3548 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
06:25:45.0092 3548 vhdmp - ok
06:25:45.0096 3548 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
06:25:45.0109 3548 viaide - ok
06:25:45.0119 3548 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
06:25:45.0133 3548 volmgr - ok
06:25:45.0151 3548 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:25:45.0171 3548 volmgrx - ok
06:25:45.0178 3548 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
06:25:45.0195 3548 volsnap - ok
06:25:45.0218 3548 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:25:45.0233 3548 vsmraid - ok
06:25:45.0269 3548 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
06:25:45.0339 3548 VSS - ok
06:25:45.0446 3548 [ 8ed347bad8d1fb7c40b593bfb01786d2 ] vToolbarUpdater11.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
06:25:45.0479 3548 vToolbarUpdater11.2.0 - ok
06:25:45.0508 3548 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
06:25:45.0527 3548 vwifibus - ok
06:25:45.0550 3548 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
06:25:45.0591 3548 W32Time - ok
06:25:45.0600 3548 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:25:45.0625 3548 WacomPen - ok
06:25:45.0652 3548 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:25:45.0706 3548 WANARP - ok
06:25:45.0726 3548 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:25:45.0763 3548 Wanarpv6 - ok
06:25:45.0818 3548 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:25:45.0863 3548 WatAdminSvc - ok
06:25:45.0911 3548 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
06:25:46.0025 3548 wbengine - ok
06:25:46.0055 3548 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:25:46.0092 3548 WbioSrvc - ok
06:25:46.0119 3548 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:25:46.0166 3548 wcncsvc - ok
06:25:46.0184 3548 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:25:46.0213 3548 WcsPlugInService - ok
06:25:46.0222 3548 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:25:46.0233 3548 Wd - ok
06:25:46.0261 3548 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:25:46.0291 3548 Wdf01000 - ok
06:25:46.0302 3548 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:25:46.0326 3548 WdiServiceHost - ok
06:25:46.0329 3548 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:25:46.0350 3548 WdiSystemHost - ok
06:25:46.0410 3548 [ b1ec8c9300c58ce5e90990f71eea644c ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
06:25:46.0422 3548 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
06:25:46.0422 3548 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
06:25:46.0446 3548 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\Windows\System32\webclnt.dll
06:25:46.0472 3548 WebClient - ok
06:25:46.0487 3548 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:25:46.0540 3548 Wecsvc - ok
06:25:46.0556 3548 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:25:46.0611 3548 wercplsupport - ok
06:25:46.0632 3548 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
06:25:46.0678 3548 WerSvc - ok
06:25:46.0698 3548 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:25:46.0742 3548 WfpLwf - ok
06:25:46.0754 3548 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:25:46.0767 3548 WIMMount - ok
06:25:46.0779 3548 WinDefend - ok
06:25:46.0785 3548 WinHttpAutoProxySvc - ok
06:25:46.0833 3548 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:25:46.0877 3548 Winmgmt - ok
06:25:46.0915 3548 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
06:25:47.0017 3548 WinRM - ok
06:25:47.0061 3548 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
06:25:47.0107 3548 Wlansvc - ok
06:25:47.0120 3548 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
06:25:47.0151 3548 WmiAcpi - ok
06:25:47.0176 3548 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:25:47.0206 3548 wmiApSrv - ok
06:25:47.0230 3548 WMPNetworkSvc - ok
06:25:47.0249 3548 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:25:47.0270 3548 WPCSvc - ok
06:25:47.0283 3548 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:25:47.0309 3548 WPDBusEnum - ok
06:25:47.0322 3548 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:25:47.0355 3548 ws2ifsl - ok
06:25:47.0373 3548 [ 8f9f3969933c02da96eb0f84576db43e ] wscsvc C:\Windows\System32\wscsvc.dll
06:25:47.0395 3548 wscsvc - ok
06:25:47.0399 3548 WSearch - ok
06:25:47.0469 3548 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
06:25:47.0558 3548 wuauserv - ok
06:25:47.0575 3548 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:25:47.0630 3548 WudfPf - ok
06:25:47.0650 3548 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:25:47.0687 3548 WUDFRd - ok
06:25:47.0696 3548 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:25:47.0731 3548 wudfsvc - ok
06:25:47.0740 3548 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
06:25:47.0770 3548 WwanSvc - ok
06:25:47.0792 3548 ================ Scan global ===============================
06:25:47.0817 3548 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
06:25:47.0840 3548 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
06:25:47.0857 3548 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
06:25:47.0872 3548 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
06:25:47.0890 3548 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
06:25:47.0896 3548 [Global] - ok
06:25:47.0896 3548 ================ Scan MBR ==================================
06:25:47.0909 3548 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:25:48.0181 3548 \Device\Harddisk0\DR0 - ok
06:25:48.0184 3548 ================ Scan VBR ==================================
06:25:48.0187 3548 Boot (0x1200) (2b73b44cd2ef0d9b534db59edf0e41c7) \Device\Harddisk0\DR0\Partition1
06:25:48.0189 3548 \Device\Harddisk0\DR0\Partition1 - ok
06:25:48.0203 3548 Boot (0x1200) (11f80443508748a6708b52e1093720e7) \Device\Harddisk0\DR0\Partition2
06:25:48.0205 3548 \Device\Harddisk0\DR0\Partition2 - ok
06:25:48.0208 3548 ============================================================
06:25:48.0208 3548 Scan finished
06:25:48.0208 3548 ============================================================
06:25:48.0220 1436 Detected object count: 2
06:25:48.0220 1436 Actual detected object count: 2
06:25:52.0627 1436 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
06:25:52.0627 1436 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:25:52.0629 1436 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
06:25:52.0629 1436 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 17th, 2012, 8:37 am

Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 17th, 2012, 8:38 am

I did the TDSKilller log the last time, but I've had some trouble saving posts.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 17th, 2012, 10:32 am

Hi,
Do the following then let me know if you are still having problems

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
    IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=114022&babsrc=SP_ss&mntrId=947f0f7d00000000000000262d2f231c
    O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
    
    :files
    C:\ProgramData\bProtectorForWindows
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts] 
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 472 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware