Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Girlfriend's Toshiba can't start Safe Mode, Admin account unavailable
Message
<blockquote data-quote="NiceBoyfriend" data-source="post: 174366" data-attributes="member: 19969"><p>Hi,</p><p></p><p>my girlfriend has tasked me with sorting out her laptop during my break and frankly it's a mess. I highly suspect (multiple) malware infections.</p><p></p><p>First, the Admin account is unavailable, calling "User Profile Service failed the logon. User profile cannot be loaded." So all access to the computer is limited to a guest account without admin privileges. Any attempt to access the registry to fix this has so far been blocked.</p><p></p><p>Secondly, I'm completely unable to access safe mode, both my conventional (F8 on startup) and unconventional means (system config, BCDedit, cold start on boot-up etc.)</p><p></p><p>Thirdly, as I'm only able to access the computer without admin privileges, I'm not allowed to run recovery, repair og diagnostics tools to any great degree. The execution seems to be blocked after entering the admin password. The computer reports "Could not find (file) error. Check that the name is correct and try again".</p><p></p><p>Unfortunately, that also means that I cannot offer aswMBR or Adwcleaner error reports as they couldn't be executed on the affected computer.</p><p></p><p>The computer in question is a Toshiba Satelite T130-145 running Windows 7 SP1 Home Edition 64-bit. There's both Norman and AVG anti-virus software, but both are inactivated due to expiry of license. </p><p></p><p>Thankful for any and all suggestions and advice.</p><p></p><p>Farbar Scan results pasted below (Frst.txt first, addition.txt afterwards):</p><p>==========================================================================================</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014</p><p>Ran by Gjest (ATTENTION: The logged in user is not administrator) on MIRIAM-TOSH on 17-03-2014 17:29:59</p><p>Running from E:\</p><p>Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norwegian Bokmal</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p></p><p>The only official download link for FRST:</p><p>Download link for 32-Bit version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/</a></p><p>Download link for 64-Bit Version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/</a></p><p>Download link from any site other than Bleeping Computer is unpermitted or outdated.</p><p>See tutorial for FRST: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe</p><p>(Intel Corporation) C:\Windows\system32\igfxsrvc.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe</p><p>(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe</p><p>(TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</p><p>(Intel Corporation) C:\Windows\system32\igfxext.exe</p><p>(Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\spotify.exe</p><p>(Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe</p><p>(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe</p><p>(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe</p><p>(Norman AS) C:\Program Files\Norman\Npm\Bin\zlh.exe</p><p>(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe</p><p>(Norman AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe</p><p>() C:\Program Files (x86)\AVG Nation toolbar\vprot.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(Norman ASA) C:\Program Files\Norman\Nvc\Bin\cclaw.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-26] (Toshiba Europe GmbH)</p><p>HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)</p><p>HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated)</p><p>HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon</p><p>HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [ConexantAudioPatch] - C:\Program Files\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] ()</p><p>HKLM\...\Run: [TosVolRegulator] - C:\Windows\TosVolRegulator_x64.exe [47928 2009-09-04] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)</p><p>HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)</p><p>HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)</p><p>HKLM-x32\...\Run: [Norman ZANDA] - C:\Program Files\Norman\Npm\Bin\ZLH.EXE [66888 2013-03-08] (Norman AS)</p><p>HKLM-x32\...\Run: [] - [X]</p><p>HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)</p><p>HKLM-x32\...\Run: [ColdTurkey_notify] - C:\Program Files\ColdTurkey\ct_notify.exe [48128 2012-01-03] ()</p><p>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)</p><p>HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)</p><p>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2552856 2014-02-04] ()</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)</p><p>HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-03] (Microsoft Corporation)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-1000\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-22] (Google Inc.)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify] - C:\Users\Gjest\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-27] (Spotify Ltd)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify Web Helper] - C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-27] (Spotify Ltd)</p><p>AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File Not Found</p><p>AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File Not Found</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH" target="_blank">http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH" target="_blank">http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH</a></p><p>SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = <a href="http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}" target="_blank">http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}</a></p><p>SearchScopes: HKCU - {3645907B-3E7F-4699-A76A-1C8A3509A035} URL = <a href="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2" target="_blank">http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2</a></p><p>SearchScopes: HKCU - {44AC8817-C2ED-460D-9EBA-50CF774569CF} URL = <a href="http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}" target="_blank">http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}</a></p><p>BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File</p><p>BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)</p><p>BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File</p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>Toolbar: HKLM-x32 - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File</p><p>Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File</p><p>Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)</p><p>Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File</p><p>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} <a href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" target="_blank">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</a></p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\hsmo02tr.default</p><p>FF SearchEngineOrder.1: Ask.com</p><p>FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7ACB1196-293E-4D3E-98D4-B9A56920F034&apn_ptnrs=&apn_sauid=5DF6F689-6B4F-40EB-9BBA-2B1ECF0D1D34&apn_dtid=OSJ000&&q=</p><p>FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()</p><p>FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)</p><p>FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()</p><p>FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)</p><p>FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)</p><p>FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)</p><p>FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()</p><p>FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bok-NO.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\gulesider-NO.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qxl-NO.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-NO.xml</p><p>FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49</p><p>FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49 [2014-01-09]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)</p><p>R2 eLoggerSvc6; C:\Program Files\Norman\Npm\Bin\elogsvc.exe [104920 2013-03-04] (Norman AS)</p><p>S2 KCTRP; C:\Program Files\ColdTurkey\KCTRP_srv.exe [40960 2012-01-03] ()</p><p>R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)</p><p>S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)</p><p>R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)</p><p>R2 NHS; C:\Program Files\Norman\Nvc\bin\nhs.exe [793520 2012-10-17] ()</p><p>R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)</p><p>R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)</p><p>R2 NNFSVC; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [279592 2013-12-06] (Norman Safeground AS)</p><p>R3 Norman NJeeves; C:\Program Files\Norman\Npm\Bin\Njeeves.exe [150120 2013-02-13] ()</p><p>R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [433504 2013-03-20] (Norman AS)</p><p>R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [120456 2013-08-16] (Norman Safeground AS)</p><p>R3 nsesvc; C:\Program Files\Norman\Nse\Bin\NSESVC.EXE [427288 2013-02-27] (Norman ASA)</p><p>R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)</p><p>R3 nvcoas; C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [320696 2013-01-21] (Norman AS)</p><p>R2 NVOY; C:\Program Files\Norman\Npm\Bin\Nvoy.exe [246560 2013-06-27] (Norman AS)</p><p>R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [402072 2013-03-13] (Norman AS)</p><p>R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-26] (Toshiba Europe GmbH)</p><p>R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)</p><p>R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1770312 2014-01-09] (AVG Secure Search)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)</p><p>R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)</p><p>R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-04] (AVG Technologies)</p><p>R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)</p><p>R1 NGS; c:\program files\norman\ngs\bin\ngs64.sys [22400 2012-06-25] (Norman ASA)</p><p>R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)</p><p>R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [41536 2013-08-16] (Norman Safeground AS)</p><p>R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [68792 2013-08-13] (Norman Safeground AS)</p><p>R3 NvcMFlt; C:\Windows\System32\DRIVERS\nvcv64mf.sys [59552 2013-09-16] (Norman ASA)</p><p>R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [439808 2009-08-13] (Realtek Semiconductor Corporation )</p><p>R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)</p><p></p><p>========================== Drivers MD5 =======================</p><p></p><p>C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228</p><p>C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49</p><p>C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048</p><p>C:\Windows\system32\drivers\appid.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\avgidsdrivera.sys 92B7689FBC131E143421A19C18320E34</p><p>C:\Windows\System32\DRIVERS\avgidsha.sys C8D9EEACF266512C1FA52E2ECF5AD944</p><p>C:\Windows\System32\DRIVERS\avgldx64.sys FACD18A89FDEBC35C85CAF762B294BE2</p><p>C:\Windows\System32\DRIVERS\avgloga.sys 29FCDEAC6086FB7E55344B51E35D99CE</p><p>C:\Windows\System32\DRIVERS\avgmfx64.sys 85053293DCDE19829E8691A9E9E8A6FF</p><p>C:\Windows\System32\DRIVERS\avgrkx64.sys E191E443B0F7B05E784279A1C29B9D2A</p><p>C:\Windows\System32\DRIVERS\avgtdia.sys 69BD90E337625F96C718CACE7A9C9E29</p><p>C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06</p><p>C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit</p><p>C:\Windows\System32\CLFS.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706</p><p>C:\Windows\System32\drivers\CHDRT64.sys 3CB10294F7A59FD22501F4BAD915F250</p><p>C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\discache.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52</p><p>C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578</p><p>C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B</p><p>C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0</p><p>C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A</p><p>C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366</p><p>C:\Windows\System32\DRIVERS\igdkmd64.sys 3C3F27002ABC69C5AFE29CBE6CF7ADDF</p><p>C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\IntcHdmi.sys 88A20FA54C73DED4E8DAC764E9130AE9</p><p>C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64</p><p>C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C</p><p>C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\L1C62x64.sys 2377EC4CC3E356655B996F39B43486B6</p><p>C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\modem.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9</p><p>C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404</p><p>C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC</p><p>C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163</p><p>C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C</p><p>C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88</p><p>C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit</p><p>c:\program files\norman\ngs\bin\ngs64.sys 300801408D1EEEF8E0DC9774710A1D1C</p><p>C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B</p><p>C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit</p><p>C:\Program Files\Norman\Ngs\Bin\nprosec64.sys 8C8902FE81A842C673E458AA89E4C5A8</p><p>C:\Program Files\Norman\Ngs\Bin\nregsec64.sys 3893EA5E7F47B0D280C6E78138EE3926</p><p>C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0</p><p>C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\nvcv64mf.sys 09F691A79756FC30118FC6FD263F2A72</p><p>C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD</p><p>C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A</p><p>C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C</p><p>C:\Windows\System32\drivers\pci.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\pgeffect.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\QIOMem.sys C8FCB4899F8B70CC34E0D9876A80963C</p><p>C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A</p><p>C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\RtsUStor.sys FB39AF63D6617F028BA0EBC21B83360D</p><p>C:\Windows\System32\DRIVERS\RTL8187Se.sys 089AA94966A6E8F054D4AC734533BE28</p><p>C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B</p><p>C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28</p><p>C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3</p><p>C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\SynTP.sys D58927AE176DA3CC400E2C1D2F441EC3</p><p>C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51</p><p>C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51</p><p>C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC</p><p>C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29</p><p>C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8</p><p>C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\thpdrv.sys C013F6ACAA9761F571BD28DADA7C157D</p><p>C:\Windows\System32\DRIVERS\Thpevm.SYS B4E609047434ED948AF7BDEF2FA66E38</p><p>C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09</p><p>C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit</p><p>C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 7BC3381C0713F613B31ACDE38B71CB53</p><p>C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA</p><p>C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A</p><p>C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31</p><p>C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965</p><p>C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA</p><p>C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC</p><p>C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24</p><p>C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6</p><p>C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3</p><p>C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7</p><p>C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\vga.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8</p><p>C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit</p><p>C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D</p><p>C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F</p><p>C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2014-02-28 11:49 - 2014-03-05 21:14 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2014-03-17 17:29 - 2010-01-13 16:30 - 01581548 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-03-17 17:28 - 2009-07-14 10:16 - 00495144 _____ () C:\Windows\system32\perfh014.dat</p><p>2014-03-17 17:28 - 2009-07-14 10:16 - 00096248 _____ () C:\Windows\system32\perfc014.dat</p><p>2014-03-17 17:28 - 2009-07-14 06:13 - 01362082 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-03-17 17:26 - 2013-10-06 18:48 - 00015912 _____ () C:\Windows\setupact.log</p><p>2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-03-17 16:46 - 2014-01-06 22:36 - 00000000 ____D () C:\Users\TEMP.Miriam-TOSH</p><p>2014-03-17 16:46 - 2010-01-26 20:13 - 00000000 ____D () C:\Users\Gjest</p><p>2014-03-17 16:45 - 2012-02-21 12:32 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics</p><p>2014-03-17 16:44 - 2011-11-17 16:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl</p><p>2014-03-17 16:42 - 2012-04-16 12:45 - 00000000 ____D () C:\Program Files\ColdTurkey</p><p>2014-03-17 16:42 - 2010-01-13 17:06 - 00000000 ____D () C:\Users\Miriam</p><p>2014-03-17 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration</p><p>2014-03-17 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing</p><p>2014-03-05 21:14 - 2014-02-28 11:49 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2014-02-28 22:08 - 2013-10-30 22:27 - 00115076 _____ () C:\Windows\PFRO.log</p><p>2014-02-27 11:11 - 2013-08-17 13:46 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-02-27 11:00 - 2011-03-22 23:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-02-21 19:46 - 2012-05-09 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-02-21 19:46 - 2011-12-01 15:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\rpcss.dll => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== BCD ================================</p><p>Datalageret for oppstartskonfigurasjon kunne ikke †pnes.</p><p>Ingen tilgang.</p><p></p><p></p><p>==================== End Of Log ============================</p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014</p><p>Ran by Gjest (ATTENTION: The logged in user is not administrator) on MIRIAM-TOSH on 17-03-2014 17:29:59</p><p>Running from E:\</p><p>Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norwegian Bokmal</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p></p><p>The only official download link for FRST:</p><p>Download link for 32-Bit version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/</a></p><p>Download link for 64-Bit Version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/</a></p><p>Download link from any site other than Bleeping Computer is unpermitted or outdated.</p><p>See tutorial for FRST: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe</p><p>(Intel Corporation) C:\Windows\system32\igfxsrvc.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe</p><p>(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe</p><p>(TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</p><p>(Intel Corporation) C:\Windows\system32\igfxext.exe</p><p>(Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\spotify.exe</p><p>(Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe</p><p>(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe</p><p>(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe</p><p>(Norman AS) C:\Program Files\Norman\Npm\Bin\zlh.exe</p><p>(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe</p><p>(Norman AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe</p><p>() C:\Program Files (x86)\AVG Nation toolbar\vprot.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(Norman ASA) C:\Program Files\Norman\Nvc\Bin\cclaw.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-26] (Toshiba Europe GmbH)</p><p>HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)</p><p>HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated)</p><p>HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon</p><p>HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [ConexantAudioPatch] - C:\Program Files\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] ()</p><p>HKLM\...\Run: [TosVolRegulator] - C:\Windows\TosVolRegulator_x64.exe [47928 2009-09-04] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)</p><p>HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)</p><p>HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)</p><p>HKLM-x32\...\Run: [Norman ZANDA] - C:\Program Files\Norman\Npm\Bin\ZLH.EXE [66888 2013-03-08] (Norman AS)</p><p>HKLM-x32\...\Run: [] - [X]</p><p>HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)</p><p>HKLM-x32\...\Run: [ColdTurkey_notify] - C:\Program Files\ColdTurkey\ct_notify.exe [48128 2012-01-03] ()</p><p>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)</p><p>HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)</p><p>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2552856 2014-02-04] ()</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)</p><p>HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-03] (Microsoft Corporation)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-1000\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-22] (Google Inc.)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify] - C:\Users\Gjest\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-27] (Spotify Ltd)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify Web Helper] - C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-27] (Spotify Ltd)</p><p>AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File Not Found</p><p>AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File Not Found</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH" target="_blank">http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH" target="_blank">http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH</a></p><p>SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = <a href="http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}" target="_blank">http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}</a></p><p>SearchScopes: HKCU - {3645907B-3E7F-4699-A76A-1C8A3509A035} URL = <a href="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2" target="_blank">http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2</a></p><p>SearchScopes: HKCU - {44AC8817-C2ED-460D-9EBA-50CF774569CF} URL = <a href="http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}" target="_blank">http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}</a></p><p>BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File</p><p>BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)</p><p>BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File</p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>Toolbar: HKLM-x32 - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File</p><p>Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File</p><p>Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)</p><p>Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File</p><p>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} <a href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" target="_blank">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</a></p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\hsmo02tr.default</p><p>FF SearchEngineOrder.1: Ask.com</p><p>FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7ACB1196-293E-4D3E-98D4-B9A56920F034&apn_ptnrs=&apn_sauid=5DF6F689-6B4F-40EB-9BBA-2B1ECF0D1D34&apn_dtid=OSJ000&&q=</p><p>FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()</p><p>FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)</p><p>FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()</p><p>FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)</p><p>FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)</p><p>FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)</p><p>FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()</p><p>FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bok-NO.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\gulesider-NO.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qxl-NO.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-NO.xml</p><p>FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49</p><p>FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49 [2014-01-09]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)</p><p>R2 eLoggerSvc6; C:\Program Files\Norman\Npm\Bin\elogsvc.exe [104920 2013-03-04] (Norman AS)</p><p>S2 KCTRP; C:\Program Files\ColdTurkey\KCTRP_srv.exe [40960 2012-01-03] ()</p><p>R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)</p><p>S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)</p><p>R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)</p><p>R2 NHS; C:\Program Files\Norman\Nvc\bin\nhs.exe [793520 2012-10-17] ()</p><p>R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)</p><p>R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)</p><p>R2 NNFSVC; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [279592 2013-12-06] (Norman Safeground AS)</p><p>R3 Norman NJeeves; C:\Program Files\Norman\Npm\Bin\Njeeves.exe [150120 2013-02-13] ()</p><p>R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [433504 2013-03-20] (Norman AS)</p><p>R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [120456 2013-08-16] (Norman Safeground AS)</p><p>R3 nsesvc; C:\Program Files\Norman\Nse\Bin\NSESVC.EXE [427288 2013-02-27] (Norman ASA)</p><p>R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)</p><p>R3 nvcoas; C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [320696 2013-01-21] (Norman AS)</p><p>R2 NVOY; C:\Program Files\Norman\Npm\Bin\Nvoy.exe [246560 2013-06-27] (Norman AS)</p><p>R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [402072 2013-03-13] (Norman AS)</p><p>R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-26] (Toshiba Europe GmbH)</p><p>R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)</p><p>R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1770312 2014-01-09] (AVG Secure Search)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)</p><p>R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)</p><p>R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-04] (AVG Technologies)</p><p>R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)</p><p>R1 NGS; c:\program files\norman\ngs\bin\ngs64.sys [22400 2012-06-25] (Norman ASA)</p><p>R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)</p><p>R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [41536 2013-08-16] (Norman Safeground AS)</p><p>R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [68792 2013-08-13] (Norman Safeground AS)</p><p>R3 NvcMFlt; C:\Windows\System32\DRIVERS\nvcv64mf.sys [59552 2013-09-16] (Norman ASA)</p><p>R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [439808 2009-08-13] (Realtek Semiconductor Corporation )</p><p>R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)</p><p></p><p>========================== Drivers MD5 =======================</p><p></p><p>C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228</p><p>C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49</p><p>C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048</p><p>C:\Windows\system32\drivers\appid.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\avgidsdrivera.sys 92B7689FBC131E143421A19C18320E34</p><p>C:\Windows\System32\DRIVERS\avgidsha.sys C8D9EEACF266512C1FA52E2ECF5AD944</p><p>C:\Windows\System32\DRIVERS\avgldx64.sys FACD18A89FDEBC35C85CAF762B294BE2</p><p>C:\Windows\System32\DRIVERS\avgloga.sys 29FCDEAC6086FB7E55344B51E35D99CE</p><p>C:\Windows\System32\DRIVERS\avgmfx64.sys 85053293DCDE19829E8691A9E9E8A6FF</p><p>C:\Windows\System32\DRIVERS\avgrkx64.sys E191E443B0F7B05E784279A1C29B9D2A</p><p>C:\Windows\System32\DRIVERS\avgtdia.sys 69BD90E337625F96C718CACE7A9C9E29</p><p>C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06</p><p>C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit</p><p>C:\Windows\System32\CLFS.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706</p><p>C:\Windows\System32\drivers\CHDRT64.sys 3CB10294F7A59FD22501F4BAD915F250</p><p>C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\discache.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52</p><p>C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578</p><p>C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B</p><p>C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0</p><p>C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A</p><p>C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366</p><p>C:\Windows\System32\DRIVERS\igdkmd64.sys 3C3F27002ABC69C5AFE29CBE6CF7ADDF</p><p>C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\IntcHdmi.sys 88A20FA54C73DED4E8DAC764E9130AE9</p><p>C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64</p><p>C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C</p><p>C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\L1C62x64.sys 2377EC4CC3E356655B996F39B43486B6</p><p>C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\modem.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9</p><p>C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404</p><p>C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC</p><p>C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163</p><p>C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C</p><p>C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88</p><p>C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit</p><p>c:\program files\norman\ngs\bin\ngs64.sys 300801408D1EEEF8E0DC9774710A1D1C</p><p>C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B</p><p>C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit</p><p>C:\Program Files\Norman\Ngs\Bin\nprosec64.sys 8C8902FE81A842C673E458AA89E4C5A8</p><p>C:\Program Files\Norman\Ngs\Bin\nregsec64.sys 3893EA5E7F47B0D280C6E78138EE3926</p><p>C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0</p><p>C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\nvcv64mf.sys 09F691A79756FC30118FC6FD263F2A72</p><p>C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD</p><p>C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A</p><p>C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C</p><p>C:\Windows\System32\drivers\pci.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\pgeffect.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\QIOMem.sys C8FCB4899F8B70CC34E0D9876A80963C</p><p>C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A</p><p>C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\RtsUStor.sys FB39AF63D6617F028BA0EBC21B83360D</p><p>C:\Windows\System32\DRIVERS\RTL8187Se.sys 089AA94966A6E8F054D4AC734533BE28</p><p>C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B</p><p>C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28</p><p>C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3</p><p>C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\SynTP.sys D58927AE176DA3CC400E2C1D2F441EC3</p><p>C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51</p><p>C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51</p><p>C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC</p><p>C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29</p><p>C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8</p><p>C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\thpdrv.sys C013F6ACAA9761F571BD28DADA7C157D</p><p>C:\Windows\System32\DRIVERS\Thpevm.SYS B4E609047434ED948AF7BDEF2FA66E38</p><p>C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09</p><p>C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit</p><p>C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 7BC3381C0713F613B31ACDE38B71CB53</p><p>C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA</p><p>C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A</p><p>C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31</p><p>C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965</p><p>C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA</p><p>C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC</p><p>C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24</p><p>C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6</p><p>C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3</p><p>C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7</p><p>C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\vga.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8</p><p>C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit</p><p>C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D</p><p>C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F</p><p>C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2014-02-28 11:49 - 2014-03-05 21:14 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2014-03-17 17:29 - 2010-01-13 16:30 - 01581548 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-03-17 17:28 - 2009-07-14 10:16 - 00495144 _____ () C:\Windows\system32\perfh014.dat</p><p>2014-03-17 17:28 - 2009-07-14 10:16 - 00096248 _____ () C:\Windows\system32\perfc014.dat</p><p>2014-03-17 17:28 - 2009-07-14 06:13 - 01362082 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-03-17 17:26 - 2013-10-06 18:48 - 00015912 _____ () C:\Windows\setupact.log</p><p>2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-03-17 16:46 - 2014-01-06 22:36 - 00000000 ____D () C:\Users\TEMP.Miriam-TOSH</p><p>2014-03-17 16:46 - 2010-01-26 20:13 - 00000000 ____D () C:\Users\Gjest</p><p>2014-03-17 16:45 - 2012-02-21 12:32 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics</p><p>2014-03-17 16:44 - 2011-11-17 16:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl</p><p>2014-03-17 16:42 - 2012-04-16 12:45 - 00000000 ____D () C:\Program Files\ColdTurkey</p><p>2014-03-17 16:42 - 2010-01-13 17:06 - 00000000 ____D () C:\Users\Miriam</p><p>2014-03-17 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration</p><p>2014-03-17 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing</p><p>2014-03-05 21:14 - 2014-02-28 11:49 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2014-02-28 22:08 - 2013-10-30 22:27 - 00115076 _____ () C:\Windows\PFRO.log</p><p>2014-02-27 11:11 - 2013-08-17 13:46 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-02-27 11:00 - 2011-03-22 23:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-02-21 19:46 - 2012-05-09 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-02-21 19:46 - 2011-12-01 15:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\rpcss.dll => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== BCD ================================</p><p>Datalageret for oppstartskonfigurasjon kunne ikke †pnes.</p><p>Ingen tilgang.</p><p></p><p></p><p>==================== End Of Log ============================</p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014</p><p>Ran by Gjest (ATTENTION: The logged in user is not administrator) on MIRIAM-TOSH on 17-03-2014 17:29:59</p><p>Running from E:\</p><p>Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norwegian Bokmal</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p></p><p>The only official download link for FRST:</p><p>Download link for 32-Bit version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/</a></p><p>Download link for 64-Bit Version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/</a></p><p>Download link from any site other than Bleeping Computer is unpermitted or outdated.</p><p>See tutorial for FRST: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe</p><p>(Intel Corporation) C:\Windows\system32\igfxsrvc.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe</p><p>(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe</p><p>(TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</p><p>(Intel Corporation) C:\Windows\system32\igfxext.exe</p><p>(Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\spotify.exe</p><p>(Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe</p><p>(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe</p><p>(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe</p><p>(Norman AS) C:\Program Files\Norman\Npm\Bin\zlh.exe</p><p>(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe</p><p>(Norman AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe</p><p>() C:\Program Files (x86)\AVG Nation toolbar\vprot.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(Norman ASA) C:\Program Files\Norman\Nvc\Bin\cclaw.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>() C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-26] (Toshiba Europe GmbH)</p><p>HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)</p><p>HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated)</p><p>HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon</p><p>HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [ConexantAudioPatch] - C:\Program Files\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] ()</p><p>HKLM\...\Run: [TosVolRegulator] - C:\Windows\TosVolRegulator_x64.exe [47928 2009-09-04] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)</p><p>HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)</p><p>HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)</p><p>HKLM-x32\...\Run: [Norman ZANDA] - C:\Program Files\Norman\Npm\Bin\ZLH.EXE [66888 2013-03-08] (Norman AS)</p><p>HKLM-x32\...\Run: [] - [X]</p><p>HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)</p><p>HKLM-x32\...\Run: [ColdTurkey_notify] - C:\Program Files\ColdTurkey\ct_notify.exe [48128 2012-01-03] ()</p><p>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)</p><p>HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)</p><p>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2552856 2014-02-04] ()</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)</p><p>HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-03] (Microsoft Corporation)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-1000\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-22] (Google Inc.)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify] - C:\Users\Gjest\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-27] (Spotify Ltd)</p><p>HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify Web Helper] - C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-27] (Spotify Ltd)</p><p>AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File Not Found</p><p>AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File Not Found</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH" target="_blank">http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH" target="_blank">http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH</a></p><p>SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = <a href="http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}" target="_blank">http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}</a></p><p>SearchScopes: HKCU - {3645907B-3E7F-4699-A76A-1C8A3509A035} URL = <a href="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2" target="_blank">http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2</a></p><p>SearchScopes: HKCU - {44AC8817-C2ED-460D-9EBA-50CF774569CF} URL = <a href="http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}" target="_blank">http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}</a></p><p>BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO-x32: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File</p><p>BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)</p><p>BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File</p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>Toolbar: HKLM-x32 - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File</p><p>Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File</p><p>Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)</p><p>Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File</p><p>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} <a href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" target="_blank">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</a></p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\hsmo02tr.default</p><p>FF SearchEngineOrder.1: Ask.com</p><p>FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7ACB1196-293E-4D3E-98D4-B9A56920F034&apn_ptnrs=&apn_sauid=5DF6F689-6B4F-40EB-9BBA-2B1ECF0D1D34&apn_dtid=OSJ000&&q=</p><p>FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()</p><p>FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)</p><p>FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()</p><p>FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)</p><p>FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)</p><p>FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)</p><p>FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()</p><p>FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bok-NO.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\gulesider-NO.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qxl-NO.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-NO.xml</p><p>FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49</p><p>FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49 [2014-01-09]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)</p><p>R2 eLoggerSvc6; C:\Program Files\Norman\Npm\Bin\elogsvc.exe [104920 2013-03-04] (Norman AS)</p><p>S2 KCTRP; C:\Program Files\ColdTurkey\KCTRP_srv.exe [40960 2012-01-03] ()</p><p>R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)</p><p>S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)</p><p>R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)</p><p>R2 NHS; C:\Program Files\Norman\Nvc\bin\nhs.exe [793520 2012-10-17] ()</p><p>R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)</p><p>R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)</p><p>R2 NNFSVC; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [279592 2013-12-06] (Norman Safeground AS)</p><p>R3 Norman NJeeves; C:\Program Files\Norman\Npm\Bin\Njeeves.exe [150120 2013-02-13] ()</p><p>R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [433504 2013-03-20] (Norman AS)</p><p>R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [120456 2013-08-16] (Norman Safeground AS)</p><p>R3 nsesvc; C:\Program Files\Norman\Nse\Bin\NSESVC.EXE [427288 2013-02-27] (Norman ASA)</p><p>R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)</p><p>R3 nvcoas; C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [320696 2013-01-21] (Norman AS)</p><p>R2 NVOY; C:\Program Files\Norman\Npm\Bin\Nvoy.exe [246560 2013-06-27] (Norman AS)</p><p>R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [402072 2013-03-13] (Norman AS)</p><p>R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-26] (Toshiba Europe GmbH)</p><p>R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)</p><p>R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1770312 2014-01-09] (AVG Secure Search)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)</p><p>R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)</p><p>R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-04] (AVG Technologies)</p><p>R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)</p><p>R1 NGS; c:\program files\norman\ngs\bin\ngs64.sys [22400 2012-06-25] (Norman ASA)</p><p>R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)</p><p>R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [41536 2013-08-16] (Norman Safeground AS)</p><p>R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [68792 2013-08-13] (Norman Safeground AS)</p><p>R3 NvcMFlt; C:\Windows\System32\DRIVERS\nvcv64mf.sys [59552 2013-09-16] (Norman ASA)</p><p>R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [439808 2009-08-13] (Realtek Semiconductor Corporation )</p><p>R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)</p><p></p><p>========================== Drivers MD5 =======================</p><p></p><p>C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228</p><p>C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49</p><p>C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048</p><p>C:\Windows\system32\drivers\appid.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\avgidsdrivera.sys 92B7689FBC131E143421A19C18320E34</p><p>C:\Windows\System32\DRIVERS\avgidsha.sys C8D9EEACF266512C1FA52E2ECF5AD944</p><p>C:\Windows\System32\DRIVERS\avgldx64.sys FACD18A89FDEBC35C85CAF762B294BE2</p><p>C:\Windows\System32\DRIVERS\avgloga.sys 29FCDEAC6086FB7E55344B51E35D99CE</p><p>C:\Windows\System32\DRIVERS\avgmfx64.sys 85053293DCDE19829E8691A9E9E8A6FF</p><p>C:\Windows\System32\DRIVERS\avgrkx64.sys E191E443B0F7B05E784279A1C29B9D2A</p><p>C:\Windows\System32\DRIVERS\avgtdia.sys 69BD90E337625F96C718CACE7A9C9E29</p><p>C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06</p><p>C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit</p><p>C:\Windows\System32\CLFS.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706</p><p>C:\Windows\System32\drivers\CHDRT64.sys 3CB10294F7A59FD22501F4BAD915F250</p><p>C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\discache.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52</p><p>C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578</p><p>C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B</p><p>C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0</p><p>C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A</p><p>C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366</p><p>C:\Windows\System32\DRIVERS\igdkmd64.sys 3C3F27002ABC69C5AFE29CBE6CF7ADDF</p><p>C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\IntcHdmi.sys 88A20FA54C73DED4E8DAC764E9130AE9</p><p>C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64</p><p>C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C</p><p>C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\L1C62x64.sys 2377EC4CC3E356655B996F39B43486B6</p><p>C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\modem.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9</p><p>C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404</p><p>C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC</p><p>C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163</p><p>C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C</p><p>C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88</p><p>C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit</p><p>c:\program files\norman\ngs\bin\ngs64.sys 300801408D1EEEF8E0DC9774710A1D1C</p><p>C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B</p><p>C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit</p><p>C:\Program Files\Norman\Ngs\Bin\nprosec64.sys 8C8902FE81A842C673E458AA89E4C5A8</p><p>C:\Program Files\Norman\Ngs\Bin\nregsec64.sys 3893EA5E7F47B0D280C6E78138EE3926</p><p>C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0</p><p>C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\nvcv64mf.sys 09F691A79756FC30118FC6FD263F2A72</p><p>C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD</p><p>C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A</p><p>C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C</p><p>C:\Windows\System32\drivers\pci.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\pgeffect.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\QIOMem.sys C8FCB4899F8B70CC34E0D9876A80963C</p><p>C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A</p><p>C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\RtsUStor.sys FB39AF63D6617F028BA0EBC21B83360D</p><p>C:\Windows\System32\DRIVERS\RTL8187Se.sys 089AA94966A6E8F054D4AC734533BE28</p><p>C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B</p><p>C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28</p><p>C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3</p><p>C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\SynTP.sys D58927AE176DA3CC400E2C1D2F441EC3</p><p>C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51</p><p>C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51</p><p>C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC</p><p>C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29</p><p>C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8</p><p>C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\thpdrv.sys C013F6ACAA9761F571BD28DADA7C157D</p><p>C:\Windows\System32\DRIVERS\Thpevm.SYS B4E609047434ED948AF7BDEF2FA66E38</p><p>C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09</p><p>C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit</p><p>C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 7BC3381C0713F613B31ACDE38B71CB53</p><p>C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA</p><p>C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A</p><p>C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31</p><p>C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965</p><p>C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA</p><p>C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC</p><p>C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24</p><p>C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6</p><p>C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3</p><p>C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7</p><p>C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\vga.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8</p><p>C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit</p><p>C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D</p><p>C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F</p><p>C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2014-02-28 11:49 - 2014-03-05 21:14 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2014-03-17 17:29 - 2010-01-13 16:30 - 01581548 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-03-17 17:28 - 2009-07-14 10:16 - 00495144 _____ () C:\Windows\system32\perfh014.dat</p><p>2014-03-17 17:28 - 2009-07-14 10:16 - 00096248 _____ () C:\Windows\system32\perfc014.dat</p><p>2014-03-17 17:28 - 2009-07-14 06:13 - 01362082 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-03-17 17:26 - 2013-10-06 18:48 - 00015912 _____ () C:\Windows\setupact.log</p><p>2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-03-17 16:46 - 2014-01-06 22:36 - 00000000 ____D () C:\Users\TEMP.Miriam-TOSH</p><p>2014-03-17 16:46 - 2010-01-26 20:13 - 00000000 ____D () C:\Users\Gjest</p><p>2014-03-17 16:45 - 2012-02-21 12:32 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics</p><p>2014-03-17 16:44 - 2011-11-17 16:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl</p><p>2014-03-17 16:42 - 2012-04-16 12:45 - 00000000 ____D () C:\Program Files\ColdTurkey</p><p>2014-03-17 16:42 - 2010-01-13 17:06 - 00000000 ____D () C:\Users\Miriam</p><p>2014-03-17 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration</p><p>2014-03-17 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing</p><p>2014-03-05 21:14 - 2014-02-28 11:49 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2014-02-28 22:08 - 2013-10-30 22:27 - 00115076 _____ () C:\Windows\PFRO.log</p><p>2014-02-27 11:11 - 2013-08-17 13:46 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-02-27 11:00 - 2011-03-22 23:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-02-21 19:46 - 2012-05-09 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-02-21 19:46 - 2011-12-01 15:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\rpcss.dll => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== BCD ================================</p><p>Datalageret for oppstartskonfigurasjon kunne ikke †pnes.</p><p>Ingen tilgang.</p><p></p><p></p><p>==================== End Of Log ============================</p><p>ADDITION.TXT:</p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014</p><p>Ran by Gjest at 2014-03-17 17:31:48</p><p>Running from E:\</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p></p><p>==================== Installed Programs ======================</p><p></p><p> Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)</p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)</p><p>Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden</p><p>Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.05) - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)</p><p>Amazon.co.uk (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version: - Amazon EU S.a.r.L.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Apple-programsupport (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)</p><p>Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION</p><p>Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION</p><p>Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)</p><p>AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3462 - AVG Technologies)</p><p>AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden</p><p>AVG 2013 (Version: 13.0.3705 - AVG Technologies) Hidden</p><p>AVG Nation toolbar (HKLM-x32\...\AVG Nation toolbar) (Version: 17.3.0.49 - InfoSpace)</p><p>AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 12.0.4000.108 - AVG Technologies)</p><p>AVG PC TuneUp (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden</p><p>AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden</p><p>Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)</p><p>Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version: - )</p><p>Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - )</p><p>CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)</p><p>Cold Turkey version 0.6 (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 0.6 - Felix Belzile)</p><p>Compatibility Pack for 2007 Office (HKLM-x32\...\{90120000-0020-0414-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.6.63 - Conexant)</p><p>Crayon Physics Deluxe - release 53 (HKLM-x32\...\Crayon Physics Deluxe_is1) (Version: - Kloonigames)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Digimax Master (HKLM-x32\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.35 - Samsung)</p><p>DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)</p><p>DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)</p><p>DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)</p><p>DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)</p><p>DivX Plus Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)</p><p>eBay (HKLM-x32\...\{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}) (Version: 1.0.4 - eBay Inc.)</p><p>EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.2.5149 - Thomson Reuters)</p><p>Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)</p><p>Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)</p><p>Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)</p><p>Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden</p><p>Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden</p><p>Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)</p><p>Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)</p><p>Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)</p><p>Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)</p><p>Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden</p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)</p><p>Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft .NET Framework 4.5.1 (NOR) (Version: 4.5.50938 - Microsoft Corporation) Hidden</p><p>Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden</p><p>Microsoft .NET Framework 4.5.1, norsk språkpakke (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1044) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden</p><p>Microsoft Office Excel 2007 Help Oppdatering (KB963678) (HKLM-x32\...\{90120000-0016-0414-0000-0000000FF1CE}_HOMESTUDENTR_{786F200B-1F70-4B66-BBB3-29CFF7C425D7}) (Version: - Microsoft)</p><p>Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)</p><p>Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Powerpoint 2007 Help Oppdatering (KB963669) (HKLM-x32\...\{90120000-0018-0414-0000-0000000FF1CE}_HOMESTUDENTR_{5511F835-0C39-4158-A689-34997E3F28AD}) (Version: - Microsoft)</p><p>Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office PowerPoint Viewer 2007 (Norwegian (Bokmål)) (HKLM-x32\...\{95120000-00AF-0414-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proof (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proof (Norwegian (Nynorsk)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proofing (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.4518.1022 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden</p><p>Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)</p><p>Microsoft Office Word 2007 Help Oppdatering (KB963665) (HKLM-x32\...\{90120000-001B-0414-0000-0000000FF1CE}_HOMESTUDENTR_{ED32C952-462A-4787-8AC1-CE455D7A816F}) (Version: - Microsoft)</p><p>Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden</p><p>Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Works (HKLM-x32\...\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}) (Version: 9.7.0621 - Microsoft Corporation)</p><p>Mozilla Firefox 26.0 (x86 nb-NO) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 nb-NO)) (Version: 26.0 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)</p><p>MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden</p><p>MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden</p><p>Musicnotes Software Suite 1.7.2 (HKLM-x32\...\Musicnotes Combined Installer_is1) (Version: 1.7.2 - Musicnotes Inc.)</p><p>Norman Security Suite (HKLM\...\{8FE6F158-AF0D-4F66-A798-DA00B106E177}) (Version: 7.30.0400 - Norman ASA)</p><p>OpenOffice.org 3.2 (HKLM-x32\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)</p><p>Photo to Cartoon (HKLM-x32\...\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}) (Version: 1.0.0 - Caricature Software)</p><p>PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)</p><p>QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)</p><p>Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)</p><p>Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)</p><p>ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )</p><p>Samsung USB Driver (HKLM-x32\...\{86D6A20D-3910-4441-A3E5-EB6977251C86}) (Version: - )</p><p>Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)</p><p>Skype(TM) Launcher (HKLM-x32\...\{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}) (Version: - Skype Technologies S.A.)</p><p>Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)</p><p>Spotify (HKLM-x32\...\Spotify) (Version: 0.3.22 - )</p><p>Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.1.2.0 - Synaptics Incorporated)</p><p>Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)</p><p>TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)</p><p>TOSHIBA Bulletin Board (Version: 1.0.04.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.23 - TOSHIBA Corporation)</p><p>TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.10.64 - TOSHIBA Corporation)</p><p>TOSHIBA eco Utility (Version: 1.1.10.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA eco Utility (x32 Version: 1.1.10.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )</p><p>TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)</p><p>TOSHIBA Face Recognition (Version: 3.1.1.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Harddisk-/SSD-varsel (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)</p><p>TOSHIBA Harddisk-/SSD-varsel (Version: 3.1.64.0 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Harddisk-/SSD-varsel (x32 Version: 3.1.64.0 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: - )</p><p>TOSHIBA Hardware Setup (Version: 4.01.01.00 - TOSHIBA) Hidden</p><p>TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)</p><p>Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)</p><p>Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)</p><p>TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.0.64 - TOSHIBA Corporation)</p><p>Toshiba Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)</p><p>Toshiba Photo Service - powered by myphotobook (x32 Version: 1.0.0 - myphotobook GmbH) Hidden</p><p>TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.3 x64 - TOSHIBA Corporation)</p><p>TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)</p><p>TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden</p><p>TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)</p><p>TOSHIBA ReelTime (Version: 1.0.04.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)</p><p>TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)</p><p>TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: - )</p><p>TOSHIBA Supervisor Password (Version: 4.01.01.00 - TOSHIBA) Hidden</p><p>Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.06 - Toshiba Europe GmbH)</p><p>TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)</p><p>TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)</p><p>TOSHIBA Value Added Package (Version: 1.2.25.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Value Added Package (x32 Version: 1.2.25.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)</p><p>TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )</p><p>TRORMCLauncher (Version: 1.0.0.7 - TOSHIBA) Hidden</p><p>Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)</p><p>VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden</p><p>Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)</p><p>Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)</p><p>Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden</p><p>Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden</p><p>Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden</p><p>Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p>Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden</p><p>Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden</p><p>Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Sync (HKLM-x32\...\{89D05DB6-9AC1-4EA2-89FD-859DBA14FEA4}) (Version: 14.0.8117.416 - Microsoft Corporation)</p><p>Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden</p><p>Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Could not list Restore Points. Check "winmgmt" service or repair WMI.</p><p></p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>2009-07-14 03:34 - 2014-03-17 16:45 - 00000824 ____R C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2009-07-16 16:27 - 2009-07-16 16:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll</p><p>2009-07-16 16:27 - 2009-07-16 16:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll</p><p>2009-09-22 19:43 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll</p><p>2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll</p><p>2009-08-06 15:14 - 2009-08-06 15:14 - 03002728 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll</p><p>2013-10-04 14:35 - 2014-02-04 17:18 - 02552856 _____ () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe</p><p>2014-01-08 13:38 - 2014-01-27 23:09 - 00603648 _____ () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"</p><p></p><p>==================== Disabled items from MSCONFIG ==============</p><p></p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Could not list Devices. Check "winmgmt" service or repair WMI.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Could not start eventlog service, could not read events.</p><p></p><p>Systemfeil 5 har oppst�tt.</p><p></p><p>Ingen tilgang.</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Percentage of memory in use: 44%</p><p>Total physical RAM: 3932.95 MB</p><p>Available physical RAM: 2184.73 MB</p><p>Total Pagefile: 7864.07 MB</p><p>Available Pagefile: 5837.41 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.84 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (WINDOWS) (Fixed) (Total:116.37 GB) (Free:36.56 GB) NTFS</p><p>Drive d: (Data) (Fixed) (Total:116.12 GB) (Free:110.43 GB) NTFS</p><p>Drive e: (FLASH DRIVE) (Removable) (Total:7.26 GB) (Free:7.26 GB) FAT32</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="NiceBoyfriend, post: 174366, member: 19969"] Hi, my girlfriend has tasked me with sorting out her laptop during my break and frankly it's a mess. I highly suspect (multiple) malware infections. First, the Admin account is unavailable, calling "User Profile Service failed the logon. User profile cannot be loaded." So all access to the computer is limited to a guest account without admin privileges. Any attempt to access the registry to fix this has so far been blocked. Secondly, I'm completely unable to access safe mode, both my conventional (F8 on startup) and unconventional means (system config, BCDedit, cold start on boot-up etc.) Thirdly, as I'm only able to access the computer without admin privileges, I'm not allowed to run recovery, repair og diagnostics tools to any great degree. The execution seems to be blocked after entering the admin password. The computer reports "Could not find (file) error. Check that the name is correct and try again". Unfortunately, that also means that I cannot offer aswMBR or Adwcleaner error reports as they couldn't be executed on the affected computer. The computer in question is a Toshiba Satelite T130-145 running Windows 7 SP1 Home Edition 64-bit. There's both Norman and AVG anti-virus software, but both are inactivated due to expiry of license. Thankful for any and all suggestions and advice. Farbar Scan results pasted below (Frst.txt first, addition.txt afterwards): ========================================================================================== Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Gjest (ATTENTION: The logged in user is not administrator) on MIRIAM-TOSH on 17-03-2014 17:29:59 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norwegian Bokmal Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/[/url] Download link for 64-Bit Version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/[/url] Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (Norman AS) C:\Program Files\Norman\Npm\Bin\zlh.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Norman AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Norman ASA) C:\Program Files\Norman\Nvc\Bin\cclaw.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-26] (Toshiba Europe GmbH) HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated) HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation) HKLM\...\Run: [ConexantAudioPatch] - C:\Program Files\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] () HKLM\...\Run: [TosVolRegulator] - C:\Windows\TosVolRegulator_x64.exe [47928 2009-09-04] (TOSHIBA Corporation) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [Norman ZANDA] - C:\Program Files\Norman\Npm\Bin\ZLH.EXE [66888 2013-03-08] (Norman AS) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask) HKLM-x32\...\Run: [ColdTurkey_notify] - C:\Program Files\ColdTurkey\ct_notify.exe [48128 2012-01-03] () HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2552856 2014-02-04] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-03] (Microsoft Corporation) HKU\S-1-5-21-2813973385-687834051-1337628694-1000\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-22] (Google Inc.) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify] - C:\Users\Gjest\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-27] (Spotify Ltd) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify Web Helper] - C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-27] (Spotify Ltd) AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File Not Found AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File Not Found ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH[/url] SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = [url]http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}[/url] SearchScopes: HKCU - {3645907B-3E7F-4699-A76A-1C8A3509A035} URL = [url]http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2[/url] SearchScopes: HKCU - {44AC8817-C2ED-460D-9EBA-50CF774569CF} URL = [url]http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}[/url] BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search) FireFox: ======== FF ProfilePath: C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\hsmo02tr.default FF SearchEngineOrder.1: Ask.com FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7ACB1196-293E-4D3E-98D4-B9A56920F034&apn_ptnrs=&apn_sauid=5DF6F689-6B4F-40EB-9BBA-2B1ECF0D1D34&apn_dtid=OSJ000&&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies) FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll () FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bok-NO.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\gulesider-NO.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qxl-NO.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-NO.xml FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49 FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49 [2014-01-09] ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 eLoggerSvc6; C:\Program Files\Norman\Npm\Bin\elogsvc.exe [104920 2013-03-04] (Norman AS) S2 KCTRP; C:\Program Files\ColdTurkey\KCTRP_srv.exe [40960 2012-01-03] () R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R2 NHS; C:\Program Files\Norman\Nvc\bin\nhs.exe [793520 2012-10-17] () R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NNFSVC; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [279592 2013-12-06] (Norman Safeground AS) R3 Norman NJeeves; C:\Program Files\Norman\Npm\Bin\Njeeves.exe [150120 2013-02-13] () R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [433504 2013-03-20] (Norman AS) R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [120456 2013-08-16] (Norman Safeground AS) R3 nsesvc; C:\Program Files\Norman\Nse\Bin\NSESVC.EXE [427288 2013-02-27] (Norman ASA) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 nvcoas; C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [320696 2013-01-21] (Norman AS) R2 NVOY; C:\Program Files\Norman\Npm\Bin\Nvoy.exe [246560 2013-06-27] (Norman AS) R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [402072 2013-03-13] (Norman AS) R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-26] (Toshiba Europe GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG) R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1770312 2014-01-09] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-04] (AVG Technologies) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R1 NGS; c:\program files\norman\ngs\bin\ngs64.sys [22400 2012-06-25] (Norman ASA) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [41536 2013-08-16] (Norman Safeground AS) R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [68792 2013-08-13] (Norman Safeground AS) R3 NvcMFlt; C:\Windows\System32\DRIVERS\nvcv64mf.sys [59552 2013-09-16] (Norman ASA) R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [439808 2009-08-13] (Realtek Semiconductor Corporation ) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\avgidsdrivera.sys 92B7689FBC131E143421A19C18320E34 C:\Windows\System32\DRIVERS\avgidsha.sys C8D9EEACF266512C1FA52E2ECF5AD944 C:\Windows\System32\DRIVERS\avgldx64.sys FACD18A89FDEBC35C85CAF762B294BE2 C:\Windows\System32\DRIVERS\avgloga.sys 29FCDEAC6086FB7E55344B51E35D99CE C:\Windows\System32\DRIVERS\avgmfx64.sys 85053293DCDE19829E8691A9E9E8A6FF C:\Windows\System32\DRIVERS\avgrkx64.sys E191E443B0F7B05E784279A1C29B9D2A C:\Windows\System32\DRIVERS\avgtdia.sys 69BD90E337625F96C718CACE7A9C9E29 C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\drivers\CHDRT64.sys 3CB10294F7A59FD22501F4BAD915F250 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578 C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys 3C3F27002ABC69C5AFE29CBE6CF7ADDF C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\IntcHdmi.sys 88A20FA54C73DED4E8DAC764E9130AE9 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64 C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1C62x64.sys 2377EC4CC3E356655B996F39B43486B6 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit c:\program files\norman\ngs\bin\ngs64.sys 300801408D1EEEF8E0DC9774710A1D1C C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Program Files\Norman\Ngs\Bin\nprosec64.sys 8C8902FE81A842C673E458AA89E4C5A8 C:\Program Files\Norman\Ngs\Bin\nregsec64.sys 3893EA5E7F47B0D280C6E78138EE3926 C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvcv64mf.sys 09F691A79756FC30118FC6FD263F2A72 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pgeffect.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\QIOMem.sys C8FCB4899F8B70CC34E0D9876A80963C C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RtsUStor.sys FB39AF63D6617F028BA0EBC21B83360D C:\Windows\System32\DRIVERS\RTL8187Se.sys 089AA94966A6E8F054D4AC734533BE28 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys D58927AE176DA3CC400E2C1D2F441EC3 C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29 C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\thpdrv.sys C013F6ACAA9761F571BD28DADA7C157D C:\Windows\System32\DRIVERS\Thpevm.SYS B4E609047434ED948AF7BDEF2FA66E38 C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 7BC3381C0713F613B31ACDE38B71CB53 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-28 11:49 - 2014-03-05 21:14 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI ==================== One Month Modified Files and Folders ======= 2014-03-17 17:29 - 2010-01-13 16:30 - 01581548 _____ () C:\Windows\WindowsUpdate.log 2014-03-17 17:28 - 2009-07-14 10:16 - 00495144 _____ () C:\Windows\system32\perfh014.dat 2014-03-17 17:28 - 2009-07-14 10:16 - 00096248 _____ () C:\Windows\system32\perfc014.dat 2014-03-17 17:28 - 2009-07-14 06:13 - 01362082 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-17 17:26 - 2013-10-06 18:48 - 00015912 _____ () C:\Windows\setupact.log 2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 16:46 - 2014-01-06 22:36 - 00000000 ____D () C:\Users\TEMP.Miriam-TOSH 2014-03-17 16:46 - 2010-01-26 20:13 - 00000000 ____D () C:\Users\Gjest 2014-03-17 16:45 - 2012-02-21 12:32 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-03-17 16:44 - 2011-11-17 16:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-03-17 16:42 - 2012-04-16 12:45 - 00000000 ____D () C:\Program Files\ColdTurkey 2014-03-17 16:42 - 2010-01-13 17:06 - 00000000 ____D () C:\Users\Miriam 2014-03-17 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-03-17 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-03-05 21:14 - 2014-02-28 11:49 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-28 22:08 - 2013-10-30 22:27 - 00115076 _____ () C:\Windows\PFRO.log 2014-02-27 11:11 - 2013-08-17 13:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-27 11:00 - 2011-03-22 23:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-21 19:46 - 2012-05-09 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 19:46 - 2011-12-01 15:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Datalageret for oppstartskonfigurasjon kunne ikke †pnes. Ingen tilgang. ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Gjest (ATTENTION: The logged in user is not administrator) on MIRIAM-TOSH on 17-03-2014 17:29:59 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norwegian Bokmal Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/[/url] Download link for 64-Bit Version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/[/url] Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (Norman AS) C:\Program Files\Norman\Npm\Bin\zlh.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Norman AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Norman ASA) C:\Program Files\Norman\Nvc\Bin\cclaw.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-26] (Toshiba Europe GmbH) HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated) HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation) HKLM\...\Run: [ConexantAudioPatch] - C:\Program Files\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] () HKLM\...\Run: [TosVolRegulator] - C:\Windows\TosVolRegulator_x64.exe [47928 2009-09-04] (TOSHIBA Corporation) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [Norman ZANDA] - C:\Program Files\Norman\Npm\Bin\ZLH.EXE [66888 2013-03-08] (Norman AS) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask) HKLM-x32\...\Run: [ColdTurkey_notify] - C:\Program Files\ColdTurkey\ct_notify.exe [48128 2012-01-03] () HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2552856 2014-02-04] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-03] (Microsoft Corporation) HKU\S-1-5-21-2813973385-687834051-1337628694-1000\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-22] (Google Inc.) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify] - C:\Users\Gjest\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-27] (Spotify Ltd) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify Web Helper] - C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-27] (Spotify Ltd) AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File Not Found AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File Not Found ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH[/url] SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = [url]http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}[/url] SearchScopes: HKCU - {3645907B-3E7F-4699-A76A-1C8A3509A035} URL = [url]http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2[/url] SearchScopes: HKCU - {44AC8817-C2ED-460D-9EBA-50CF774569CF} URL = [url]http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}[/url] BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search) FireFox: ======== FF ProfilePath: C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\hsmo02tr.default FF SearchEngineOrder.1: Ask.com FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7ACB1196-293E-4D3E-98D4-B9A56920F034&apn_ptnrs=&apn_sauid=5DF6F689-6B4F-40EB-9BBA-2B1ECF0D1D34&apn_dtid=OSJ000&&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies) FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll () FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bok-NO.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\gulesider-NO.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qxl-NO.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-NO.xml FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49 FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49 [2014-01-09] ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 eLoggerSvc6; C:\Program Files\Norman\Npm\Bin\elogsvc.exe [104920 2013-03-04] (Norman AS) S2 KCTRP; C:\Program Files\ColdTurkey\KCTRP_srv.exe [40960 2012-01-03] () R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R2 NHS; C:\Program Files\Norman\Nvc\bin\nhs.exe [793520 2012-10-17] () R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NNFSVC; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [279592 2013-12-06] (Norman Safeground AS) R3 Norman NJeeves; C:\Program Files\Norman\Npm\Bin\Njeeves.exe [150120 2013-02-13] () R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [433504 2013-03-20] (Norman AS) R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [120456 2013-08-16] (Norman Safeground AS) R3 nsesvc; C:\Program Files\Norman\Nse\Bin\NSESVC.EXE [427288 2013-02-27] (Norman ASA) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 nvcoas; C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [320696 2013-01-21] (Norman AS) R2 NVOY; C:\Program Files\Norman\Npm\Bin\Nvoy.exe [246560 2013-06-27] (Norman AS) R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [402072 2013-03-13] (Norman AS) R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-26] (Toshiba Europe GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG) R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1770312 2014-01-09] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-04] (AVG Technologies) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R1 NGS; c:\program files\norman\ngs\bin\ngs64.sys [22400 2012-06-25] (Norman ASA) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [41536 2013-08-16] (Norman Safeground AS) R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [68792 2013-08-13] (Norman Safeground AS) R3 NvcMFlt; C:\Windows\System32\DRIVERS\nvcv64mf.sys [59552 2013-09-16] (Norman ASA) R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [439808 2009-08-13] (Realtek Semiconductor Corporation ) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\avgidsdrivera.sys 92B7689FBC131E143421A19C18320E34 C:\Windows\System32\DRIVERS\avgidsha.sys C8D9EEACF266512C1FA52E2ECF5AD944 C:\Windows\System32\DRIVERS\avgldx64.sys FACD18A89FDEBC35C85CAF762B294BE2 C:\Windows\System32\DRIVERS\avgloga.sys 29FCDEAC6086FB7E55344B51E35D99CE C:\Windows\System32\DRIVERS\avgmfx64.sys 85053293DCDE19829E8691A9E9E8A6FF C:\Windows\System32\DRIVERS\avgrkx64.sys E191E443B0F7B05E784279A1C29B9D2A C:\Windows\System32\DRIVERS\avgtdia.sys 69BD90E337625F96C718CACE7A9C9E29 C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\drivers\CHDRT64.sys 3CB10294F7A59FD22501F4BAD915F250 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578 C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys 3C3F27002ABC69C5AFE29CBE6CF7ADDF C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\IntcHdmi.sys 88A20FA54C73DED4E8DAC764E9130AE9 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64 C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1C62x64.sys 2377EC4CC3E356655B996F39B43486B6 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit c:\program files\norman\ngs\bin\ngs64.sys 300801408D1EEEF8E0DC9774710A1D1C C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Program Files\Norman\Ngs\Bin\nprosec64.sys 8C8902FE81A842C673E458AA89E4C5A8 C:\Program Files\Norman\Ngs\Bin\nregsec64.sys 3893EA5E7F47B0D280C6E78138EE3926 C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvcv64mf.sys 09F691A79756FC30118FC6FD263F2A72 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pgeffect.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\QIOMem.sys C8FCB4899F8B70CC34E0D9876A80963C C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RtsUStor.sys FB39AF63D6617F028BA0EBC21B83360D C:\Windows\System32\DRIVERS\RTL8187Se.sys 089AA94966A6E8F054D4AC734533BE28 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys D58927AE176DA3CC400E2C1D2F441EC3 C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29 C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\thpdrv.sys C013F6ACAA9761F571BD28DADA7C157D C:\Windows\System32\DRIVERS\Thpevm.SYS B4E609047434ED948AF7BDEF2FA66E38 C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 7BC3381C0713F613B31ACDE38B71CB53 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-28 11:49 - 2014-03-05 21:14 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI ==================== One Month Modified Files and Folders ======= 2014-03-17 17:29 - 2010-01-13 16:30 - 01581548 _____ () C:\Windows\WindowsUpdate.log 2014-03-17 17:28 - 2009-07-14 10:16 - 00495144 _____ () C:\Windows\system32\perfh014.dat 2014-03-17 17:28 - 2009-07-14 10:16 - 00096248 _____ () C:\Windows\system32\perfc014.dat 2014-03-17 17:28 - 2009-07-14 06:13 - 01362082 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-17 17:26 - 2013-10-06 18:48 - 00015912 _____ () C:\Windows\setupact.log 2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 16:46 - 2014-01-06 22:36 - 00000000 ____D () C:\Users\TEMP.Miriam-TOSH 2014-03-17 16:46 - 2010-01-26 20:13 - 00000000 ____D () C:\Users\Gjest 2014-03-17 16:45 - 2012-02-21 12:32 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-03-17 16:44 - 2011-11-17 16:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-03-17 16:42 - 2012-04-16 12:45 - 00000000 ____D () C:\Program Files\ColdTurkey 2014-03-17 16:42 - 2010-01-13 17:06 - 00000000 ____D () C:\Users\Miriam 2014-03-17 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-03-17 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-03-05 21:14 - 2014-02-28 11:49 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-28 22:08 - 2013-10-30 22:27 - 00115076 _____ () C:\Windows\PFRO.log 2014-02-27 11:11 - 2013-08-17 13:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-27 11:00 - 2011-03-22 23:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-21 19:46 - 2012-05-09 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 19:46 - 2011-12-01 15:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Datalageret for oppstartskonfigurasjon kunne ikke †pnes. Ingen tilgang. ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Gjest (ATTENTION: The logged in user is not administrator) on MIRIAM-TOSH on 17-03-2014 17:29:59 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norwegian Bokmal Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/[/url] Download link for 64-Bit Version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/[/url] Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (Norman AS) C:\Program Files\Norman\Npm\Bin\zlh.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Norman AS) C:\Program Files\Norman\Npm\Bin\zlhh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Norman ASA) C:\Program Files\Norman\Nvc\Bin\cclaw.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-26] (Toshiba Europe GmbH) HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated) HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation) HKLM\...\Run: [ConexantAudioPatch] - C:\Program Files\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] () HKLM\...\Run: [TosVolRegulator] - C:\Windows\TosVolRegulator_x64.exe [47928 2009-09-04] (TOSHIBA Corporation) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [Norman ZANDA] - C:\Program Files\Norman\Npm\Bin\ZLH.EXE [66888 2013-03-08] (Norman AS) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask) HKLM-x32\...\Run: [ColdTurkey_notify] - C:\Program Files\ColdTurkey\ct_notify.exe [48128 2012-01-03] () HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2552856 2014-02-04] () HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-03] (Microsoft Corporation) HKU\S-1-5-21-2813973385-687834051-1337628694-1000\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-22] (Google Inc.) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify] - C:\Users\Gjest\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-27] (Spotify Ltd) HKU\S-1-5-21-2813973385-687834051-1337628694-501\...\Run: [Spotify Web Helper] - C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-27] (Spotify Ltd) AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File Not Found AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File Not Found ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH[/url] SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = [url]http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}[/url] SearchScopes: HKCU - {3645907B-3E7F-4699-A76A-1C8A3509A035} URL = [url]http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2[/url] SearchScopes: HKCU - {44AC8817-C2ED-460D-9EBA-50CF774569CF} URL = [url]http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}[/url] BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search) FireFox: ======== FF ProfilePath: C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\hsmo02tr.default FF SearchEngineOrder.1: Ask.com FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7ACB1196-293E-4D3E-98D4-B9A56920F034&apn_ptnrs=&apn_sauid=5DF6F689-6B4F-40EB-9BBA-2B1ECF0D1D34&apn_dtid=OSJ000&&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies) FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll () FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bok-NO.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\gulesider-NO.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qxl-NO.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-NO.xml FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49 FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.3.0.49 [2014-01-09] ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 eLoggerSvc6; C:\Program Files\Norman\Npm\Bin\elogsvc.exe [104920 2013-03-04] (Norman AS) S2 KCTRP; C:\Program Files\ColdTurkey\KCTRP_srv.exe [40960 2012-01-03] () R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R2 NHS; C:\Program Files\Norman\Nvc\bin\nhs.exe [793520 2012-10-17] () R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NNFSVC; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [279592 2013-12-06] (Norman Safeground AS) R3 Norman NJeeves; C:\Program Files\Norman\Npm\Bin\Njeeves.exe [150120 2013-02-13] () R2 Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [433504 2013-03-20] (Norman AS) R2 NPROSECSVC; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [120456 2013-08-16] (Norman Safeground AS) R3 nsesvc; C:\Program Files\Norman\Nse\Bin\NSESVC.EXE [427288 2013-02-27] (Norman ASA) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 nvcoas; C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [320696 2013-01-21] (Norman AS) R2 NVOY; C:\Program Files\Norman\Npm\Bin\Nvoy.exe [246560 2013-06-27] (Norman AS) R3 Scheduler; C:\Program Files\Norman\Npm\Bin\scheduler.exe [402072 2013-03-13] (Norman AS) R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-26] (Toshiba Europe GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG) R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1770312 2014-01-09] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-04] (AVG Technologies) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R1 NGS; c:\program files\norman\ngs\bin\ngs64.sys [22400 2012-06-25] (Norman ASA) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R1 NPROSEC; C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [41536 2013-08-16] (Norman Safeground AS) R2 nregsec; C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [68792 2013-08-13] (Norman Safeground AS) R3 NvcMFlt; C:\Windows\System32\DRIVERS\nvcv64mf.sys [59552 2013-09-16] (Norman ASA) R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [439808 2009-08-13] (Realtek Semiconductor Corporation ) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\avgidsdrivera.sys 92B7689FBC131E143421A19C18320E34 C:\Windows\System32\DRIVERS\avgidsha.sys C8D9EEACF266512C1FA52E2ECF5AD944 C:\Windows\System32\DRIVERS\avgldx64.sys FACD18A89FDEBC35C85CAF762B294BE2 C:\Windows\System32\DRIVERS\avgloga.sys 29FCDEAC6086FB7E55344B51E35D99CE C:\Windows\System32\DRIVERS\avgmfx64.sys 85053293DCDE19829E8691A9E9E8A6FF C:\Windows\System32\DRIVERS\avgrkx64.sys E191E443B0F7B05E784279A1C29B9D2A C:\Windows\System32\DRIVERS\avgtdia.sys 69BD90E337625F96C718CACE7A9C9E29 C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\drivers\CHDRT64.sys 3CB10294F7A59FD22501F4BAD915F250 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52 C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578 C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys 3C3F27002ABC69C5AFE29CBE6CF7ADDF C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\IntcHdmi.sys 88A20FA54C73DED4E8DAC764E9130AE9 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64 C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1C62x64.sys 2377EC4CC3E356655B996F39B43486B6 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit c:\program files\norman\ngs\bin\ngs64.sys 300801408D1EEEF8E0DC9774710A1D1C C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Program Files\Norman\Ngs\Bin\nprosec64.sys 8C8902FE81A842C673E458AA89E4C5A8 C:\Program Files\Norman\Ngs\Bin\nregsec64.sys 3893EA5E7F47B0D280C6E78138EE3926 C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvcv64mf.sys 09F691A79756FC30118FC6FD263F2A72 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pgeffect.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\QIOMem.sys C8FCB4899F8B70CC34E0D9876A80963C C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RtsUStor.sys FB39AF63D6617F028BA0EBC21B83360D C:\Windows\System32\DRIVERS\RTL8187Se.sys 089AA94966A6E8F054D4AC734533BE28 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys D58927AE176DA3CC400E2C1D2F441EC3 C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29 C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\thpdrv.sys C013F6ACAA9761F571BD28DADA7C157D C:\Windows\System32\DRIVERS\Thpevm.SYS B4E609047434ED948AF7BDEF2FA66E38 C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 7BC3381C0713F613B31ACDE38B71CB53 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-28 11:49 - 2014-03-05 21:14 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI ==================== One Month Modified Files and Folders ======= 2014-03-17 17:29 - 2010-01-13 16:30 - 01581548 _____ () C:\Windows\WindowsUpdate.log 2014-03-17 17:28 - 2009-07-14 10:16 - 00495144 _____ () C:\Windows\system32\perfh014.dat 2014-03-17 17:28 - 2009-07-14 10:16 - 00096248 _____ () C:\Windows\system32\perfc014.dat 2014-03-17 17:28 - 2009-07-14 06:13 - 01362082 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-17 17:26 - 2013-10-06 18:48 - 00015912 _____ () C:\Windows\setupact.log 2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-17 16:53 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-17 16:46 - 2014-01-06 22:36 - 00000000 ____D () C:\Users\TEMP.Miriam-TOSH 2014-03-17 16:46 - 2010-01-26 20:13 - 00000000 ____D () C:\Users\Gjest 2014-03-17 16:45 - 2012-02-21 12:32 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-03-17 16:44 - 2011-11-17 16:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-03-17 16:42 - 2012-04-16 12:45 - 00000000 ____D () C:\Program Files\ColdTurkey 2014-03-17 16:42 - 2010-01-13 17:06 - 00000000 ____D () C:\Users\Miriam 2014-03-17 16:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-03-17 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-03-05 21:14 - 2014-02-28 11:49 - 01340106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-28 22:08 - 2013-10-30 22:27 - 00115076 _____ () C:\Windows\PFRO.log 2014-02-27 11:11 - 2013-08-17 13:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-27 11:00 - 2011-03-22 23:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-21 19:46 - 2012-05-09 15:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 19:46 - 2011-12-01 15:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Datalageret for oppstartskonfigurasjon kunne ikke †pnes. Ingen tilgang. ==================== End Of Log ============================ ADDITION.TXT: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Gjest at 2014-03-17 17:31:48 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader XI (11.0.05) - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) Amazon.co.uk (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version: - Amazon EU S.a.r.L.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Apple-programsupport (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.) AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3462 - AVG Technologies) AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.3705 - AVG Technologies) Hidden AVG Nation toolbar (HKLM-x32\...\AVG Nation toolbar) (Version: 17.3.0.49 - InfoSpace) AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 12.0.4000.108 - AVG Technologies) AVG PC TuneUp (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation) Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version: - ) Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform) Cold Turkey version 0.6 (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 0.6 - Felix Belzile) Compatibility Pack for 2007 Office (HKLM-x32\...\{90120000-0020-0414-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.6.63 - Conexant) Crayon Physics Deluxe - release 53 (HKLM-x32\...\Crayon Physics Deluxe_is1) (Version: - Kloonigames) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Digimax Master (HKLM-x32\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.35 - Samsung) DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.) DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.) DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Plus Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.) eBay (HKLM-x32\...\{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}) (Version: 1.0.4 - eBay Inc.) EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.2.5149 - Thomson Reuters) Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (NOR) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1, norsk språkpakke (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1044) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel 2007 Help Oppdatering (KB963678) (HKLM-x32\...\{90120000-0016-0414-0000-0000000FF1CE}_HOMESTUDENTR_{786F200B-1F70-4B66-BBB3-29CFF7C425D7}) (Version: - Microsoft) Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Powerpoint 2007 Help Oppdatering (KB963669) (HKLM-x32\...\{90120000-0018-0414-0000-0000000FF1CE}_HOMESTUDENTR_{5511F835-0C39-4158-A689-34997E3F28AD}) (Version: - Microsoft) Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (Norwegian (Bokmål)) (HKLM-x32\...\{95120000-00AF-0414-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Norwegian (Nynorsk)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.4518.1022 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Word 2007 Help Oppdatering (KB963665) (HKLM-x32\...\{90120000-001B-0414-0000-0000000FF1CE}_HOMESTUDENTR_{ED32C952-462A-4787-8AC1-CE455D7A816F}) (Version: - Microsoft) Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{D1824129-8BE2-4FA6-B262-C4D99F7355D3}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 nb-NO) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 nb-NO)) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Musicnotes Software Suite 1.7.2 (HKLM-x32\...\Musicnotes Combined Installer_is1) (Version: 1.7.2 - Musicnotes Inc.) Norman Security Suite (HKLM\...\{8FE6F158-AF0D-4F66-A798-DA00B106E177}) (Version: 7.30.0400 - Norman ASA) OpenOffice.org 3.2 (HKLM-x32\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org) Photo to Cartoon (HKLM-x32\...\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}) (Version: 1.0.0 - Caricature Software) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek) ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - ) Samsung USB Driver (HKLM-x32\...\{86D6A20D-3910-4441-A3E5-EB6977251C86}) (Version: - ) Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.) Skype(TM) Launcher (HKLM-x32\...\{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}) (Version: - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spotify (HKLM-x32\...\Spotify) (Version: 0.3.22 - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.1.2.0 - Synaptics Incorporated) Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation) TOSHIBA Bulletin Board (Version: 1.0.04.64 - TOSHIBA Corporation) Hidden TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.23 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.10.64 - TOSHIBA Corporation) TOSHIBA eco Utility (Version: 1.1.10.64 - TOSHIBA Corporation) Hidden TOSHIBA eco Utility (x32 Version: 1.1.10.64 - TOSHIBA Corporation) Hidden TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - ) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (Version: 3.1.1.64 - TOSHIBA Corporation) Hidden TOSHIBA Harddisk-/SSD-varsel (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation) TOSHIBA Harddisk-/SSD-varsel (Version: 3.1.64.0 - TOSHIBA Corporation) Hidden TOSHIBA Harddisk-/SSD-varsel (x32 Version: 3.1.64.0 - TOSHIBA Corporation) Hidden TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: - ) TOSHIBA Hardware Setup (Version: 4.01.01.00 - TOSHIBA) Hidden TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA) Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.0.64 - TOSHIBA Corporation) Toshiba Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH) Toshiba Photo Service - powered by myphotobook (x32 Version: 1.0.0 - myphotobook GmbH) Hidden TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.3 x64 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.0.04.64 - TOSHIBA Corporation) Hidden TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA) TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: - ) TOSHIBA Supervisor Password (Version: 4.01.01.00 - TOSHIBA) Hidden Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.06 - Toshiba Europe GmbH) TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.2.25.64 - TOSHIBA Corporation) Hidden TOSHIBA Value Added Package (x32 Version: 1.2.25.64 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation) TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - ) TRORMCLauncher (Version: 1.0.0.7 - TOSHIBA) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{89D05DB6-9AC1-4EA2-89FD-859DBA14FEA4}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== 2009-07-14 03:34 - 2014-03-17 16:45 - 00000824 ____R C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= ==================== Loaded Modules (whitelisted) ============= 2009-07-16 16:27 - 2009-07-16 16:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-07-16 16:27 - 2009-07-16 16:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2009-09-22 19:43 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll 2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2009-08-06 15:14 - 2009-08-06 15:14 - 03002728 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll 2013-10-04 14:35 - 2014-02-04 17:18 - 02552856 _____ () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe 2014-01-08 13:38 - 2014-01-27 23:09 - 00603648 _____ () C:\Users\Gjest\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Could not start eventlog service, could not read events. Systemfeil 5 har oppst�tt. Ingen tilgang. ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 3932.95 MB Available physical RAM: 2184.73 MB Total Pagefile: 7864.07 MB Available Pagefile: 5837.41 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:116.37 GB) (Free:36.56 GB) NTFS Drive d: (Data) (Fixed) (Total:116.12 GB) (Free:110.43 GB) NTFS Drive e: (FLASH DRIVE) (Removable) (Total:7.26 GB) (Free:7.26 GB) FAT32 ==================== MBR & Partition Table ================== ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top