Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit Phoenix exploit kit problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 Dmday

Dmday

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 13 April 2012 - 11:57 AM

Dear members of BleepingComputer,

Recently I've been getting messages from my AVG virus scanner about the Exploit Phoenix Exploit Kit. I've been searching all over the net how to fix this problem. But unfortunately it's proving to be too difficult for me to handle. So I was hoping that someone could assist me with this issue. Any help or suggestions will be much appreciated! I've looked into some posts and I've done the scans. So here they are (I ran them in safemode).

1. TDSSKiller's log:

18:31:48.0682 0664 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
18:31:48.0698 0664 ============================================================
18:31:48.0698 0664 Current date / time: 2012/04/13 18:31:48.0698
18:31:48.0698 0664 SystemInfo:
18:31:48.0698 0664
18:31:48.0698 0664 OS Version: 6.1.7601 ServicePack: 1.0
18:31:48.0698 0664 Product type: Workstation
18:31:48.0698 0664 ComputerName: LYTRUNGTIN-PC
18:31:48.0698 0664 UserName: Ly Trung Tin
18:31:48.0698 0664 Windows directory: C:\Windows
18:31:48.0698 0664 System windows directory: C:\Windows
18:31:48.0698 0664 Processor architecture: Intel x86
18:31:48.0698 0664 Number of processors: 2
18:31:48.0698 0664 Page size: 0x1000
18:31:48.0698 0664 Boot type: Safe boot
18:31:48.0698 0664 ============================================================
18:31:49.0821 0664 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:31:49.0821 0664 \Device\Harddisk0\DR0:
18:31:49.0821 0664 MBR used
18:31:49.0821 0664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:31:49.0821 0664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC83F000
18:31:49.0821 0664 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x6, StartLBA 0xC871800, BlocksNum 0x61A36B0
18:31:49.0883 0664 Initialize success
18:31:49.0883 0664 ============================================================
18:31:58.0838 1464 ============================================================
18:31:58.0838 1464 Scan started
18:31:58.0838 1464 Mode: Manual; SigCheck; TDLFS;
18:31:58.0838 1464 ============================================================
18:31:59.0899 1464 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:31:59.0945 1464 1394ohci - ok
18:32:00.0008 1464 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:32:00.0023 1464 ACPI - ok
18:32:00.0070 1464 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:32:00.0086 1464 AcpiPmi - ok
18:32:00.0179 1464 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:32:00.0195 1464 AdobeARMservice - ok
18:32:00.0335 1464 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:32:00.0351 1464 adp94xx - ok
18:32:00.0398 1464 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:32:00.0413 1464 adpahci - ok
18:32:00.0460 1464 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:32:00.0476 1464 adpu320 - ok
18:32:00.0538 1464 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:32:00.0538 1464 AeLookupSvc - ok
18:32:00.0663 1464 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:32:00.0679 1464 AFD - ok
18:32:00.0741 1464 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:32:00.0757 1464 agp440 - ok
18:32:00.0819 1464 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:32:00.0835 1464 aic78xx - ok
18:32:00.0897 1464 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:32:00.0913 1464 ALG - ok
18:32:01.0006 1464 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:32:01.0022 1464 aliide - ok
18:32:01.0069 1464 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:32:01.0069 1464 amdagp - ok
18:32:01.0115 1464 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:32:01.0115 1464 amdide - ok
18:32:01.0178 1464 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:32:01.0193 1464 AmdK8 - ok
18:32:01.0240 1464 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:32:01.0256 1464 AmdPPM - ok
18:32:01.0365 1464 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:32:01.0381 1464 amdsata - ok
18:32:01.0427 1464 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:32:01.0427 1464 amdsbs - ok
18:32:01.0474 1464 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:32:01.0474 1464 amdxata - ok
18:32:01.0552 1464 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:32:01.0568 1464 AppID - ok
18:32:01.0646 1464 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:32:01.0661 1464 AppIDSvc - ok
18:32:01.0786 1464 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:32:01.0802 1464 Appinfo - ok
18:32:01.0927 1464 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:32:01.0942 1464 Apple Mobile Device - ok
18:32:02.0005 1464 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
18:32:02.0020 1464 AppMgmt - ok
18:32:02.0129 1464 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:32:02.0129 1464 arc - ok
18:32:02.0176 1464 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:32:02.0176 1464 arcsas - ok
18:32:02.0254 1464 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:32:02.0270 1464 AsyncMac - ok
18:32:02.0332 1464 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:32:02.0332 1464 atapi - ok
18:32:02.0426 1464 athr (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
18:32:02.0441 1464 athr - ok
18:32:02.0597 1464 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:32:02.0629 1464 AudioEndpointBuilder - ok
18:32:02.0660 1464 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:32:02.0675 1464 Audiosrv - ok
18:32:02.0800 1464 avg9emc (aa054cd537357f03d5ba6aba7562b35f) C:\Program Files\AVG\AVG9\avgemc.exe
18:32:02.0831 1464 avg9emc - ok
18:32:02.0863 1464 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
18:32:02.0894 1464 avg9wd - ok
18:32:02.0987 1464 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
18:32:03.0003 1464 AvgLdx86 - ok
18:32:03.0050 1464 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys
18:32:03.0065 1464 AvgMfx86 - ok
18:32:03.0097 1464 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
18:32:03.0112 1464 AvgRkx86 - ok
18:32:03.0175 1464 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
18:32:03.0175 1464 AvgTdiX - ok
18:32:03.0284 1464 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:32:03.0299 1464 AxInstSV - ok
18:32:03.0393 1464 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:32:03.0409 1464 b06bdrv - ok
18:32:03.0471 1464 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:32:03.0487 1464 b57nd60x - ok
18:32:03.0611 1464 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:32:03.0627 1464 BDESVC - ok
18:32:03.0689 1464 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:32:03.0705 1464 Beep - ok
18:32:03.0783 1464 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:32:03.0814 1464 BFE - ok
18:32:03.0861 1464 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:32:03.0908 1464 BITS - ok
18:32:04.0001 1464 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:32:04.0017 1464 blbdrive - ok
18:32:04.0111 1464 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:32:04.0111 1464 Bonjour Service - ok
18:32:04.0204 1464 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:32:04.0220 1464 bowser - ok
18:32:04.0298 1464 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:32:04.0313 1464 BrFiltLo - ok
18:32:04.0376 1464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:32:04.0391 1464 BrFiltUp - ok
18:32:04.0454 1464 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:32:04.0485 1464 Browser - ok
18:32:04.0532 1464 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:32:04.0547 1464 Brserid - ok
18:32:04.0594 1464 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:32:04.0610 1464 BrSerWdm - ok
18:32:04.0703 1464 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:32:04.0719 1464 BrUsbMdm - ok
18:32:04.0750 1464 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:32:04.0766 1464 BrUsbSer - ok
18:32:04.0813 1464 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:32:04.0828 1464 BTHMODEM - ok
18:32:04.0906 1464 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:32:04.0937 1464 bthserv - ok
18:32:04.0984 1464 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:32:05.0015 1464 cdfs - ok
18:32:05.0125 1464 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:32:05.0140 1464 cdrom - ok
18:32:05.0203 1464 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:32:05.0218 1464 CertPropSvc - ok
18:32:05.0296 1464 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:32:05.0312 1464 circlass - ok
18:32:05.0359 1464 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:32:05.0390 1464 CLFS - ok
18:32:05.0483 1464 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:32:05.0499 1464 clr_optimization_v2.0.50727_32 - ok
18:32:05.0561 1464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:32:05.0577 1464 clr_optimization_v4.0.30319_32 - ok
18:32:05.0639 1464 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:32:05.0655 1464 CmBatt - ok
18:32:05.0717 1464 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:32:05.0717 1464 cmdide - ok
18:32:05.0811 1464 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:32:05.0842 1464 CNG - ok
18:32:05.0873 1464 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:32:05.0889 1464 Compbatt - ok
18:32:05.0998 1464 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:32:06.0014 1464 CompositeBus - ok
18:32:06.0045 1464 COMSysApp - ok
18:32:06.0123 1464 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:32:06.0139 1464 crcdisk - ok
18:32:06.0217 1464 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:32:06.0248 1464 CryptSvc - ok
18:32:06.0326 1464 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:32:06.0341 1464 CSC - ok
18:32:06.0388 1464 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
18:32:06.0404 1464 CscService - ok
18:32:06.0497 1464 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:32:06.0529 1464 DcomLaunch - ok
18:32:06.0575 1464 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:32:06.0607 1464 defragsvc - ok
18:32:06.0716 1464 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:32:06.0747 1464 DfsC - ok
18:32:06.0856 1464 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:32:06.0872 1464 Dhcp - ok
18:32:06.0934 1464 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:32:06.0950 1464 discache - ok
18:32:07.0028 1464 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:32:07.0043 1464 Disk - ok
18:32:07.0090 1464 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:32:07.0106 1464 Dnscache - ok
18:32:07.0199 1464 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:32:07.0231 1464 dot3svc - ok
18:32:07.0293 1464 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:32:07.0309 1464 DPS - ok
18:32:07.0402 1464 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:32:07.0418 1464 drmkaud - ok
18:32:07.0511 1464 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:32:07.0543 1464 DXGKrnl - ok
18:32:07.0605 1464 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:32:07.0621 1464 EapHost - ok
18:32:07.0792 1464 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:32:07.0839 1464 ebdrv - ok
18:32:07.0917 1464 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:32:07.0933 1464 EFS - ok
18:32:08.0011 1464 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:32:08.0026 1464 ehRecvr - ok
18:32:08.0057 1464 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:32:08.0073 1464 ehSched - ok
18:32:08.0167 1464 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:32:08.0182 1464 elxstor - ok
18:32:08.0260 1464 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:32:08.0276 1464 ErrDev - ok
18:32:08.0354 1464 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:32:08.0385 1464 EventSystem - ok
18:32:08.0463 1464 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:32:08.0494 1464 exfat - ok
18:32:08.0541 1464 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:32:08.0572 1464 fastfat - ok
18:32:08.0666 1464 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:32:08.0697 1464 Fax - ok
18:32:08.0713 1464 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:32:08.0728 1464 fdc - ok
18:32:08.0775 1464 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:32:08.0806 1464 fdPHost - ok
18:32:08.0853 1464 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:32:08.0884 1464 FDResPub - ok
18:32:08.0947 1464 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:32:08.0962 1464 FileInfo - ok
18:32:09.0025 1464 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:32:09.0056 1464 Filetrace - ok
18:32:09.0087 1464 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:32:09.0103 1464 flpydisk - ok
18:32:09.0196 1464 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:32:09.0212 1464 FltMgr - ok
18:32:09.0290 1464 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:32:09.0305 1464 FontCache - ok
18:32:09.0415 1464 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:32:09.0430 1464 FontCache3.0.0.0 - ok
18:32:09.0524 1464 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:32:09.0524 1464 FsDepends - ok
18:32:09.0602 1464 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:32:09.0602 1464 Fs_Rec - ok
18:32:09.0695 1464 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:32:09.0711 1464 fvevol - ok
18:32:09.0773 1464 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:32:09.0789 1464 gagp30kx - ok
18:32:09.0851 1464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:32:09.0851 1464 GEARAspiWDM - ok
18:32:09.0945 1464 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:32:09.0976 1464 gpsvc - ok
18:32:10.0054 1464 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:32:10.0054 1464 hcw85cir - ok
18:32:10.0132 1464 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:32:10.0163 1464 HdAudAddService - ok
18:32:10.0226 1464 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:32:10.0241 1464 HDAudBus - ok
18:32:10.0288 1464 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:32:10.0304 1464 HidBatt - ok
18:32:10.0335 1464 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:32:10.0351 1464 HidBth - ok
18:32:10.0429 1464 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:32:10.0444 1464 HidIr - ok
18:32:10.0491 1464 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:32:10.0522 1464 hidserv - ok
18:32:10.0600 1464 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:32:10.0616 1464 HidUsb - ok
18:32:10.0647 1464 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:32:10.0678 1464 hkmsvc - ok
18:32:10.0772 1464 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:32:10.0787 1464 HomeGroupListener - ok
18:32:10.0834 1464 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:32:10.0850 1464 HomeGroupProvider - ok
18:32:10.0943 1464 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:32:10.0959 1464 HpSAMD - ok
18:32:11.0068 1464 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
18:32:11.0084 1464 HsfXAudioService - ok
18:32:11.0177 1464 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:32:11.0193 1464 HSF_DPV - ok
18:32:11.0255 1464 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:32:11.0271 1464 HSXHWAZL - ok
18:32:11.0365 1464 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:32:11.0396 1464 HTTP - ok
18:32:11.0458 1464 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:32:11.0458 1464 hwpolicy - ok
18:32:11.0552 1464 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:32:11.0552 1464 i8042prt - ok
18:32:11.0677 1464 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:32:11.0692 1464 iaStorV - ok
18:32:11.0801 1464 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:32:11.0817 1464 idsvc - ok
18:32:12.0145 1464 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:32:12.0254 1464 igfx - ok
18:32:12.0379 1464 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:32:12.0394 1464 iirsp - ok
18:32:12.0457 1464 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:32:12.0503 1464 IKEEXT - ok
18:32:12.0613 1464 InputFilter_Hid_FlexDef2b (a270574ef3a4265ef973d88eebd68826) C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
18:32:12.0613 1464 InputFilter_Hid_FlexDef2b - ok
18:32:12.0800 1464 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\Windows\system32\drivers\RTKVHDA.sys
18:32:12.0862 1464 IntcAzAudAddService - ok
18:32:12.0925 1464 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:32:12.0925 1464 intelide - ok
18:32:13.0003 1464 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:32:13.0018 1464 intelppm - ok
18:32:13.0081 1464 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:32:13.0096 1464 IPBusEnum - ok
18:32:13.0190 1464 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:32:13.0221 1464 IpFilterDriver - ok
18:32:13.0299 1464 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:32:13.0330 1464 iphlpsvc - ok
18:32:13.0408 1464 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:32:13.0424 1464 IPMIDRV - ok
18:32:13.0517 1464 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:32:13.0549 1464 IPNAT - ok
18:32:13.0642 1464 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
18:32:13.0658 1464 iPod Service - ok
18:32:13.0751 1464 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:32:13.0767 1464 IRENUM - ok
18:32:13.0861 1464 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:32:13.0876 1464 isapnp - ok
18:32:13.0954 1464 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:32:13.0970 1464 iScsiPrt - ok
18:32:14.0032 1464 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:32:14.0048 1464 kbdclass - ok
18:32:14.0095 1464 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:32:14.0110 1464 kbdhid - ok
18:32:14.0188 1464 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:32:14.0204 1464 KeyIso - ok
18:32:14.0251 1464 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:32:14.0266 1464 KSecDD - ok
18:32:14.0313 1464 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:32:14.0329 1464 KSecPkg - ok
18:32:14.0407 1464 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:32:14.0438 1464 KtmRm - ok
18:32:14.0531 1464 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:32:14.0547 1464 LanmanServer - ok
18:32:14.0609 1464 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:32:14.0625 1464 LanmanWorkstation - ok
18:32:14.0734 1464 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:32:14.0765 1464 lltdio - ok
18:32:14.0859 1464 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:32:14.0890 1464 lltdsvc - ok
18:32:14.0937 1464 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:32:14.0953 1464 lmhosts - ok
18:32:15.0031 1464 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:32:15.0046 1464 LSI_FC - ok
18:32:15.0109 1464 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:32:15.0124 1464 LSI_SAS - ok
18:32:15.0187 1464 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:32:15.0202 1464 LSI_SAS2 - ok
18:32:15.0233 1464 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:32:15.0249 1464 LSI_SCSI - ok
18:32:15.0280 1464 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:32:15.0296 1464 luafv - ok
18:32:15.0343 1464 MBAMProtector - ok
18:32:15.0452 1464 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:32:15.0483 1464 MBAMService - ok
18:32:15.0592 1464 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
18:32:15.0592 1464 mcdbus ( UnsignedFile.Multi.Generic ) - warning
18:32:15.0592 1464 mcdbus - detected UnsignedFile.Multi.Generic (1)
18:32:15.0655 1464 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:32:15.0670 1464 Mcx2Svc - ok
18:32:15.0748 1464 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:32:15.0748 1464 mdmxsdk - ok
18:32:15.0811 1464 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:32:15.0826 1464 megasas - ok
18:32:15.0920 1464 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:32:15.0935 1464 MegaSR - ok
18:32:16.0029 1464 Microsoft SharePoint Workspace Audit Service - ok
18:32:16.0091 1464 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:32:16.0123 1464 MMCSS - ok
18:32:16.0216 1464 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:32:16.0247 1464 Modem - ok
18:32:16.0279 1464 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:32:16.0294 1464 monitor - ok
18:32:16.0372 1464 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:32:16.0372 1464 mouclass - ok
18:32:16.0435 1464 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:32:16.0450 1464 mouhid - ok
18:32:16.0559 1464 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:32:16.0559 1464 mountmgr - ok
18:32:16.0622 1464 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:32:16.0637 1464 mpio - ok
18:32:16.0684 1464 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:32:16.0700 1464 mpsdrv - ok
18:32:16.0762 1464 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:32:16.0793 1464 MpsSvc - ok
18:32:16.0840 1464 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:32:16.0856 1464 MRxDAV - ok
18:32:16.0981 1464 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:32:16.0981 1464 mrxsmb - ok
18:32:17.0043 1464 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:32:17.0059 1464 mrxsmb10 - ok
18:32:17.0105 1464 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:32:17.0121 1464 mrxsmb20 - ok
18:32:17.0168 1464 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:32:17.0183 1464 msahci - ok
18:32:17.0293 1464 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:32:17.0308 1464 msdsm - ok
18:32:17.0355 1464 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:32:17.0371 1464 MSDTC - ok
18:32:17.0433 1464 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:32:17.0464 1464 Msfs - ok
18:32:17.0495 1464 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:32:17.0511 1464 mshidkmdf - ok
18:32:17.0620 1464 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:32:17.0620 1464 msisadrv - ok
18:32:17.0698 1464 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:32:17.0714 1464 MSiSCSI - ok
18:32:17.0745 1464 msiserver - ok
18:32:17.0823 1464 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:32:17.0839 1464 MSKSSRV - ok
18:32:17.0901 1464 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:32:17.0932 1464 MSPCLOCK - ok
18:32:17.0995 1464 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:32:18.0026 1464 MSPQM - ok
18:32:18.0057 1464 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:32:18.0073 1464 MsRPC - ok
18:32:18.0135 1464 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:32:18.0151 1464 mssmbios - ok
18:32:18.0213 1464 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:32:18.0229 1464 MSTEE - ok
18:32:18.0322 1464 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:32:18.0338 1464 MTConfig - ok
18:32:18.0369 1464 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:32:18.0385 1464 Mup - ok
18:32:18.0431 1464 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:32:18.0463 1464 napagent - ok
18:32:18.0541 1464 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:32:18.0556 1464 NativeWifiP - ok
18:32:18.0650 1464 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files\Nero\Update\NASvc.exe
18:32:18.0665 1464 NAUpdate - ok
18:32:18.0806 1464 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:32:18.0821 1464 NDIS - ok
18:32:18.0884 1464 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:32:18.0915 1464 NdisCap - ok
18:32:18.0962 1464 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:32:18.0977 1464 NdisTapi - ok
18:32:19.0055 1464 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:32:19.0087 1464 Ndisuio - ok
18:32:19.0180 1464 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:32:19.0211 1464 NdisWan - ok
18:32:19.0258 1464 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:32:19.0289 1464 NDProxy - ok
18:32:19.0352 1464 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:32:19.0367 1464 NetBIOS - ok
18:32:19.0430 1464 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:32:19.0445 1464 NetBT - ok
18:32:19.0508 1464 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:32:19.0508 1464 Netlogon - ok
18:32:19.0633 1464 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:32:19.0664 1464 Netman - ok
18:32:19.0711 1464 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:32:19.0742 1464 netprofm - ok
18:32:19.0820 1464 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:32:19.0835 1464 NetTcpPortSharing - ok
18:32:19.0945 1464 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:32:19.0960 1464 nfrd960 - ok
18:32:20.0023 1464 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:32:20.0054 1464 NlaSvc - ok
18:32:20.0116 1464 NMgamingmsFltr (dd0216110ae219f333d0f99079a4be42) C:\Windows\system32\drivers\NMgamingms.sys
18:32:20.0116 1464 NMgamingmsFltr - ok
18:32:20.0194 1464 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:32:20.0225 1464 Npfs - ok
18:32:20.0272 1464 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:32:20.0303 1464 nsi - ok
18:32:20.0366 1464 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:32:20.0397 1464 nsiproxy - ok
18:32:20.0475 1464 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:32:20.0506 1464 Ntfs - ok
18:32:20.0584 1464 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:32:20.0615 1464 Null - ok
18:32:20.0678 1464 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:32:20.0693 1464 nvraid - ok
18:32:20.0740 1464 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:32:20.0756 1464 nvstor - ok
18:32:20.0803 1464 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:32:20.0818 1464 nv_agp - ok
18:32:20.0927 1464 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:32:20.0943 1464 ohci1394 - ok
18:32:21.0037 1464 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:32:21.0052 1464 ose - ok
18:32:21.0224 1464 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:32:21.0317 1464 osppsvc - ok
18:32:21.0411 1464 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:32:21.0427 1464 p2pimsvc - ok
18:32:21.0473 1464 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:32:21.0489 1464 p2psvc - ok
18:32:21.0551 1464 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:32:21.0567 1464 Parport - ok
18:32:21.0629 1464 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:32:21.0629 1464 partmgr - ok
18:32:21.0723 1464 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:32:21.0739 1464 Parvdm - ok
18:32:21.0785 1464 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:32:21.0801 1464 PcaSvc - ok
18:32:21.0863 1464 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:32:21.0879 1464 pci - ok
18:32:21.0926 1464 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:32:21.0941 1464 pciide - ok
18:32:21.0988 1464 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:32:22.0004 1464 pcmcia - ok
18:32:22.0082 1464 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:32:22.0082 1464 pcw - ok
18:32:22.0175 1464 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:32:22.0207 1464 PEAUTH - ok
18:32:22.0300 1464 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
18:32:22.0331 1464 PeerDistSvc - ok
18:32:22.0441 1464 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:32:22.0487 1464 pla - ok
18:32:22.0597 1464 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:32:22.0612 1464 PlugPlay - ok
18:32:22.0659 1464 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:32:22.0675 1464 PNRPAutoReg - ok
18:32:22.0706 1464 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:32:22.0721 1464 PNRPsvc - ok
18:32:22.0784 1464 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:32:22.0815 1464 PolicyAgent - ok
18:32:22.0877 1464 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:32:22.0909 1464 Power - ok
18:32:23.0018 1464 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:32:23.0049 1464 PptpMiniport - ok
18:32:23.0096 1464 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:32:23.0111 1464 Processor - ok
18:32:23.0174 1464 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:32:23.0189 1464 ProfSvc - ok
18:32:23.0252 1464 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:32:23.0267 1464 ProtectedStorage - ok
18:32:23.0345 1464 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:32:23.0377 1464 Psched - ok
18:32:23.0486 1464 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:32:23.0517 1464 ql2300 - ok
18:32:23.0548 1464 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:32:23.0548 1464 ql40xx - ok
18:32:23.0611 1464 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:32:23.0626 1464 QWAVE - ok
18:32:23.0657 1464 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:32:23.0673 1464 QWAVEdrv - ok
18:32:23.0751 1464 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:32:23.0782 1464 RasAcd - ok
18:32:23.0860 1464 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:32:23.0876 1464 RasAgileVpn - ok
18:32:23.0923 1464 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:32:23.0954 1464 RasAuto - ok
18:32:24.0001 1464 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:32:24.0032 1464 Rasl2tp - ok
18:32:24.0125 1464 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:32:24.0157 1464 RasMan - ok
18:32:24.0235 1464 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:32:24.0250 1464 RasPppoe - ok
18:32:24.0297 1464 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:32:24.0328 1464 RasSstp - ok
18:32:24.0375 1464 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:32:24.0391 1464 rdbss - ok
18:32:24.0453 1464 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:32:24.0469 1464 rdpbus - ok
18:32:24.0547 1464 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:32:24.0578 1464 RDPCDD - ok
18:32:24.0656 1464 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:32:24.0671 1464 RDPDR - ok
18:32:24.0734 1464 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:32:24.0749 1464 RDPENCDD - ok
18:32:24.0796 1464 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:32:24.0827 1464 RDPREFMP - ok
18:32:24.0937 1464 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
18:32:24.0952 1464 RdpVideoMiniport - ok
18:32:24.0999 1464 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:32:25.0015 1464 RDPWD - ok
18:32:25.0093 1464 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:32:25.0108 1464 rdyboost - ok
18:32:25.0171 1464 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:32:25.0186 1464 RemoteAccess - ok
18:32:25.0280 1464 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:32:25.0311 1464 RemoteRegistry - ok
18:32:25.0358 1464 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:32:25.0389 1464 RpcEptMapper - ok
18:32:25.0451 1464 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:32:25.0467 1464 RpcLocator - ok
18:32:25.0529 1464 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:32:25.0561 1464 RpcSs - ok
18:32:25.0685 1464 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:32:25.0701 1464 rspndr - ok
18:32:25.0795 1464 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:32:25.0810 1464 RTL8167 - ok
18:32:25.0857 1464 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:32:25.0873 1464 s3cap - ok
18:32:25.0966 1464 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:32:25.0966 1464 SamSs - ok
18:32:26.0044 1464 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:32:26.0044 1464 sbp2port - ok
18:32:26.0122 1464 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:32:26.0138 1464 SCardSvr - ok
18:32:26.0216 1464 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:32:26.0247 1464 scfilter - ok
18:32:26.0341 1464 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:32:26.0372 1464 Schedule - ok
18:32:26.0419 1464 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:32:26.0450 1464 SCPolicySvc - ok
18:32:26.0512 1464 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:32:26.0528 1464 SDRSVC - ok
18:32:26.0606 1464 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:32:26.0621 1464 secdrv - ok
18:32:26.0715 1464 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:32:26.0746 1464 seclogon - ok
18:32:26.0809 1464 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:32:26.0824 1464 SENS - ok
18:32:26.0887 1464 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:32:26.0902 1464 SensrSvc - ok
18:32:26.0933 1464 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:32:26.0949 1464 Serenum - ok
18:32:27.0011 1464 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:32:27.0027 1464 Serial - ok
18:32:27.0121 1464 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:32:27.0136 1464 sermouse - ok
18:32:27.0199 1464 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:32:27.0230 1464 SessionEnv - ok
18:32:27.0292 1464 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:32:27.0308 1464 sffdisk - ok
18:32:27.0370 1464 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:32:27.0401 1464 sffp_mmc - ok
18:32:27.0495 1464 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:32:27.0511 1464 sffp_sd - ok
18:32:27.0557 1464 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:32:27.0573 1464 sfloppy - ok
18:32:27.0635 1464 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:32:27.0667 1464 SharedAccess - ok
18:32:27.0729 1464 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:32:27.0760 1464 ShellHWDetection - ok
18:32:27.0885 1464 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:32:27.0885 1464 sisagp - ok
18:32:27.0979 1464 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:32:27.0994 1464 SiSRaid2 - ok
18:32:28.0041 1464 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:32:28.0041 1464 SiSRaid4 - ok
18:32:28.0119 1464 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:32:28.0135 1464 Smb - ok
18:32:28.0213 1464 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:32:28.0228 1464 SNMPTRAP - ok
18:32:28.0275 1464 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:32:28.0291 1464 spldr - ok
18:32:28.0384 1464 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:32:28.0415 1464 Spooler - ok
18:32:28.0556 1464 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:32:28.0618 1464 sppsvc - ok
18:32:28.0681 1464 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:32:28.0712 1464 sppuinotify - ok
18:32:28.0774 1464 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:32:28.0790 1464 srv - ok
18:32:28.0883 1464 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:32:28.0899 1464 srv2 - ok
18:32:28.0961 1464 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:32:28.0977 1464 SrvHsfHDA - ok
18:32:29.0039 1464 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:32:29.0055 1464 SrvHsfV92 - ok
18:32:29.0117 1464 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:32:29.0133 1464 SrvHsfWinac - ok
18:32:29.0180 1464 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:32:29.0195 1464 srvnet - ok
18:32:29.0305 1464 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:32:29.0336 1464 SSDPSRV - ok
18:32:29.0367 1464 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:32:29.0398 1464 SstpSvc - ok
18:32:29.0429 1464 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:32:29.0445 1464 stexstor - ok
18:32:29.0507 1464 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:32:29.0539 1464 StiSvc - ok
18:32:29.0601 1464 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:32:29.0617 1464 storflt - ok
18:32:29.0710 1464 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:32:29.0726 1464 storvsc - ok
18:32:29.0757 1464 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:32:29.0773 1464 swenum - ok
18:32:29.0819 1464 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:32:29.0851 1464 swprv - ok
18:32:29.0913 1464 Synth3dVsc - ok
18:32:29.0975 1464 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
18:32:29.0975 1464 SynTP - ok
18:32:30.0100 1464 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:32:30.0131 1464 SysMain - ok
18:32:30.0194 1464 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:32:30.0209 1464 TabletInputService - ok
18:32:30.0256 1464 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:32:30.0287 1464 TapiSrv - ok
18:32:30.0334 1464 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:32:30.0365 1464 TBS - ok
18:32:30.0506 1464 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:32:30.0553 1464 Tcpip - ok
18:32:30.0631 1464 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:32:30.0662 1464 TCPIP6 - ok
18:32:30.0724 1464 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:32:30.0755 1464 tcpipreg - ok
18:32:30.0802 1464 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:32:30.0818 1464 TDPIPE - ok
18:32:30.0927 1464 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:32:30.0927 1464 TDTCP - ok
18:32:30.0989 1464 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:32:31.0005 1464 tdx - ok
18:32:31.0067 1464 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:32:31.0083 1464 TermDD - ok
18:32:31.0130 1464 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:32:31.0161 1464 TermService - ok
18:32:31.0223 1464 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:32:31.0239 1464 Themes - ok
18:32:31.0317 1464 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:32:31.0333 1464 THREADORDER - ok
18:32:31.0379 1464 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:32:31.0411 1464 TrkWks - ok
18:32:31.0457 1464 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:32:31.0489 1464 TrustedInstaller - ok
18:32:31.0535 1464 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:32:31.0567 1464 tssecsrv - ok
18:32:31.0613 1464 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:32:31.0629 1464 TsUsbFlt - ok
18:32:31.0691 1464 tsusbhub - ok
18:32:31.0785 1464 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:32:31.0816 1464 tunnel - ok
18:32:31.0879 1464 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:32:31.0879 1464 TVALZ - ok
18:32:31.0957 1464 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:32:31.0957 1464 uagp35 - ok
18:32:32.0035 1464 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:32:32.0066 1464 udfs - ok
18:32:32.0144 1464 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:32:32.0159 1464 UI0Detect - ok
18:32:32.0222 1464 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:32:32.0237 1464 uliagpkx - ok
18:32:32.0331 1464 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:32:32.0331 1464 umbus - ok
18:32:32.0409 1464 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:32:32.0425 1464 UmPass - ok
18:32:32.0518 1464 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
18:32:32.0534 1464 UmRdpService - ok
18:32:32.0596 1464 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:32:32.0627 1464 upnphost - ok
18:32:32.0690 1464 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:32:32.0705 1464 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
18:32:32.0705 1464 USBAAPL - detected UnsignedFile.Multi.Generic (1)
18:32:32.0752 1464 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:32:32.0768 1464 usbccgp - ok
18:32:32.0877 1464 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:32:32.0893 1464 usbcir - ok
18:32:32.0939 1464 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:32:32.0955 1464 usbehci - ok
18:32:33.0017 1464 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:32:33.0033 1464 usbhub - ok
18:32:33.0095 1464 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:32:33.0111 1464 usbohci - ok
18:32:33.0173 1464 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:32:33.0173 1464 usbprint - ok
18:32:33.0267 1464 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:32:33.0283 1464 USBSTOR - ok
18:32:33.0345 1464 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:32:33.0361 1464 usbuhci - ok
18:32:33.0423 1464 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
18:32:33.0439 1464 usbvideo - ok
18:32:33.0501 1464 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:32:33.0532 1464 UxSms - ok
18:32:33.0563 1464 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:32:33.0579 1464 VaultSvc - ok
18:32:33.0688 1464 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:32:33.0704 1464 vdrvroot - ok
18:32:33.0751 1464 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:32:33.0782 1464 vds - ok
18:32:33.0860 1464 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:32:33.0860 1464 vga - ok
18:32:33.0907 1464 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:32:33.0938 1464 VgaSave - ok
18:32:34.0031 1464 VGPU - ok
18:32:34.0094 1464 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:32:34.0109 1464 vhdmp - ok
18:32:34.0156 1464 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:32:34.0172 1464 viaagp - ok
18:32:34.0234 1464 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:32:34.0250 1464 ViaC7 - ok
18:32:34.0281 1464 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:32:34.0297 1464 viaide - ok
18:32:34.0390 1464 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:32:34.0406 1464 vmbus - ok
18:32:34.0453 1464 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:32:34.0468 1464 VMBusHID - ok
18:32:34.0531 1464 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:32:34.0546 1464 volmgr - ok
18:32:34.0577 1464 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:32:34.0593 1464 volmgrx - ok
18:32:34.0655 1464 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:32:34.0671 1464 volsnap - ok
18:32:34.0765 1464 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:32:34.0780 1464 vsmraid - ok
18:32:34.0874 1464 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:32:34.0905 1464 VSS - ok
18:32:35.0045 1464 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
18:32:35.0077 1464 vToolbarUpdater10.2.0 - ok
18:32:35.0170 1464 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:32:35.0186 1464 vwifibus - ok
18:32:35.0233 1464 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:32:35.0248 1464 vwififlt - ok
18:32:35.0311 1464 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:32:35.0342 1464 W32Time - ok
18:32:35.0389 1464 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:32:35.0404 1464 WacomPen - ok
18:32:35.0529 1464 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:32:35.0545 1464 WANARP - ok
18:32:35.0560 1464 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:32:35.0576 1464 Wanarpv6 - ok
18:32:35.0685 1464 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:32:35.0716 1464 WatAdminSvc - ok
18:32:35.0810 1464 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:32:35.0841 1464 wbengine - ok
18:32:35.0888 1464 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:32:35.0903 1464 WbioSrvc - ok
18:32:36.0013 1464 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:32:36.0028 1464 wcncsvc - ok
18:32:36.0059 1464 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:32:36.0075 1464 WcsPlugInService - ok
18:32:36.0153 1464 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:32:36.0169 1464 Wd - ok
18:32:36.0215 1464 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:32:36.0231 1464 Wdf01000 - ok
18:32:36.0325 1464 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:32:36.0340 1464 WdiServiceHost - ok
18:32:36.0340 1464 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:32:36.0356 1464 WdiSystemHost - ok
18:32:36.0418 1464 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:32:36.0434 1464 WebClient - ok
18:32:36.0481 1464 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:32:36.0512 1464 Wecsvc - ok
18:32:36.0543 1464 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:32:36.0574 1464 wercplsupport - ok
18:32:36.0668 1464 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:32:36.0683 1464 WerSvc - ok
18:32:36.0777 1464 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:32:36.0793 1464 WfpLwf - ok
18:32:36.0824 1464 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:32:36.0839 1464 WIMMount - ok
18:32:36.0917 1464 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:32:36.0933 1464 winachsf - ok
18:32:37.0011 1464 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:32:37.0042 1464 WinDefend - ok
18:32:37.0042 1464 WinHttpAutoProxySvc - ok
18:32:37.0183 1464 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:32:37.0198 1464 Winmgmt - ok
18:32:37.0292 1464 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:32:37.0323 1464 WinRM - ok
18:32:37.0401 1464 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:32:37.0417 1464 WinUsb - ok
18:32:37.0495 1464 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:32:37.0526 1464 Wlansvc - ok
18:32:37.0619 1464 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:32:37.0619 1464 WmiAcpi - ok
18:32:37.0713 1464 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:32:37.0729 1464 wmiApSrv - ok
18:32:37.0822 1464 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:32:37.0853 1464 WMPNetworkSvc - ok
18:32:37.0900 1464 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:32:37.0900 1464 WPCSvc - ok
18:32:38.0009 1464 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:32:38.0025 1464 WPDBusEnum - ok
18:32:38.0087 1464 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:32:38.0119 1464 ws2ifsl - ok
18:32:38.0150 1464 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
18:32:38.0165 1464 wscsvc - ok
18:32:38.0197 1464 WSearch - ok
18:32:38.0306 1464 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:32:38.0353 1464 wuauserv - ok
18:32:38.0399 1464 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:32:38.0431 1464 WudfPf - ok
18:32:38.0555 1464 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:32:38.0587 1464 WUDFRd - ok
18:32:38.0649 1464 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:32:38.0665 1464 wudfsvc - ok
18:32:38.0727 1464 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:32:38.0743 1464 WwanSvc - ok
18:32:38.0805 1464 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
18:32:38.0805 1464 XAudio - ok
18:32:38.0836 1464 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:32:38.0961 1464 \Device\Harddisk0\DR0 - ok
18:32:38.0977 1464 Boot (0x1200) (b6e0be1b5441453f2fa0085b01ae68bb) \Device\Harddisk0\DR0\Partition0
18:32:38.0977 1464 \Device\Harddisk0\DR0\Partition0 - ok
18:32:39.0008 1464 Boot (0x1200) (0eff0c70dfce1518b2bfdf3a67774ce9) \Device\Harddisk0\DR0\Partition1
18:32:39.0008 1464 \Device\Harddisk0\DR0\Partition1 - ok
18:32:39.0039 1464 Boot (0x1200) (a1a1cc4ba4ae1c51fc0245e9b1587ffb) \Device\Harddisk0\DR0\Partition2
18:32:39.0039 1464 \Device\Harddisk0\DR0\Partition2 - ok
18:32:39.0039 1464 ============================================================
18:32:39.0039 1464 Scan finished
18:32:39.0039 1464 ============================================================
18:32:39.0055 1424 Detected object count: 2
18:32:39.0055 1424 Actual detected object count: 2
18:38:04.0627 1424 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:04.0627 1424 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:04.0627 1424 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:04.0627 1424 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:38:06.0796 0596 Deinitialize success

2. Farbar Service Scanner:

Farbar Service Scanner Version: 01-03-2012
Ran by Ly Trung Tin (administrator) on 13-04-2012 at 18:26:04
Running from "C:\Users\Ly Trung Tin\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

3. OTL scans:

OTL logfile created on: 13-4-2012 18:27:26 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Ly Trung Tin\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

2,87 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 88,79% Memory free
5,74 Gb Paging File | 5,44 Gb Available in Paging File | 94,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,12 Gb Total Space | 71,99 Gb Free Space | 71,90% Space Free | Partition Type: NTFS

Computer Name: LYTRUNGTIN-PC | User Name: Ly Trung Tin | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-13 17:46:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ly Trung Tin\Desktop\OTL.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012-04-12 19:40:04 | 000,121,856 | -H-- | M] () -- C:\ProgramData\Windows\wsse.dll
MOD - [2010-01-30 03:41:12 | 004,254,560 | -H-- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2012-03-12 15:22:08 | 000,918,880 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012-01-31 05:03:07 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2012-01-30 20:09:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012-01-30 18:18:52 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2012-01-13 15:53:18 | 000,652,360 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-06-06 13:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-03-25 15:39:22 | 000,490,280 | -H-- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-03-25 11:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-04-29 04:21:04 | 000,410,624 | -H-- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-01-30 18:18:55 | 000,243,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2012-01-30 18:18:55 | 000,029,712 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2012-01-30 18:18:52 | 000,216,400 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2012-01-30 18:18:52 | 000,052,872 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010-11-20 14:30:15 | 000,175,360 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 14:30:15 | 000,040,704 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 14:30:15 | 000,028,032 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 11:14:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 11:14:41 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-05-29 01:13:40 | 000,015,360 | -H-- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) Siliten Hid Device(FlexDef2b)
DRV - [2009-09-21 18:58:28 | 001,218,048 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-07-24 09:56:16 | 000,009,472 | -H-- | M] (Primax Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV - [2009-04-29 04:20:56 | 000,008,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009-02-24 19:42:14 | 000,116,736 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007-11-09 06:00:52 | 000,023,640 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 75 5F 41 8C DF CC 01 [binary data]
IE - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\..\SearchScopes\{93512191-CEBE-4A0B-A106-2A12AD3B95C2}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F8FED836-8580-4109-9660-0B2AAE3B860F}&mid=4250e3e03c3000b59c85d35c857fc589-91b4ba9e6fff6bf3c16868a31145b2b0fe168f4a&lang=us&ds=AVG&pr=&d=2012-01-30 21:07:05&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-30 18:34:16 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012-03-12 15:22:16 | 000,000,000 | -H-D | M]


O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GpXVjrjGnOQiwPw.exe] C:\ProgramData\GpXVjrjGnOQiwPw.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [Update] C:\Users\Ly Trung Tin\AppData\Roaming\0.19018519730488226h7i.exe File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-15945901-2138844693-3614908274-1000..\Run: [12Voip] C:\Program Files\12Voip.com\12Voip\12voip.exe (12Voip)
O4 - HKU\S-1-5-21-15945901-2138844693-3614908274-1000..\Run: [Myqoovedr] C:\Users\Ly Trung Tin\AppData\Roaming\Kyymn\cecip.exe ()
O4 - HKU\S-1-5-21-15945901-2138844693-3614908274-1000..\Run: [SkypePM] C:\Users\Ly Trung Tin\AppData\Local\Skype\SkypePM.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-15945901-2138844693-3614908274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9091E997-5110-4772-903C-0E7D43E5F824}: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE4B1969-066D-4F2E-BC83-BB26B8635F1E}: DhcpNameServer = 212.54.40.25 212.54.35.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-04-13 17:46:29 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Ly Trung Tin\Desktop\OTL.exe
[2012-04-13 17:42:04 | 000,000,000 | ---D | C] -- C:\Users\Ly Trung Tin\Desktop\tdsskiller
[2012-04-13 02:05:25 | 000,000,000 | -H-D | C] -- C:\Users\Ly Trung Tin\AppData\Roaming\Ruek
[2012-04-13 02:05:25 | 000,000,000 | -H-D | C] -- C:\Users\Ly Trung Tin\AppData\Roaming\Lyta
[2012-04-13 02:05:25 | 000,000,000 | -H-D | C] -- C:\Users\Ly Trung Tin\AppData\Roaming\Kyymn
[2012-04-12 19:39:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Windows
[2012-04-12 00:25:56 | 000,000,000 | -H-D | C] -- C:\Users\Ly Trung Tin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012-04-11 03:04:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012-04-11 03:04:22 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012-04-11 03:04:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012-04-11 03:04:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012-04-11 03:04:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012-04-11 03:04:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012-04-11 03:01:04 | 000,000,000 | -H-D | C] -- C:\ed41647ec778f3ff183d9d9f422c
[2012-04-11 03:00:38 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012-04-11 03:00:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012-03-20 00:57:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012-03-20 00:57:19 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2012-03-20 00:57:18 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2012-03-20 00:02:22 | 000,000,000 | -H-D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012-03-19 23:10:32 | 000,000,000 | -H-D | C] -- C:\Users\Ly Trung Tin\AppData\Roaming\Malwarebytes
[2012-03-19 23:10:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-03-19 23:10:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-03-19 23:10:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012-03-15 12:12:05 | 000,000,000 | -H-D | C] -- C:\8c69820944b1895e252a6837b3
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-13 18:22:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-04-13 18:22:41 | 2312,105,984 | -HS- | M] () -- C:\hiberfil.sys
[2012-04-13 17:46:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ly Trung Tin\Desktop\OTL.exe
[2012-04-13 17:44:24 | 000,337,137 | ---- | M] () -- C:\Users\Ly Trung Tin\Desktop\FSS.exe
[2012-04-13 17:41:31 | 002,052,353 | ---- | M] () -- C:\Users\Ly Trung Tin\Desktop\tdsskiller.zip
[2012-04-13 17:37:12 | 000,017,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-04-13 17:37:12 | 000,017,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-04-12 00:25:57 | 000,000,671 | -H-- | M] () -- C:\Users\Ly Trung Tin\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012-04-12 00:25:57 | 000,000,647 | -H-- | M] () -- C:\Users\Ly Trung Tin\Desktop\SMART_HDD.lnk
[2012-04-12 00:25:57 | 000,000,160 | -H-- | M] () -- C:\ProgramData\-hcAM5SyUBHe90ur
[2012-04-12 00:25:57 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-hcAM5SyUBHe90u
[2012-04-12 00:25:55 | 000,000,256 | -H-- | M] () -- C:\ProgramData\hcAM5SyUBHe90u
[2012-04-12 00:25:53 | 000,221,184 | -H-- | M] () -- C:\ProgramData\hcAM5SyUBHe90u.exe
[2012-04-12 00:14:41 | 000,300,544 | -H-- | M] () -- C:\ProgramData\GpXVjrjGnOQiwPw.exe
[2012-04-11 13:07:09 | 094,521,641 | -H-- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012-04-11 03:26:05 | 000,699,362 | -H-- | M] () -- C:\Windows\System32\perfh013.dat
[2012-04-11 03:26:05 | 000,624,178 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2012-04-11 03:26:05 | 000,133,074 | -H-- | M] () -- C:\Windows\System32\perfc013.dat
[2012-04-11 03:26:05 | 000,106,522 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2012-03-15 12:30:28 | 000,406,272 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-13 17:44:32 | 000,337,137 | ---- | C] () -- C:\Users\Ly Trung Tin\Desktop\FSS.exe
[2012-04-13 17:41:39 | 002,052,353 | ---- | C] () -- C:\Users\Ly Trung Tin\Desktop\tdsskiller.zip
[2012-04-12 00:25:57 | 000,000,671 | -H-- | C] () -- C:\Users\Ly Trung Tin\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012-04-12 00:25:57 | 000,000,647 | -H-- | C] () -- C:\Users\Ly Trung Tin\Desktop\SMART_HDD.lnk
[2012-04-12 00:25:57 | 000,000,160 | -H-- | C] () -- C:\ProgramData\-hcAM5SyUBHe90ur
[2012-04-12 00:25:57 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-hcAM5SyUBHe90u
[2012-04-12 00:25:54 | 000,000,256 | -H-- | C] () -- C:\ProgramData\hcAM5SyUBHe90u
[2012-04-12 00:25:53 | 000,221,184 | -H-- | C] () -- C:\ProgramData\hcAM5SyUBHe90u.exe
[2012-04-12 00:16:48 | 000,300,544 | -H-- | C] () -- C:\ProgramData\GpXVjrjGnOQiwPw.exe
[2012-01-30 22:09:42 | 000,699,362 | -H-- | C] () -- C:\Windows\System32\perfh013.dat
[2012-01-30 22:09:42 | 000,341,322 | -H-- | C] () -- C:\Windows\System32\perfi013.dat
[2012-01-30 22:09:42 | 000,133,074 | -H-- | C] () -- C:\Windows\System32\perfc013.dat
[2012-01-30 22:09:42 | 000,043,068 | -H-- | C] () -- C:\Windows\System32\perfd013.dat
[2012-01-30 20:43:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012-01-30 20:42:02 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-06-10 07:34:52 | 000,080,416 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011-02-11 20:10:52 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011-02-11 20:10:50 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin
[2011-02-11 20:10:50 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011-02-11 19:40:40 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011-02-11 19:38:44 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config

< End of report >

4. OTL Extra:

OTL Extras logfile created on: 13-4-2012 18:27:26 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Ly Trung Tin\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

2,87 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 88,79% Memory free
5,74 Gb Paging File | 5,44 Gb Available in Paging File | 94,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,12 Gb Total Space | 71,99 Gb Free Space | 71,90% Space Free | Partition Type: NTFS

Computer Name: LYTRUNGTIN-PC | User Name: Ly Trung Tin | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Nederlands
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"12Voip_is1" = 12Voip
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG9Uninstall" = AVG 9.0
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Setup" = DivX Setup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MpcStar" = MpcStar 5.3
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR archiver
"XviD" = XviD MPEG-4 Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12-4-2012 20:05:39 | Computer Name = LyTrungTin-PC | Source = ESENT | ID = 488
Description = WinMail (13004) WindowsMail0: Een poging het bestand C:\Users\Ly Trung
Tin\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat te maken is mislukt. Systeemfout
5 (0x00000005): Toegang geweigerd. . Tijdens het maken van het bestand treedt fout
-1032 (0xfffffbf8) op.

Error - 12-4-2012 20:05:39 | Computer Name = LyTrungTin-PC | Source = ESENT | ID = 217
Description = WinMail (13004) WindowsMail0: Fout (-1032) tijdens het maken van een
back-up van een database (bestand C:\Users\Ly Trung Tin\AppData\Local\Microsoft\Windows
Mail\WindowsMail.MSMessageStore). De database kan niet worden teruggezet.

Error - 12-4-2012 20:05:39 | Computer Name = LyTrungTin-PC | Source = ESENT | ID = 215
Description = WinMail (13004) WindowsMail0: Het maken van de back-up is gestopt,
omdat deze door de client is gestopt of omdat de verbinding met de client is mislukt.

Error - 13-4-2012 10:51:37 | Computer Name = LyTrungTin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Kan de tekenreeksen voor prestatiemeteritems voor de taal-id 009 niet
bijwerken. De foutcode is de eerste DWORD in de sectie Gegevens.

Error - 13-4-2012 10:51:37 | Computer Name = LyTrungTin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
Description = Het installeren van tekenreeksen van prestatiemeteritems voor de WmiApRpl-service
(WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens.

Error - 13-4-2012 11:36:22 | Computer Name = LyTrungTin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Kan de tekenreeksen voor prestatiemeteritems voor de taal-id 009 niet
bijwerken. De foutcode is de eerste DWORD in de sectie Gegevens.

Error - 13-4-2012 11:36:22 | Computer Name = LyTrungTin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
Description = Het installeren van tekenreeksen van prestatiemeteritems voor de WmiApRpl-service
(WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens.

Error - 13-4-2012 11:43:31 | Computer Name = LyTrungTin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Kan de tekenreeksen voor prestatiemeteritems voor de taal-id 009 niet
bijwerken. De foutcode is de eerste DWORD in de sectie Gegevens.

Error - 13-4-2012 11:43:31 | Computer Name = LyTrungTin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3009
Description = Het installeren van tekenreeksen van prestatiemeteritems voor de WmiApRpl-service
(WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens.

Error - 13-4-2012 12:26:56 | Computer Name = LyTrungTin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Kan de tekenreeksen voor prestatiemeteritems voor de taal-id 009 niet
bijwerken. De foutcode is de eerste DWORD in de sectie Gegevens.

[ System Events ]
Error - 13-4-2012 12:22:57 | Computer Name = LyTrungTin-PC | Source = DCOM | ID = 10005
Description =

Error - 13-4-2012 12:22:58 | Computer Name = LyTrungTin-PC | Source = DCOM | ID = 10005
Description =

Error - 13-4-2012 12:22:58 | Computer Name = LyTrungTin-PC | Source = DCOM | ID = 10005
Description =

Error - 13-4-2012 12:22:58 | Computer Name = LyTrungTin-PC | Source = Service Control Manager | ID = 7001
Description = De Network List Service-service is afhankelijk van de Network Location
Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 13-4-2012 12:22:58 | Computer Name = LyTrungTin-PC | Source = Service Control Manager | ID = 7001
Description = De Network List Service-service is afhankelijk van de Network Location
Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 13-4-2012 12:22:58 | Computer Name = LyTrungTin-PC | Source = Service Control Manager | ID = 7001
Description = De Network List Service-service is afhankelijk van de Network Location
Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 13-4-2012 12:22:58 | Computer Name = LyTrungTin-PC | Source = Service Control Manager | ID = 7001
Description = De Network List Service-service is afhankelijk van de Network Location
Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 13-4-2012 12:22:58 | Computer Name = LyTrungTin-PC | Source = Service Control Manager | ID = 7001
Description = De Network List Service-service is afhankelijk van de Network Location
Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 13-4-2012 12:22:58 | Computer Name = LyTrungTin-PC | Source = Service Control Manager | ID = 7001
Description = De Network List Service-service is afhankelijk van de Network Location
Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1068

Error - 13-4-2012 12:22:58 | Computer Name = LyTrungTin-PC | Source = Service Control Manager | ID = 7001
Description = De Network List Service-service is afhankelijk van de Network Location
Awareness-service, die vanwege de volgende fout niet kan worden gestart: %%1068


< End of report >

Edited by Dmday, 13 April 2012 - 11:58 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 16 April 2012 - 08:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Launch Farbar Service Scanner once again and type

ipsec.sys in the search BOX and click on search files.

Please post the log.
===


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

Please let me know what problems you are experiencing with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 22 April 2012 - 08:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 28 April 2012 - 08:27 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users