Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

text enhance - infected


  • Please log in to reply
5 replies to this topic

#1 hattricknz

hattricknz

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 29 May 2012 - 03:21 AM

Hi there

I have text enhance on my laptop.

Symtoms are that, if you hover over certain text on a webpage it shows up with an add below it. It also does something similar when entering text into certain text fields on search sites for example.

Running windows 7.

I came accross the following link and carried out TheShooter93's first post.

And below are the logs I got.

Now text enhance is still there, Can anyone advise me please?


-----------------------------------------------------------------------------------------------------------------------------------------


Results of screen317's Security Check version 0.99.39
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.0
JavaFX 2.1.0 SDK
Java™ 6 Update 31
Java™ 7 Update 4
Java SE Development Kit 7 Update 4
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
[/u]````````````````````End of Log``````````````````````[/u]

------

MiniToolBox by Farbar Version: 14-01-2012
Ran by KS (administrator) on 28-05-2012 at 22:18:20
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 127.0.0.1:8118

========================= FF Proxy Settings: ==============================

"network.proxy.backup.ftp", "localhost"
"network.proxy.backup.ftp_port", 8118
"network.proxy.backup.socks", "localhost"
"network.proxy.backup.socks_port", 8118
"network.proxy.backup.ssl", "localhost"
"network.proxy.backup.ssl_port", 8118
"network.proxy.ftp", "localhost"
"network.proxy.ftp_port", 8118
"network.proxy.http", "localhost"
"network.proxy.http_port", 8118
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "localhost"
"network.proxy.socks_port", 8118
"network.proxy.ssl", "localhost"
"network.proxy.ssl_port", 8118
"network.proxy.type", 0
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8192SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : KS-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Orcon

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Orcon
Description . . . . . . . . . . . : Realtek RTL8192SE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 70-F1-A1-48-79-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a4bb:278a:8756:78d%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, 28 May 2012 12:23:18 a.m.
Lease Expires . . . . . . . . . . : Tuesday, 29 May 2012 6:24:37 p.m.
Default Gateway . . . . . . . . . : 10.1.1.1
DHCP Server . . . . . . . . . . . : 10.1.1.1
DHCPv6 IAID . . . . . . . . . . . : 359723425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-F3-AE-E6-88-AE-1D-08-DF-37
DNS Servers . . . . . . . . . . . : 10.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Orcon
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 88-AE-1D-08-DF-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c28:11e2:c315:8827(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c28:11e2:c315:8827%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Orcon
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: BoB.Orcon
Address: 10.1.1.1

Name: google.com
Addresses: 74.125.237.133
74.125.237.130
74.125.237.137
74.125.237.142
74.125.237.131
74.125.237.135
74.125.237.128
74.125.237.134
74.125.237.129
74.125.237.136
74.125.237.132


Pinging google.com [74.125.237.133] with 32 bytes of data:
Reply from 74.125.237.133: bytes=32 time=86ms TTL=56
Reply from 74.125.237.133: bytes=32 time=54ms TTL=56

Ping statistics for 74.125.237.133:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 86ms, Average = 70ms
Server: BoB.Orcon
Address: 10.1.1.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=253ms TTL=49
Reply from 209.191.122.70: bytes=32 time=241ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 241ms, Maximum = 253ms, Average = 247ms
Server: BoB.Orcon
Address: 10.1.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
13...70 f1 a1 48 79 9d ......Realtek RTL8192SE Wireless LAN 802.11n PCI-E NIC
10...88 ae 1d 08 df 37 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.2 20
10.1.1.0 255.255.255.0 On-link 10.1.1.2 276
10.1.1.2 255.255.255.255 On-link 10.1.1.2 276
10.1.1.255 255.255.255.255 On-link 10.1.1.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:1c28:11e2:c315:8827/128
On-link
13 276 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::1c28:11e2:c315:8827/128
On-link
13 276 fe80::a4bb:278a:8756:78d/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/28/2012 06:24:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3360885

Error: (05/28/2012 06:24:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3360885

Error: (05/28/2012 06:24:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2012 05:28:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13104

Error: (05/28/2012 05:28:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13104

Error: (05/28/2012 05:28:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2012 05:28:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090

Error: (05/28/2012 05:28:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090

Error: (05/28/2012 05:28:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2012 05:28:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11029


System errors:
=============
Error: (05/26/2012 11:35:04 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (05/26/2012 11:34:36 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2012 09:28:30 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/25/2012 09:28:29 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/25/2012 09:28:29 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/25/2012 09:28:28 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/20/2012 06:09:27 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:45:42 a.m. on ?20/?05/?2012 was unexpected.

Error: (05/13/2012 08:23:24 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Storage Technology service failed to start due to the following error:
%%1053

Error: (05/13/2012 08:23:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

Error: (05/13/2012 08:22:49 PM) (Source: BugCheck) (User: )
Description: 0x00000050 (0xffffffff8748a540, 0x0000000000000000, 0xfffff8800599b92b, 0x0000000000000005)C:\Windows\MEMORY.DMP051312-48048-01


Microsoft Office Sessions:
=========================
Error: (05/28/2012 06:24:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3360885

Error: (05/28/2012 06:24:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3360885

Error: (05/28/2012 06:24:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2012 05:28:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13104

Error: (05/28/2012 05:28:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13104

Error: (05/28/2012 05:28:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2012 05:28:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090

Error: (05/28/2012 05:28:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090

Error: (05/28/2012 05:28:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2012 05:28:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11029


=========================== Installed Programs ============================

7-Zip 9.20
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Advertising Center (Version: 0.0.0.2)
Android SDK Tools (Version: 1.16)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2176)
AVG 2012 (Version: 12.0.2425)
AVG 2012 (Version: 2012.0.2176)
AVG Security Toolbar (Version: 10.2.0.3)
AVS Audio Converter 7
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Backup Manager Basic (Version: 2.0.0.60)
BearShare (Version: 10.0.0.123802)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Bing Bar (Version: 7.1.362.0)
BitTorrent (Version: 7.6.0)
BitTorrentBar Toolbar (Version: 6.8.2.0)
Blasterball 3 (Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 12.52.04)
BTGuard 2.4
Build-a-lot 2 (Version: 2.2.0.82)
Chicken Invaders 3 - Revenge of the Yolk (Version: 2.2.0.82)
Codec-V (Version: 1.15.149.149)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Complitly
CyberLink PowerDVD 9 (Version: 9.0.2719.50)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Elite Proxy Switcher 1.17
Escape Rosecliff Island (Version: 2.2.0.82)
Faerie Solitaire (Version: 2.2.0.82)
Freecorder 5 (Version: 5.04)
Freecorder Toolbar (Version: 6.3.3.3)
Gateway Game Console
Gateway Games (Version: 1.0.0.80)
Gateway InfoCentre (Version: 3.02.3000)
Gateway MyBackup (Version: 2.0.0.60)
Gateway Power Management (Version: 5.00.3003)
Gateway Recovery Management (Version: 4.05.3011)
Gateway Registration (Version: 1.03.3002)
Gateway ScreenSaver (Version: 1.1.0121.2010)
Gateway Social Networks (Version: 1.0.1517)
Gateway Updater (Version: 1.02.3001)
Google App Engine (Version: 1.6.4.0)
Google Chrome (Version: 19.0.1084.52)
Google Earth (Version: 6.2.2.6613)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Identity Card (Version: 1.00.3003)
iLivid (Version: 1.92)
ImagXpress (Version: 7.0.74.0)
Insaniquarium Deluxe (Version: 2.2.0.82)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.5.6.1001)
Intel® Turbo Boost Technology Driver (Version: 01.01.01.1007)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.1.6.0)
Java SE Development Kit 7 Update 4 (Version: 1.7.0.40)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
JavaFX 2.1.0 SDK (Version: 2.1.0)
Jewel Quest (Version: 2.2.0.82)
Jewel Quest Solitaire 3 (Version: 2.2.0.82)
Junk Mail filter update (Version: 14.0.8089.726)
Launch Manager (Version: 4.0.8)
Mahjongg Artifacts (Version: 2.2.0.82)
Mgeni Snapshot (10-22-2009) (Version: Snapshot (10-22-2009))
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 12.0 (x86 en-GB) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.4.10.100)
NeroExpress (Version: 9.4.33.100)
neroxml (Version: 1.0.0)
Notepad++ (Version: 6.1)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA Updatus (Version: 1.0.3)
Penguins! (Version: 2.2.0.82)
PFPortChecker 1.0.39 (Version: 1.0.39)
Polar Bowler (Version: 2.2.0.82)
Polar Golfer (Version: 2.2.0.82)
Polar Pool (Version: 2.2.0.82)
Python 3.2.3 (Version: 3.2.3150)
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.6015)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30118)
RealUpgrade 1.1 (Version: 1.1.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.158)
SopCast 3.4.0 (Version: 3.4.0)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC 9.0 Runtime (Version: 1.0.0)
Video Web Camera (Version: 1.7.120.325)
Virtual Families (Version: 2.2.0.82)
Virtual Villagers - A New Home (Version: 2.2.0.82)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.1.11 (Version: 1.1.11)
Welcome Center (Version: 1.01.3002)
WIDCOMM Bluetooth Software (Version: 6.3.0.4300)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Yahtzee (Version: 2.2.0.82)
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Toolbar
Zuma Deluxe (Version: 2.2.0.82)

========================= Memory info: ===================================

Percentage of memory in use: 76%
Total physical RAM: 3958.71 MB
Available physical RAM: 933.19 MB
Total Pagefile: 7915.61 MB
Available Pagefile: 4128.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.91 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:451.66 GB) (Free:200.44 GB) NTFS

========================= Users: ========================================

User accounts for \\KS-PC

Administrator Guest KS
UpdatusUser


**** End of log ****

-----------------------------------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/28/2012 at 11:51 PM

Application Version : 5.0.1150

Core Rules Database Version : 8650
Trace Rules Database Version: 6462

Scan type : Complete Scan
Total Scan Time : 01:18:37

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 627
Memory threats detected : 0
Registry items scanned : 68385
Registry threats detected : 0
File items scanned : 70739
File threats detected : 190

Adware.Tracking Cookie
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\Z1R1J9VN.txt [ /adbrite.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\41JESMNC.txt [ /media6degrees.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\ZLCVTYLW.txt [ /doubleclick.net ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\GMHUBHT4.txt [ /112.2o7.net ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\H2MQEJKN.txt [ /specificclick.net ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\MGLT7ZBH.txt [ /content.yieldmanager.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\CNJXI9LI.txt [ /ads.adk2.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\N4JW20E3.txt [ /adviva.net ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\7YUU5PS2.txt [ /trafficking.nabbr.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\3HNY0VB1.txt [ /ad.yieldmanager.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\ANJPPWP0.txt [ /adserver.adtechus.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\1811HALW.txt [ /advertising.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\HG3EAIWZ.txt [ /r1-ads.ace.advertising.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\4VXQE0MS.txt [ /at.atwola.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\SZTB5Z1O.txt [ /harrenmedianetwork.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\GLAEHICE.txt [ /ie-stat.bmmetrix.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\UG0FWN0O.txt [ /adxpose.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\TFUQOST7.txt [ /revsci.net ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\P2X8KMAQ.txt [ /casalemedia.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\KIG8BH0G.txt [ /content.yieldmanager.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\EN5G924I.txt [ /invitemedia.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\AGMAJCCD.txt [ /c.atdmt.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\J7GL7X0R.txt [ /atdmt.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\R71M7VVE.txt [ /tribalfusion.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\A8N1ZS1Y.txt [ /imrworldwide.com ]
C:\Users\KS\AppData\Roaming\Microsoft\Windows\Cookies\03LXM1QC.txt [ /ru4.com ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\5PCY448O.txt [ Cookie:ks@media6degrees.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\FTAH7YB6.txt [ Cookie:ks@www.googleadservices.com/pagead/conversion/1026055058/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\3G6O7NNY.txt [ Cookie:ks@www.googleadservices.com/pagead/conversion/1058702459/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\0RPWB2T2.txt [ Cookie:ks@doubleclick.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\2AS44B3B.txt [ Cookie:ks@viewablemedia.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\BPKEI9N0.txt [ Cookie:ks@msnbc.112.2o7.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\K0FV6UYZ.txt [ Cookie:ks@questionmarket.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\L7I3BSQ3.txt [ Cookie:ks@pg2.solution.weborama.fr/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZL52WIZU.txt [ Cookie:ks@anrtx.tacoda.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\EST89WZT.txt [ Cookie:ks@www.rugbyworldcup.com/rugbytracker/match=11229/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Z6H3X3T.txt [ Cookie:ks@mm.chitika.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\XROI2VNR.txt [ Cookie:ks@content.yieldmanager.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\MED23TPT.txt [ Cookie:ks@indieclick.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\JBRRHGP2.txt [ Cookie:ks@optimize.indieclick.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\ks@avgtechnologies.112.2o7[1].txt [ Cookie:ks@avgtechnologies.112.2o7.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\833Q43HU.txt [ Cookie:ks@adviva.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\PP2YZPCT.txt [ Cookie:ks@traveladvertising.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\UOVBZFPE.txt [ Cookie:ks@amazon-adsystem.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\0S0HQRE7.txt [ Cookie:ks@trafficking.nabbr.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\RRE0NL8S.txt [ Cookie:ks@ad.yieldmanager.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ADIWXUK.txt [ Cookie:ks@adserver.adtechus.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\W9P8828E.txt [ Cookie:ks@www.rugbyworldcup.com/rugbytracker/match=11219/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\E2TNSU8M.txt [ Cookie:ks@fastclick.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\V6KY5STV.txt [ Cookie:ks@advertising.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\RIGE8T34.txt [ Cookie:ks@r1-ads.ace.advertising.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\J9RJEH23.txt [ Cookie:ks@adform.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\GH58E3QC.txt [ Cookie:ks@at.atwola.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\X8N2SS6T.txt [ Cookie:ks@ie-stat.bmmetrix.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\AC3RHE35.txt [ Cookie:ks@adtech.de/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q02OBO9T.txt [ Cookie:ks@collective-media.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\VGPZFXXE.txt [ Cookie:ks@ar.atwola.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\JX7LEHS8.txt [ Cookie:ks@kantarmedia.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQXMDEB2.txt [ Cookie:ks@www.finda.co.nz/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\MY5ITCH0.txt [ Cookie:ks@adxpose.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\4QC7RD1Y.txt [ Cookie:ks@mediaplex.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\AC10LYA6.txt [ Cookie:ks@server.lon.liveperson.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\2K8WKJUZ.txt [ Cookie:ks@lucidmedia.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3AGAGWR.txt [ Cookie:ks@apnonline.112.2o7.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\F3SO1161.txt [ Cookie:ks@romnation.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\OLSN9P9U.txt [ Cookie:ks@a.intentmedia.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\OH7YFVYK.txt [ Cookie:ks@yadro.ru/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\621Q7HIY.txt [ Cookie:ks@zedo.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\BLYPOYAB.txt [ Cookie:ks@us.sitestat.com/future/maximum-pc/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y8T7799X.txt [ Cookie:ks@www.rugbyworldcup.com/rugbytracker/match=11227/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0EIGW1H.txt [ Cookie:ks@atdmt.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\AX2NGB11.txt [ Cookie:ks@tribalfusion.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\314L2WKX.txt [ Cookie:ks@liveperson.net/hc/64084401 ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\DOQLAR6V.txt [ Cookie:ks@track.adform.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\NLKJGUVE.txt [ Cookie:ks@pointroll.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\88H2XWX5.txt [ Cookie:ks@www.googleadservices.com/pagead/conversion/1066419217/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\GEI6W5EE.txt [ Cookie:ks@tacoda.at.atwola.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\YSJNLIQ4.txt [ Cookie:ks@legolas-media.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\VK9MTSSE.txt [ Cookie:ks@imrworldwide.com/cgi-bin ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\SV8UPIIH.txt [ Cookie:ks@media.sensis.com.au/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\G8SJ2YFW.txt [ Cookie:ks@www.googleadservices.com/pagead/conversion/1015385342/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\ICPHJKFF.txt [ Cookie:ks@ru4.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\W7WPZ92T.txt [ Cookie:ks@adlegend.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MMQJZ1I.txt [ Cookie:ks@serving-sys.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKRNL8XL.txt [ Cookie:ks@adbrite.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\O6NZQ9RZ.txt [ Cookie:ks@www.googleadservices.com/pagead/conversion/1053964783/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLD6G1RE.txt [ Cookie:ks@www.eliteproxyswitcher.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\45YE9W59.txt [ Cookie:ks@pt.trafficjunky.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\XJVYGAZZ.txt [ Cookie:ks@exoclick.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\VRXMCF9Z.txt [ Cookie:ks@www.googleadservices.com/pagead/conversion/1069390059/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\FG8FY401.txt [ Cookie:ks@ads2.zeusclicks.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\FGBGKHZC.txt [ Cookie:ks@pornhub.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\79ZUGP08.txt [ Cookie:ks@www.pornhub.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\V3ZTW7LV.txt [ Cookie:ks@www.googleadservices.com/pagead/conversion/1026990054/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\0O639ZTN.txt [ Cookie:ks@dc.tremormedia.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\HZ8HI9ZT.txt [ Cookie:ks@adinterax.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\WGWM5EF3.txt [ Cookie:ks@delivery.ctasnet.com/adserver/www/delivery/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\TRR3709P.txt [ Cookie:ks@e-2dj6aelielcpsep.stats.esomniture.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\JGJHAGMX.txt [ Cookie:ks@www.pornhub.com/video/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\N9KZSTR5.txt [ Cookie:ks@bleepexygirls.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\DB05QX1P.txt [ Cookie:ks@mediabrandsww.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\MTBGEEJI.txt [ Cookie:ks@www.googleadservices.com/pagead/conversion/994725524/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\NOTW42W0.txt [ Cookie:ks@yieldmanager.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\J013533R.txt [ Cookie:ks@tradedoubler.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\O5FB6LFS.txt [ Cookie:ks@ads.pointroll.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\BRN3BUHB.txt [ Cookie:ks@msnportal.112.2o7.net/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\PPGGJSVX.txt [ Cookie:ks@kontera.com/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\B7AHN3OK.txt [ Cookie:ks@www.googleadservices.com/pagead/conversion/1059846295/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\YETGESVJ.txt [ Cookie:ks@us.sitestat.com/future/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\4SA2AQBQ.txt [ Cookie:ks@aimfar.solution.weborama.fr/ ]
C:\USERS\KS\AppData\Roaming\Microsoft\Windows\Cookies\Low\RTHO1D5G.txt [ Cookie:ks@hornyonlinematch.com/ ]
C:\USERS\KS\Cookies\Z1R1J9VN.txt [ Cookie:ks@adbrite.com/ ]
C:\USERS\KS\Cookies\41JESMNC.txt [ Cookie:ks@media6degrees.com/ ]
C:\USERS\KS\Cookies\ZLCVTYLW.txt [ Cookie:ks@doubleclick.net/ ]
C:\USERS\KS\Cookies\GMHUBHT4.txt [ Cookie:ks@112.2o7.net/ ]
C:\USERS\KS\Cookies\MGLT7ZBH.txt [ Cookie:ks@content.yieldmanager.com/ ]
C:\USERS\KS\Cookies\N4JW20E3.txt [ Cookie:ks@adviva.net/ ]
C:\USERS\KS\Cookies\7YUU5PS2.txt [ Cookie:ks@trafficking.nabbr.com/ ]
C:\USERS\KS\Cookies\3HNY0VB1.txt [ Cookie:ks@ad.yieldmanager.com/ ]
C:\USERS\KS\Cookies\ANJPPWP0.txt [ Cookie:ks@adserver.adtechus.com/ ]
C:\USERS\KS\Cookies\1811HALW.txt [ Cookie:ks@advertising.com/ ]
C:\USERS\KS\Cookies\HG3EAIWZ.txt [ Cookie:ks@r1-ads.ace.advertising.com/ ]
C:\USERS\KS\Cookies\4VXQE0MS.txt [ Cookie:ks@at.atwola.com/ ]
C:\USERS\KS\Cookies\GLAEHICE.txt [ Cookie:ks@ie-stat.bmmetrix.com/ ]
C:\USERS\KS\Cookies\UG0FWN0O.txt [ Cookie:ks@adxpose.com/ ]
C:\USERS\KS\Cookies\TFUQOST7.txt [ Cookie:ks@revsci.net/ ]
C:\USERS\KS\Cookies\KIG8BH0G.txt [ Cookie:ks@content.yieldmanager.com/ak/ ]
C:\USERS\KS\Cookies\J7GL7X0R.txt [ Cookie:ks@atdmt.com/ ]
C:\USERS\KS\Cookies\R71M7VVE.txt [ Cookie:ks@tribalfusion.com/ ]
C:\USERS\KS\Cookies\A8N1ZS1Y.txt [ Cookie:ks@imrworldwide.com/cgi-bin ]
C:\USERS\KS\Cookies\03LXM1QC.txt [ Cookie:ks@ru4.com/ ]
.adinterax.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\KS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
8tracks.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
ia.media-imdb.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
media-vimg-net.vimg.net [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
media.mtvnservices.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
mediaservice.mirror-image.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
richmedia247.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
s0.2mdn.net [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
secure-nz.imrworldwide.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
secure-uk.imrworldwide.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
secure-us.imrworldwide.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
stat.easydate.biz [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
stat.ed.cupidplc.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
stat.upforitnetworks.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
static.discoverymedia.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
static.mediaworks.co.nz [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
www.pornhub.com [ C:\USERS\KS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9HWKHQRY ]
C:\USERS\KS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KS@ADS.ADFOX[2].TXT [ /ADS.ADFOX ]
C:\USERS\KS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KS@ADS.ADFOX[1].TXT [ /ADS.ADFOX ]
C:\USERS\KS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KS@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]

Trojan.Agent/Gen-SoftonicDownloader
C:\USERS\KS\DESKTOP\SOFTONICDOWNLOADER_FOR_SOPCAST.EXE


-----------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
KS :: KS-PC [administrator]

29/05/2012 12:06:27 a.m.
mbam-log-2012-05-29 (00-06-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207885
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\Codec-V\Codec-V.dll (PUP.Codec.PR) -> Quarantined and deleted successfully.
C:\Users\KS\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)


---------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-29 19:46:18
Windows 6.1.7601 Service Pack 1
Running: 3jxk48l7.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbeb4f68
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbeb4f68 (not active ControlSet)

---- EOF - GMER 1.0.15 ----



-----------------------------------------------------------------------------------------------------------------------------------------

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:07 PM

Posted 29 May 2012 - 02:44 PM

Hello, looks like you may have grabbed an infected Codec file.
How is it after these?

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • [color=green]Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.[/colo
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hattricknz

hattricknz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 30 May 2012 - 05:21 AM

Thanks for that this is what I got

TDSS found zero
ESET found 4 things but I am not sure if it deleted them.

Will let you know if am still suffering from text enhance after PC reboot

Thanks Again

----------------------------------------------------------------------------------------------------------------------------


19:20:29.0713 6108 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
19:20:30.0692 6108 ============================================================
19:20:30.0692 6108 Current date / time: 2012/05/30 19:20:30.0692
19:20:30.0692 6108 SystemInfo:
19:20:30.0693 6108
19:20:30.0693 6108 OS Version: 6.1.7601 ServicePack: 1.0
19:20:30.0693 6108 Product type: Workstation
19:20:30.0693 6108 ComputerName: KS-PC
19:20:30.0693 6108 UserName: KS
19:20:30.0693 6108 Windows directory: C:\Windows
19:20:30.0693 6108 System windows directory: C:\Windows
19:20:30.0693 6108 Running under WOW64
19:20:30.0693 6108 Processor architecture: Intel x64
19:20:30.0693 6108 Number of processors: 4
19:20:30.0693 6108 Page size: 0x1000
19:20:30.0693 6108 Boot type: Normal boot
19:20:30.0693 6108 ============================================================
19:20:31.0189 6108 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200,

Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:20:31.0196 6108 ============================================================
19:20:31.0196 6108 \Device\Harddisk0\DR0:
19:20:31.0197 6108 MBR partitions:
19:20:31.0197 6108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C01A24, BlocksNum

0x32FCD
19:20:31.0197 6108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C349F1, BlocksNum

0x38750E3F
19:20:31.0197 6108 ============================================================
19:20:31.0216 6108 C: <-> \Device\Harddisk0\DR0\Partition1
19:20:31.0216 6108 ============================================================
19:20:31.0216 6108 Initialize success
19:20:31.0216 6108 ============================================================
19:20:43.0033 3968 ============================================================
19:20:43.0033 3968 Scan started
19:20:43.0033 3968 Mode: Manual;
19:20:43.0033 3968 ============================================================
19:20:43.0529 3968 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files

\SUPERAntiSpyware\SASCORE64.EXE
19:20:43.0531 3968 !SASCORE - ok
19:20:43.0853 3968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers

\1394ohci.sys
19:20:43.0869 3968 1394ohci - ok
19:20:43.0938 3968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers

\ACPI.sys
19:20:43.0941 3968 ACPI - ok
19:20:43.0975 3968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers

\acpipmi.sys
19:20:43.0977 3968 AcpiPmi - ok
19:20:44.0155 3968 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:20:44.0159 3968 AdobeFlashPlayerUpdateSvc - ok
19:20:44.0272 3968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS

\adp94xx.sys
19:20:44.0302 3968 adp94xx - ok
19:20:44.0372 3968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS

\adpahci.sys
19:20:44.0400 3968 adpahci - ok
19:20:44.0445 3968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS

\adpu320.sys
19:20:44.0454 3968 adpu320 - ok
19:20:44.0509 3968 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows

\System32\aelupsvc.dll
19:20:44.0510 3968 AeLookupSvc - ok
19:20:44.0610 3968 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers

\afd.sys
19:20:44.0629 3968 AFD - ok
19:20:44.0676 3968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers

\agp440.sys
19:20:44.0678 3968 agp440 - ok
19:20:44.0718 3968 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:20:44.0720 3968 ALG - ok
19:20:44.0759 3968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers

\aliide.sys
19:20:44.0761 3968 aliide - ok
19:20:44.0776 3968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers

\amdide.sys
19:20:44.0778 3968 amdide - ok
19:20:44.0822 3968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS

\amdk8.sys
19:20:44.0825 3968 AmdK8 - ok
19:20:44.0852 3968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS

\amdppm.sys
19:20:44.0854 3968 AmdPPM - ok
19:20:44.0900 3968 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers

\amdsata.sys
19:20:44.0902 3968 amdsata - ok
19:20:44.0953 3968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS

\amdsbs.sys
19:20:44.0982 3968 amdsbs - ok
19:20:45.0004 3968 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers

\amdxata.sys
19:20:45.0005 3968 amdxata - ok
19:20:45.0049 3968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers

\appid.sys
19:20:45.0051 3968 AppID - ok
19:20:45.0077 3968 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows

\System32\appidsvc.dll
19:20:45.0078 3968 AppIDSvc - ok
19:20:45.0131 3968 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows

\System32\appinfo.dll
19:20:45.0133 3968 Appinfo - ok
19:20:45.0264 3968 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files

(x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:20:45.0267 3968 Apple Mobile Device - ok
19:20:45.0308 3968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS

\arc.sys
19:20:45.0310 3968 arc - ok
19:20:45.0331 3968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS

\arcsas.sys
19:20:45.0334 3968 arcsas - ok
19:20:45.0364 3968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS

\asyncmac.sys
19:20:45.0365 3968 AsyncMac - ok
19:20:45.0407 3968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers

\atapi.sys
19:20:45.0408 3968 atapi - ok
19:20:45.0520 3968 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows

\System32\Audiosrv.dll
19:20:45.0527 3968 AudioEndpointBuilder - ok
19:20:45.0534 3968 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows

\System32\Audiosrv.dll
19:20:45.0539 3968 AudioSrv - ok
19:20:45.0958 3968 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG

\AVG2012\AVGIDSAgent.exe
19:20:45.0984 3968 AVGIDSAgent - ok
19:20:46.0176 3968 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS

\avgidsdrivera.sys
19:20:46.0179 3968 AVGIDSDriver - ok
19:20:46.0228 3968 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS

\avgidsfiltera.sys
19:20:46.0230 3968 AVGIDSFilter - ok
19:20:46.0263 3968 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS

\avgidsha.sys
19:20:46.0264 3968 AVGIDSHA - ok
19:20:46.0309 3968 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS

\avgldx64.sys
19:20:46.0322 3968 Avgldx64 - ok
19:20:46.0352 3968 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS

\avgmfx64.sys
19:20:46.0354 3968 Avgmfx64 - ok
19:20:46.0399 3968 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS

\avgrkx64.sys
19:20:46.0400 3968 Avgrkx64 - ok
19:20:46.0451 3968 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS

\avgtdia.sys
19:20:46.0478 3968 Avgtdia - ok
19:20:46.0588 3968 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG

\AVG2012\avgwdsvc.exe
19:20:46.0590 3968 avgwd - ok
19:20:46.0657 3968 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows

\System32\AxInstSV.dll
19:20:46.0660 3968 AxInstSV - ok
19:20:46.0736 3968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS

\bxvbda.sys
19:20:46.0756 3968 b06bdrv - ok
19:20:46.0822 3968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS

\b57nd60a.sys
19:20:46.0856 3968 b57nd60a - ok
19:20:46.0983 3968 BBSvc (47480f4260dae9aa589bcaf924b3767a) C:\Program Files

(x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
19:20:46.0984 3968 BBSvc - ok
19:20:47.0023 3968 BBUpdate (6bf743cbf3bcd09dab79245e60e1ae62) C:\Program Files

(x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
19:20:47.0024 3968 BBUpdate - ok
19:20:47.0065 3968 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:20:47.0067 3968 BDESVC - ok
19:20:47.0105 3968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers

\Beep.sys
19:20:47.0106 3968 Beep - ok
19:20:47.0209 3968 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:20:47.0235 3968 BFE - ok
19:20:47.0337 3968 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:20:47.0396 3968 BITS - ok
19:20:47.0486 3968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS

\blbdrive.sys
19:20:47.0488 3968 blbdrive - ok
19:20:47.0621 3968 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour

\mDNSResponder.exe
19:20:47.0626 3968 Bonjour Service - ok
19:20:47.0666 3968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS

\bowser.sys
19:20:47.0668 3968 bowser - ok
19:20:47.0702 3968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS

\BrFiltLo.sys
19:20:47.0704 3968 BrFiltLo - ok
19:20:47.0723 3968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS

\BrFiltUp.sys
19:20:47.0724 3968 BrFiltUp - ok
19:20:47.0774 3968 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows

\System32\browser.dll
19:20:47.0786 3968 Browser - ok
19:20:47.0837 3968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers

\Brserid.sys
19:20:47.0848 3968 Brserid - ok
19:20:47.0880 3968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers

\BrSerWdm.sys
19:20:47.0882 3968 BrSerWdm - ok
19:20:47.0908 3968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers

\BrUsbMdm.sys
19:20:47.0909 3968 BrUsbMdm - ok
19:20:47.0933 3968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers

\BrUsbSer.sys
19:20:47.0934 3968 BrUsbSer - ok
19:20:47.0986 3968 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers

\BthEnum.sys
19:20:47.0988 3968 BthEnum - ok
19:20:48.0013 3968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS

\bthmodem.sys
19:20:48.0015 3968 BTHMODEM - ok
19:20:48.0056 3968 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS

\bthpan.sys
19:20:48.0059 3968 BthPan - ok
19:20:48.0161 3968 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers

\BTHport.sys
19:20:48.0199 3968 BTHPORT - ok
19:20:48.0261 3968 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows

\system32\bthserv.dll
19:20:48.0264 3968 bthserv - ok
19:20:48.0286 3968 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers

\BTHUSB.sys
19:20:48.0289 3968 BTHUSB - ok
19:20:48.0349 3968 btwampfl (380b798d30c56ede4af58619d0e86ccb) C:\Windows\system32\drivers

\btwampfl.sys
19:20:48.0368 3968 btwampfl - ok
19:20:48.0408 3968 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers

\btwaudio.sys
19:20:48.0411 3968 btwaudio - ok
19:20:48.0444 3968 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS

\btwavdt.sys
19:20:48.0447 3968 btwavdt - ok
19:20:48.0618 3968 btwdins (3930e53ee0bed9dff9afa09f505d0cae) C:\Program Files\WIDCOMM

\Bluetooth Software\btwdins.exe
19:20:48.0627 3968 btwdins - ok
19:20:48.0702 3968 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS

\btwl2cap.sys
19:20:48.0704 3968 btwl2cap - ok
19:20:48.0723 3968 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS

\btwrchid.sys
19:20:48.0725 3968 btwrchid - ok
19:20:48.0774 3968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS

\cdfs.sys
19:20:48.0776 3968 cdfs - ok
19:20:48.0834 3968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers

\cdrom.sys
19:20:48.0845 3968 cdrom - ok
19:20:48.0892 3968 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows

\System32\certprop.dll
19:20:48.0894 3968 CertPropSvc - ok
19:20:48.0935 3968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS

\circlass.sys
19:20:48.0937 3968 circlass - ok
19:20:49.0002 3968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:20:49.0006 3968 CLFS - ok
19:20:49.0118 3968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows

\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:20:49.0121 3968 clr_optimization_v2.0.50727_32 - ok
19:20:49.0158 3968 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows

\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:20:49.0160 3968 clr_optimization_v2.0.50727_64 - ok
19:20:49.0194 3968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS

\CmBatt.sys
19:20:49.0196 3968 CmBatt - ok
19:20:49.0231 3968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers

\cmdide.sys
19:20:49.0232 3968 cmdide - ok
19:20:49.0305 3968 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers

\cng.sys
19:20:49.0310 3968 CNG - ok
19:20:49.0374 3968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS

\compbatt.sys
19:20:49.0376 3968 Compbatt - ok
19:20:49.0407 3968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers

\CompositeBus.sys
19:20:49.0409 3968 CompositeBus - ok
19:20:49.0423 3968 COMSysApp - ok
19:20:49.0439 3968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS

\crcdisk.sys
19:20:49.0441 3968 crcdisk - ok
19:20:49.0499 3968 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows

\system32\cryptsvc.dll
19:20:49.0501 3968 CryptSvc - ok
19:20:49.0604 3968 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:20:49.0611 3968 DcomLaunch - ok
19:20:49.0688 3968 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows

\System32\defragsvc.dll
19:20:49.0699 3968 defragsvc - ok
19:20:49.0757 3968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers

\dfsc.sys
19:20:49.0760 3968 DfsC - ok
19:20:49.0831 3968 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows

\system32\dhcpcore.dll
19:20:49.0835 3968 Dhcp - ok
19:20:49.0898 3968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers

\discache.sys
19:20:49.0900 3968 discache - ok
19:20:49.0931 3968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS

\disk.sys
19:20:49.0933 3968 Disk - ok
19:20:49.0977 3968 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows

\System32\dnsrslvr.dll
19:20:49.0980 3968 Dnscache - ok
19:20:50.0077 3968 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows

\System32\dot3svc.dll
19:20:50.0082 3968 dot3svc - ok
19:20:50.0110 3968 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:20:50.0113 3968 DPS - ok
19:20:50.0153 3968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers

\drmkaud.sys
19:20:50.0155 3968 drmkaud - ok
19:20:50.0258 3968 DsiWMIService (e2b2853a0210d6edab2261870bd80c1a) C:\Program Files (x86)\Launch

Manager\dsiwmis.exe
19:20:50.0262 3968 DsiWMIService - ok
19:20:50.0380 3968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers

\dxgkrnl.sys
19:20:50.0398 3968 DXGKrnl - ok
19:20:50.0426 3968 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:20:50.0429 3968 EapHost - ok
19:20:50.0745 3968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS

\evbda.sys
19:20:50.0826 3968 ebdrv - ok
19:20:50.0980 3968 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:20:50.0982 3968 EFS - ok
19:20:51.0095 3968 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:20:51.0118 3968 ehRecvr - ok
19:20:51.0156 3968 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:20:51.0168 3968 ehSched - ok
19:20:51.0266 3968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS

\elxstor.sys
19:20:51.0283 3968 elxstor - ok
19:20:51.0429 3968 ePowerSvc (91c2e6234f6884c6feef9658d8ede6b6) C:\Program Files\Gateway

\Gateway Power Management\ePowerSvc.exe
19:20:51.0439 3968 ePowerSvc - ok
19:20:51.0580 3968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers

\errdev.sys
19:20:51.0582 3968 ErrDev - ok
19:20:51.0655 3968 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:20:51.0659 3968 EventSystem - ok
19:20:51.0700 3968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers

\exfat.sys
19:20:51.0730 3968 exfat - ok
19:20:51.0759 3968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers

\fastfat.sys
19:20:51.0777 3968 fastfat - ok
19:20:51.0877 3968 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:20:51.0915 3968 Fax - ok
19:20:51.0945 3968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS

\fdc.sys
19:20:51.0947 3968 fdc - ok
19:20:51.0986 3968 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows

\system32\fdPHost.dll
19:20:51.0988 3968 fdPHost - ok
19:20:52.0000 3968 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows

\system32\fdrespub.dll
19:20:52.0002 3968 FDResPub - ok
19:20:52.0033 3968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers

\fileinfo.sys
19:20:52.0034 3968 FileInfo - ok
19:20:52.0045 3968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers

\filetrace.sys
19:20:52.0047 3968 Filetrace - ok
19:20:52.0083 3968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS

\flpydisk.sys
19:20:52.0084 3968 flpydisk - ok
19:20:52.0134 3968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers

\fltmgr.sys
19:20:52.0137 3968 FltMgr - ok
19:20:52.0289 3968 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows

\system32\FntCache.dll
19:20:52.0323 3968 FontCache - ok
19:20:52.0431 3968 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net

\Framework64\v3.0\WPF\PresentationFontCache.exe
19:20:52.0433 3968 FontCache3.0.0.0 - ok
19:20:52.0474 3968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers

\FsDepends.sys
19:20:52.0476 3968 FsDepends - ok
19:20:52.0524 3968 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers

\Fs_Rec.sys
19:20:52.0525 3968 Fs_Rec - ok
19:20:52.0580 3968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS

\fvevol.sys
19:20:52.0583 3968 fvevol - ok
19:20:52.0619 3968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS

\gagp30kx.sys
19:20:52.0621 3968 gagp30kx - ok
19:20:52.0735 3968 GameConsoleService (6858c318e8daa40e747e6fb9b214e104) C:\Program Files

(x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
19:20:52.0751 3968 GameConsoleService - ok
19:20:52.0802 3968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS

\GEARAspiWDM.sys
19:20:52.0804 3968 GEARAspiWDM - ok
19:20:52.0909 3968 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:20:52.0918 3968 gpsvc - ok
19:20:52.0994 3968 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files

(x86)\Gateway\Registration\GREGsvc.exe
19:20:52.0995 3968 GREGService - ok
19:20:53.0084 3968 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe
19:20:53.0085 3968 gupdate - ok
19:20:53.0104 3968 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe
19:20:53.0106 3968 gupdatem - ok
19:20:53.0139 3968 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google

\Common\Google Updater\GoogleUpdaterService.exe
19:20:53.0142 3968 gusvc - ok
19:20:53.0184 3968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers

\hcw85cir.sys
19:20:53.0186 3968 hcw85cir - ok
19:20:53.0266 3968 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers

\HdAudio.sys
19:20:53.0273 3968 HdAudAddService - ok
19:20:53.0333 3968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers

\HDAudBus.sys
19:20:53.0335 3968 HDAudBus - ok
19:20:53.0381 3968 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS

\HECIx64.sys
19:20:53.0383 3968 HECIx64 - ok
19:20:53.0411 3968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS

\HidBatt.sys
19:20:53.0413 3968 HidBatt - ok
19:20:53.0441 3968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS

\hidbth.sys
19:20:53.0444 3968 HidBth - ok
19:20:53.0451 3968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS

\hidir.sys
19:20:53.0453 3968 HidIr - ok
19:20:53.0482 3968 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows

\system32\hidserv.dll
19:20:53.0485 3968 hidserv - ok
19:20:53.0561 3968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers

\hidusb.sys
19:20:53.0563 3968 HidUsb - ok
19:20:53.0598 3968 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:20:53.0601 3968 hkmsvc - ok
19:20:53.0654 3968 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows

\system32\ListSvc.dll
19:20:53.0669 3968 HomeGroupListener - ok
19:20:53.0713 3968 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows

\system32\provsvc.dll
19:20:53.0716 3968 HomeGroupProvider - ok
19:20:53.0797 3968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers

\HpSAMD.sys
19:20:53.0800 3968 HpSAMD - ok
19:20:53.0896 3968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers

\HTTP.sys
19:20:53.0904 3968 HTTP - ok
19:20:53.0937 3968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers

\hwpolicy.sys
19:20:53.0938 3968 hwpolicy - ok
19:20:53.0985 3968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers

\i8042prt.sys
19:20:53.0988 3968 i8042prt - ok
19:20:54.0049 3968 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS

\iaStor.sys
19:20:54.0054 3968 iaStor - ok
19:20:54.0149 3968 IAStorDataMgrSvc (48362e5db5cb2c000c514ee1f3890acd) C:\Program Files (x86)\Intel

\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:20:54.0150 3968 IAStorDataMgrSvc - ok
19:20:54.0228 3968 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers

\iaStorV.sys
19:20:54.0242 3968 iaStorV - ok
19:20:54.0405 3968 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET

\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:20:54.0422 3968 idsvc - ok
19:20:54.0468 3968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS

\iirsp.sys
19:20:54.0470 3968 iirsp - ok
19:20:54.0567 3968 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:20:54.0582 3968 IKEEXT - ok
19:20:54.0634 3968 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS

\Impcd.sys
19:20:54.0644 3968 Impcd - ok
19:20:54.0866 3968 IntcAzAudAddService (51c98815721b44bf70e8aeb3ff3f57d6) C:\Windows

\system32\drivers\RTKVHD64.sys
19:20:54.0922 3968 IntcAzAudAddService - ok
19:20:55.0087 3968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers

\intelide.sys
19:20:55.0089 3968 intelide - ok
19:20:55.0120 3968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS

\intelppm.sys
19:20:55.0121 3968 intelppm - ok
19:20:55.0149 3968 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows

\system32\ipbusenum.dll
19:20:55.0152 3968 IPBusEnum - ok
19:20:55.0189 3968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS

\ipfltdrv.sys
19:20:55.0192 3968 IpFilterDriver - ok
19:20:55.0262 3968 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows

\System32\iphlpsvc.dll
19:20:55.0269 3968 iphlpsvc - ok
19:20:55.0300 3968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers

\IPMIDrv.sys
19:20:55.0303 3968 IPMIDRV - ok
19:20:55.0343 3968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers

\ipnat.sys
19:20:55.0346 3968 IPNAT - ok
19:20:55.0507 3968 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin

\iPodService.exe
19:20:55.0517 3968 iPod Service - ok
19:20:55.0562 3968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers

\irenum.sys
19:20:55.0563 3968 IRENUM - ok
19:20:55.0598 3968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers

\isapnp.sys
19:20:55.0600 3968 isapnp - ok
19:20:55.0641 3968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers

\msiscsi.sys
19:20:55.0664 3968 iScsiPrt - ok
19:20:55.0739 3968 ISWKL (bf65e6d039ae37c988d5b2b680e7d718) C:\Program Files\CheckPoint

\ZAForceField\ISWKL.sys
19:20:55.0741 3968 ISWKL - ok
19:20:55.0840 3968 IswSvc (99148599fe4d0a5cd7c7eb74ed5a63e4) C:\Program Files\CheckPoint

\ZAForceField\IswSvc.exe
19:20:55.0848 3968 IswSvc - ok
19:20:55.0922 3968 k57nd60a (c9b4ecc187581e5bf3f76648884b7829) C:\Windows\system32\DRIVERS

\k57nd60a.sys
19:20:55.0931 3968 k57nd60a - ok
19:20:55.0967 3968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers

\kbdclass.sys
19:20:55.0969 3968 kbdclass - ok
19:20:56.0011 3968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers

\kbdhid.sys
19:20:56.0013 3968 kbdhid - ok
19:20:56.0047 3968 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:20:56.0048 3968 KeyIso - ok
19:20:56.0075 3968 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers

\ksecdd.sys
19:20:56.0077 3968 KSecDD - ok
19:20:56.0119 3968 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers

\ksecpkg.sys
19:20:56.0121 3968 KSecPkg - ok
19:20:56.0164 3968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers

\ksthunk.sys
19:20:56.0165 3968 ksthunk - ok
19:20:56.0224 3968 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows

\system32\msdtckrm.dll
19:20:56.0240 3968 KtmRm - ok
19:20:56.0295 3968 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:20:56.0300 3968 LanmanServer - ok
19:20:56.0339 3968 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows

\System32\wkssvc.dll
19:20:56.0342 3968 LanmanWorkstation - ok
19:20:56.0378 3968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS

\lltdio.sys
19:20:56.0380 3968 lltdio - ok
19:20:56.0443 3968 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows

\System32\lltdsvc.dll
19:20:56.0453 3968 lltdsvc - ok
19:20:56.0467 3968 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:20:56.0468 3968 lmhosts - ok
19:20:56.0568 3968 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel

\Intel® Management Engine Components\LMS\LMS.exe
19:20:56.0571 3968 LMS - ok
19:20:56.0611 3968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS

\lsi_fc.sys
19:20:56.0614 3968 LSI_FC - ok
19:20:56.0648 3968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS

\lsi_sas.sys
19:20:56.0651 3968 LSI_SAS - ok
19:20:56.0670 3968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS

\lsi_sas2.sys
19:20:56.0672 3968 LSI_SAS2 - ok
19:20:56.0699 3968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS

\lsi_scsi.sys
19:20:56.0702 3968 LSI_SCSI - ok
19:20:56.0739 3968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers

\luafv.sys
19:20:56.0740 3968 luafv - ok
19:20:56.0769 3968 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows

\system32\Mcx2Svc.dll
19:20:56.0773 3968 Mcx2Svc - ok
19:20:56.0806 3968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS

\megasas.sys
19:20:56.0808 3968 megasas - ok
19:20:56.0845 3968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS

\MegaSR.sys
19:20:56.0856 3968 MegaSR - ok
19:20:56.0923 3968 Microsoft SharePoint Workspace Audit Service - ok
19:20:56.0969 3968 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:20:56.0972 3968 MMCSS - ok
19:20:56.0988 3968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers

\modem.sys
19:20:56.0990 3968 Modem - ok
19:20:57.0015 3968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS

\monitor.sys
19:20:57.0016 3968 monitor - ok
19:20:57.0055 3968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers

\mouclass.sys
19:20:57.0057 3968 mouclass - ok
19:20:57.0099 3968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS

\mouhid.sys
19:20:57.0101 3968 mouhid - ok
19:20:57.0133 3968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers

\mountmgr.sys
19:20:57.0135 3968 mountmgr - ok
19:20:57.0201 3968 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files

(x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:20:57.0213 3968 MozillaMaintenance - ok
19:20:57.0258 3968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers

\mpio.sys
19:20:57.0268 3968 mpio - ok
19:20:57.0305 3968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers

\mpsdrv.sys
19:20:57.0307 3968 mpsdrv - ok
19:20:57.0405 3968 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:20:57.0414 3968 MpsSvc - ok
19:20:57.0449 3968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers

\mrxdav.sys
19:20:57.0460 3968 MRxDAV - ok
19:20:57.0499 3968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS

\mrxsmb.sys
19:20:57.0501 3968 mrxsmb - ok
19:20:57.0569 3968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS

\mrxsmb10.sys
19:20:57.0572 3968 mrxsmb10 - ok
19:20:57.0636 3968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS

\mrxsmb20.sys
19:20:57.0638 3968 mrxsmb20 - ok
19:20:57.0676 3968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers

\msahci.sys
19:20:57.0677 3968 msahci - ok
19:20:57.0717 3968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers

\msdsm.sys
19:20:57.0728 3968 msdsm - ok
19:20:57.0774 3968 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:20:57.0778 3968 MSDTC - ok
19:20:57.0816 3968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers

\Msfs.sys
19:20:57.0818 3968 Msfs - ok
19:20:57.0852 3968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers

\mshidkmdf.sys
19:20:57.0854 3968 mshidkmdf - ok
19:20:57.0880 3968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers

\msisadrv.sys
19:20:57.0881 3968 msisadrv - ok
19:20:57.0925 3968 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows

\system32\iscsiexe.dll
19:20:57.0935 3968 MSiSCSI - ok
19:20:57.0939 3968 msiserver - ok
19:20:57.0978 3968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers

\MSKSSRV.sys
19:20:57.0980 3968 MSKSSRV - ok
19:20:57.0990 3968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers

\MSPCLOCK.sys
19:20:57.0992 3968 MSPCLOCK - ok
19:20:58.0000 3968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers

\MSPQM.sys
19:20:58.0002 3968 MSPQM - ok
19:20:58.0064 3968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers

\MsRPC.sys
19:20:58.0068 3968 MsRPC - ok
19:20:58.0111 3968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers

\mssmbios.sys
19:20:58.0112 3968 mssmbios - ok
19:20:58.0152 3968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers

\MSTEE.sys
19:20:58.0154 3968 MSTEE - ok
19:20:58.0171 3968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS

\MTConfig.sys
19:20:58.0172 3968 MTConfig - ok
19:20:58.0198 3968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers

\mup.sys
19:20:58.0199 3968 Mup - ok
19:20:58.0256 3968 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows

\system32\qagentRT.dll
19:20:58.0277 3968 napagent - ok
19:20:58.0344 3968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS

\nwifi.sys
19:20:58.0347 3968 NativeWifiP - ok
19:20:58.0463 3968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers

\ndis.sys
19:20:58.0473 3968 NDIS - ok
19:20:58.0505 3968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS

\ndiscap.sys
19:20:58.0507 3968 NdisCap - ok
19:20:58.0534 3968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS

\ndistapi.sys
19:20:58.0535 3968 NdisTapi - ok
19:20:58.0575 3968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS

\ndisuio.sys
19:20:58.0576 3968 Ndisuio - ok
19:20:58.0611 3968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS

\ndiswan.sys
19:20:58.0620 3968 NdisWan - ok
19:20:58.0652 3968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers

\NDProxy.sys
19:20:58.0654 3968 NDProxy - ok
19:20:58.0840 3968 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files

(x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:20:58.0854 3968 Nero BackItUp Scheduler 4.0 - ok
19:20:58.0896 3968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS

\netbios.sys
19:20:58.0898 3968 NetBIOS - ok
19:20:58.0946 3968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS

\netbt.sys
19:20:58.0960 3968 NetBT - ok
19:20:58.0991 3968 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:20:58.0994 3968 Netlogon - ok
19:20:59.0064 3968 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:20:59.0081 3968 Netman - ok
19:20:59.0122 3968 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows

\System32\netprofm.dll
19:20:59.0131 3968 netprofm - ok
19:20:59.0213 3968 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET

\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:20:59.0216 3968 NetTcpPortSharing - ok
19:20:59.0263 3968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS

\nfrd960.sys
19:20:59.0266 3968 nfrd960 - ok
19:20:59.0335 3968 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:20:59.0340 3968 NlaSvc - ok
19:20:59.0357 3968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers

\Npfs.sys
19:20:59.0359 3968 Npfs - ok
19:20:59.0387 3968 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:20:59.0388 3968 nsi - ok
19:20:59.0432 3968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers

\nsiproxy.sys
19:20:59.0433 3968 nsiproxy - ok
19:20:59.0624 3968 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers

\Ntfs.sys
19:20:59.0642 3968 Ntfs - ok
19:20:59.0725 3968 NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files

(x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
19:20:59.0728 3968 NTI IScheduleSvc - ok
19:20:59.0909 3968 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers

\NTIDrvr.sys
19:20:59.0911 3968 NTIDrvr - ok
19:20:59.0925 3968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers

\Null.sys
19:20:59.0926 3968 Null - ok
19:20:59.0977 3968 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers

\nvhda64v.sys
19:20:59.0980 3968 NVHDA - ok
19:21:00.0706 3968 nvlddmkm (9f6ade7ec1d5480ad1ef370859b26d5a) C:\Windows\system32\DRIVERS

\nvlddmkm.sys
19:21:00.0926 3968 nvlddmkm - ok
19:21:01.0079 3968 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers

\nvraid.sys
19:21:01.0089 3968 nvraid - ok
19:21:01.0162 3968 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers

\nvstor.sys
19:21:01.0171 3968 nvstor - ok
19:21:01.0236 3968 nvsvc (628167d7e894807ef883a13e34172c3c) C:\Windows\system32\nvvsvc.exe
19:21:01.0241 3968 nvsvc - ok
19:21:01.0287 3968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers

\nv_agp.sys
19:21:01.0290 3968 nv_agp - ok
19:21:01.0303 3968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers

\ohci1394.sys
19:21:01.0306 3968 ohci1394 - ok
19:21:01.0387 3968 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common

Files\Microsoft Shared\Source Engine\OSE.EXE
19:21:01.0397 3968 ose - ok
19:21:01.0891 3968 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files

\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:21:01.0996 3968 osppsvc - ok
19:21:02.0148 3968 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows

\system32\pnrpsvc.dll
19:21:02.0154 3968 p2pimsvc - ok
19:21:02.0209 3968 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:21:02.0221 3968 p2psvc - ok
19:21:02.0289 3968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS

\parport.sys
19:21:02.0292 3968 Parport - ok
19:21:02.0347 3968 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers

\partmgr.sys
19:21:02.0349 3968 partmgr - ok
19:21:02.0395 3968 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:21:02.0398 3968 PcaSvc - ok
19:21:02.0439 3968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers

\pci.sys
19:21:02.0442 3968 pci - ok
19:21:02.0459 3968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers

\pciide.sys
19:21:02.0461 3968 pciide - ok
19:21:02.0515 3968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS

\pcmcia.sys
19:21:02.0529 3968 pcmcia - ok
19:21:02.0545 3968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers

\pcw.sys
19:21:02.0546 3968 pcw - ok
19:21:02.0613 3968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers

\peauth.sys
19:21:02.0620 3968 PEAUTH - ok
19:21:02.0722 3968 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows

\SysWow64\perfhost.exe
19:21:02.0725 3968 PerfHost - ok
19:21:02.0892 3968 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:21:02.0935 3968 pla - ok
19:21:03.0000 3968 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows

\system32\umpnpmgr.dll
19:21:03.0006 3968 PlugPlay - ok
19:21:03.0037 3968 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows

\system32\pnrpauto.dll
19:21:03.0041 3968 PNRPAutoReg - ok
19:21:03.0077 3968 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows

\system32\pnrpsvc.dll
19:21:03.0082 3968 PNRPsvc - ok
19:21:03.0147 3968 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows

\System32\ipsecsvc.dll
19:21:03.0165 3968 PolicyAgent - ok
19:21:03.0213 3968 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:21:03.0217 3968 Power - ok
19:21:03.0284 3968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS

\raspptp.sys
19:21:03.0287 3968 PptpMiniport - ok
19:21:03.0329 3968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS

\processr.sys
19:21:03.0332 3968 Processor - ok
19:21:03.0402 3968 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows

\system32\profsvc.dll
19:21:03.0406 3968 ProfSvc - ok
19:21:03.0446 3968 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:21:03.0448 3968 ProtectedStorage - ok
19:21:03.0501 3968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS

\pacer.sys
19:21:03.0503 3968 Psched - ok
19:21:03.0698 3968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS

\ql2300.sys
19:21:03.0736 3968 ql2300 - ok
19:21:03.0896 3968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS

\ql40xx.sys
19:21:03.0908 3968 ql40xx - ok
19:21:03.0956 3968 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:21:03.0970 3968 QWAVE - ok
19:21:03.0985 3968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers

\qwavedrv.sys
19:21:03.0987 3968 QWAVEdrv - ok
19:21:04.0003 3968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS

\rasacd.sys
19:21:04.0005 3968 RasAcd - ok
19:21:04.0048 3968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS

\AgileVpn.sys
19:21:04.0050 3968 RasAgileVpn - ok
19:21:04.0067 3968 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows

\System32\rasauto.dll
19:21:04.0071 3968 RasAuto - ok
19:21:04.0107 3968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS

\rasl2tp.sys
19:21:04.0110 3968 Rasl2tp - ok
19:21:04.0165 3968 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows

\System32\rasmans.dll
19:21:04.0184 3968 RasMan - ok
19:21:04.0217 3968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS

\raspppoe.sys
19:21:04.0219 3968 RasPppoe - ok
19:21:04.0256 3968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS

\rassstp.sys
19:21:04.0258 3968 RasSstp - ok
19:21:04.0310 3968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS

\rdbss.sys
19:21:04.0321 3968 rdbss - ok
19:21:04.0341 3968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS

\rdpbus.sys
19:21:04.0342 3968 rdpbus - ok
19:21:04.0360 3968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS

\RDPCDD.sys
19:21:04.0361 3968 RDPCDD - ok
19:21:04.0383 3968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers

\rdpencdd.sys
19:21:04.0384 3968 RDPENCDD - ok
19:21:04.0398 3968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers

\rdprefmp.sys
19:21:04.0399 3968 RDPREFMP - ok
19:21:04.0446 3968 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers

\RDPWD.sys
19:21:04.0453 3968 RDPWD - ok
19:21:04.0501 3968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers

\rdyboost.sys
19:21:04.0503 3968 rdyboost - ok
19:21:04.0546 3968 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:21:04.0549 3968 RemoteAccess - ok
19:21:04.0589 3968 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:21:04.0594 3968 RemoteRegistry - ok
19:21:04.0644 3968 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS

\rfcomm.sys
19:21:04.0654 3968 RFCOMM - ok
19:21:04.0687 3968 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows

\System32\RpcEpMap.dll
19:21:04.0690 3968 RpcEptMapper - ok
19:21:04.0716 3968 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows

\system32\locator.exe
19:21:04.0719 3968 RpcLocator - ok
19:21:04.0786 3968 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:21:04.0792 3968 RpcSs - ok
19:21:04.0833 3968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS

\rspndr.sys
19:21:04.0834 3968 rspndr - ok
19:21:04.0895 3968 RSUSBSTOR (ce2ef8030932b98832eb2f9580c5b1dd) C:\Windows\system32\Drivers

\RtsUStor.sys
19:21:04.0910 3968 RSUSBSTOR - ok
19:21:05.0052 3968 rtl8192se (a5986b46c4348cb35ebb98f220948df7) C:\Windows\system32\DRIVERS

\rtl8192se.sys
19:21:05.0082 3968 rtl8192se - ok
19:21:05.0113 3968 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:21:05.0115 3968 SamSs - ok
19:21:05.0238 3968 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files

\SUPERAntiSpyware\SASDIFSV64.SYS
19:21:05.0239 3968 SASDIFSV - ok
19:21:05.0270 3968 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files

\SUPERAntiSpyware\SASKUTIL64.SYS
19:21:05.0272 3968 SASKUTIL - ok
19:21:05.0315 3968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers

\sbp2port.sys
19:21:05.0318 3968 sbp2port - ok
19:21:05.0357 3968 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows

\System32\SCardSvr.dll
19:21:05.0365 3968 SCardSvr - ok
19:21:05.0392 3968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS

\scfilter.sys
19:21:05.0393 3968 scfilter - ok
19:21:05.0513 3968 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows

\system32\schedsvc.dll
19:21:05.0526 3968 Schedule - ok
19:21:05.0580 3968 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows

\System32\certprop.dll
19:21:05.0581 3968 SCPolicySvc - ok
19:21:05.0607 3968 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:21:05.0615 3968 SDRSVC - ok
19:21:05.0674 3968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers

\secdrv.sys
19:21:05.0675 3968 secdrv - ok
19:21:05.0702 3968 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows

\system32\seclogon.dll
19:21:05.0706 3968 seclogon - ok
19:21:05.0756 3968 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:21:05.0759 3968 SENS - ok
19:21:05.0771 3968 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows

\system32\sensrsvc.dll
19:21:05.0774 3968 SensrSvc - ok
19:21:05.0804 3968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS

\serenum.sys
19:21:05.0805 3968 Serenum - ok
19:21:05.0847 3968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS

\serial.sys
19:21:05.0850 3968 Serial - ok
19:21:05.0878 3968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS

\sermouse.sys
19:21:05.0880 3968 sermouse - ok
19:21:05.0930 3968 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows

\system32\sessenv.dll
19:21:05.0935 3968 SessionEnv - ok
19:21:05.0963 3968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers

\sffdisk.sys
19:21:05.0964 3968 sffdisk - ok
19:21:05.0990 3968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers

\sffp_mmc.sys
19:21:05.0991 3968 sffp_mmc - ok
19:21:06.0013 3968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers

\sffp_sd.sys
19:21:06.0015 3968 sffp_sd - ok
19:21:06.0051 3968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS

\sfloppy.sys
19:21:06.0053 3968 sfloppy - ok
19:21:06.0103 3968 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows

\System32\ipnathlp.dll
19:21:06.0120 3968 SharedAccess - ok
19:21:06.0181 3968 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows

\System32\shsvcs.dll
19:21:06.0187 3968 ShellHWDetection - ok
19:21:06.0213 3968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS

\SiSRaid2.sys
19:21:06.0215 3968 SiSRaid2 - ok
19:21:06.0239 3968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS

\sisraid4.sys
19:21:06.0241 3968 SiSRaid4 - ok
19:21:06.0355 3968 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype

\Updater\Updater.exe
19:21:06.0357 3968 SkypeUpdate - ok
19:21:06.0414 3968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS

\smb.sys
19:21:06.0416 3968 Smb - ok
19:21:06.0455 3968 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows

\System32\snmptrap.exe
19:21:06.0458 3968 SNMPTRAP - ok
19:21:06.0477 3968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers

\spldr.sys
19:21:06.0478 3968 spldr - ok
19:21:06.0553 3968 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows

\System32\spoolsv.exe
19:21:06.0560 3968 Spooler - ok
19:21:06.0857 3968 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:21:06.0944 3968 sppsvc - ok
19:21:07.0076 3968 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows

\system32\sppuinotify.dll
19:21:07.0080 3968 sppuinotify - ok
19:21:07.0161 3968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS

\srv.sys
19:21:07.0166 3968 srv - ok
19:21:07.0228 3968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS

\srv2.sys
19:21:07.0232 3968 srv2 - ok
19:21:07.0265 3968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS

\srvnet.sys
19:21:07.0267 3968 srvnet - ok
19:21:07.0324 3968 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows

\System32\ssdpsrv.dll
19:21:07.0343 3968 SSDPSRV - ok
19:21:07.0358 3968 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows

\system32\sstpsvc.dll
19:21:07.0361 3968 SstpSvc - ok
19:21:07.0402 3968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS

\stexstor.sys
19:21:07.0404 3968 stexstor - ok
19:21:07.0476 3968 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows

\System32\wiaservc.dll
19:21:07.0484 3968 stisvc - ok
19:21:07.0515 3968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers

\swenum.sys
19:21:07.0517 3968 swenum - ok
19:21:07.0602 3968 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:21:07.0622 3968 swprv - ok
19:21:07.0716 3968 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS

\SynTP.sys
19:21:07.0726 3968 SynTP - ok
19:21:07.0928 3968 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows

\system32\sysmain.dll
19:21:07.0945 3968 SysMain - ok
19:21:08.0083 3968 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows

\System32\TabSvc.dll
19:21:08.0096 3968 TabletInputService - ok
19:21:08.0138 3968 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows

\System32\tapisrv.dll
19:21:08.0157 3968 TapiSrv - ok
19:21:08.0188 3968 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:21:08.0190 3968 TBS - ok
19:21:08.0433 3968 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers

\tcpip.sys
19:21:08.0451 3968 Tcpip - ok
19:21:08.0754 3968 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS

\tcpip.sys
19:21:08.0772 3968 TCPIP6 - ok
19:21:08.0875 3968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers

\tcpipreg.sys
19:21:08.0876 3968 tcpipreg - ok
19:21:08.0906 3968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers

\tdpipe.sys
19:21:08.0908 3968 TDPIPE - ok
19:21:08.0942 3968 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers

\tdtcp.sys
19:21:08.0944 3968 TDTCP - ok
19:21:08.0985 3968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS

\tdx.sys
19:21:08.0987 3968 tdx - ok
19:21:09.0022 3968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers

\termdd.sys
19:21:09.0024 3968 TermDD - ok
19:21:09.0093 3968 TermService (2e648163254233755035b46dd7b89123) C:\Windows

\System32\termsrv.dll
19:21:09.0109 3968 TermService - ok
19:21:09.0143 3968 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows

\system32\themeservice.dll
19:21:09.0146 3968 Themes - ok
19:21:09.0180 3968 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:21:09.0182 3968 THREADORDER - ok
19:21:09.0213 3968 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:21:09.0216 3968 TrkWks - ok
19:21:09.0290 3968 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing

\TrustedInstaller.exe
19:21:09.0294 3968 TrustedInstaller - ok
19:21:09.0326 3968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS

\tssecsrv.sys
19:21:09.0328 3968 tssecsrv - ok
19:21:09.0376 3968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers

\tsusbflt.sys
19:21:09.0378 3968 TsUsbFlt - ok
19:21:09.0433 3968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS

\tunnel.sys
19:21:09.0436 3968 tunnel - ok
19:21:09.0458 3968 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS

\TurboB.sys
19:21:09.0459 3968 TurboB - ok
19:21:09.0520 3968 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel

\TurboBoost\TurboBoost.exe
19:21:09.0522 3968 TurboBoost - ok
19:21:09.0601 3968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS

\uagp35.sys
19:21:09.0603 3968 uagp35 - ok
19:21:09.0622 3968 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers

\UBHelper.sys
19:21:09.0624 3968 UBHelper - ok
19:21:09.0678 3968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS

\udfs.sys
19:21:09.0685 3968 udfs - ok
19:21:09.0724 3968 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows

\system32\UI0Detect.exe
19:21:09.0728 3968 UI0Detect - ok
19:21:09.0761 3968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers

\uliagpkx.sys
19:21:09.0763 3968 uliagpkx - ok
19:21:09.0779 3968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers

\umbus.sys
19:21:09.0781 3968 umbus - ok
19:21:09.0820 3968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS

\umpass.sys
19:21:09.0822 3968 UmPass - ok
19:21:10.0088 3968 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel

\Intel® Management Engine Components\UNS\UNS.exe
19:21:10.0105 3968 UNS - ok
19:21:10.0184 3968 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Gateway

\Gateway Updater\UpdaterService.exe
19:21:10.0186 3968 Updater Service - ok
19:21:10.0358 3968 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows

\System32\upnphost.dll
19:21:10.0365 3968 upnphost - ok
19:21:10.0446 3968 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers

\usbaapl64.sys
19:21:10.0447 3968 USBAAPL64 - ok
19:21:10.0483 3968 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers

\usbccgp.sys
19:21:10.0485 3968 usbccgp - ok
19:21:10.0524 3968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers

\usbcir.sys
19:21:10.0526 3968 usbcir - ok
19:21:10.0559 3968 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers

\usbehci.sys
19:21:10.0561 3968 usbehci - ok
19:21:10.0613 3968 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers

\usbhub.sys
19:21:10.0621 3968 usbhub - ok
19:21:10.0646 3968 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers

\usbohci.sys
19:21:10.0649 3968 usbohci - ok
19:21:10.0681 3968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS

\usbprint.sys
19:21:10.0683 3968 usbprint - ok
19:21:10.0719 3968 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS

\USBSTOR.SYS
19:21:10.0721 3968 USBSTOR - ok
19:21:10.0759 3968 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers

\usbuhci.sys
19:21:10.0761 3968 usbuhci - ok
19:21:10.0850 3968 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers

\usbvideo.sys
19:21:10.0866 3968 usbvideo - ok
19:21:10.0895 3968 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:21:10.0898 3968 UxSms - ok
19:21:10.0925 3968 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:21:10.0927 3968 VaultSvc - ok
19:21:10.0950 3968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers

\vdrvroot.sys
19:21:10.0951 3968 vdrvroot - ok
19:21:11.0023 3968 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:21:11.0040 3968 vds - ok
19:21:11.0081 3968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS

\vgapnp.sys
19:21:11.0083 3968 vga - ok
19:21:11.0104 3968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers

\vga.sys
19:21:11.0106 3968 VgaSave - ok
19:21:11.0153 3968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers

\vhdmp.sys
19:21:11.0170 3968 vhdmp - ok
19:21:11.0221 3968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers

\viaide.sys
19:21:11.0223 3968 viaide - ok
19:21:11.0251 3968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers

\volmgr.sys
19:21:11.0252 3968 volmgr - ok
19:21:11.0309 3968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers

\volmgrx.sys
19:21:11.0313 3968 volmgrx - ok
19:21:11.0359 3968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers

\volsnap.sys
19:21:11.0362 3968 volsnap - ok
19:21:11.0465 3968 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS

\vsdatant.sys
19:21:11.0470 3968 Vsdatant - ok
19:21:11.0536 3968 vsmon - ok
19:21:11.0591 3968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS

\vsmraid.sys
19:21:11.0594 3968 vsmraid - ok
19:21:11.0793 3968 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:21:11.0838 3968 VSS - ok
19:21:12.0080 3968 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files

(x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
19:21:12.0089 3968 vToolbarUpdater11.1.0 - ok
19:21:12.0239 3968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS

\vwifibus.sys
19:21:12.0241 3968 vwifibus - ok
19:21:12.0276 3968 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS

\vwififlt.sys
19:21:12.0278 3968 vwififlt - ok
19:21:12.0345 3968 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows

\system32\w32time.dll
19:21:12.0372 3968 W32Time - ok
19:21:12.0399 3968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS

\wacompen.sys
19:21:12.0401 3968 WacomPen - ok
19:21:12.0443 3968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS

\wanarp.sys
19:21:12.0446 3968 WANARP - ok
19:21:12.0450 3968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS

\wanarp.sys
19:21:12.0452 3968 Wanarpv6 - ok
19:21:12.0605 3968 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat

\WatAdminSvc.exe
19:21:12.0640 3968 WatAdminSvc - ok
19:21:12.0821 3968 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows

\system32\wbengine.exe
19:21:12.0862 3968 wbengine - ok
19:21:13.0026 3968 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows

\System32\wbiosrvc.dll
19:21:13.0043 3968 WbioSrvc - ok
19:21:13.0106 3968 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows

\System32\wcncsvc.dll
19:21:13.0123 3968 wcncsvc - ok
19:21:13.0137 3968 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows

\System32\WcsPlugInService.dll
19:21:13.0141 3968 WcsPlugInService - ok
19:21:13.0200 3968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS

\wd.sys
19:21:13.0202 3968 Wd - ok
19:21:13.0283 3968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers

\Wdf01000.sys
19:21:13.0290 3968 Wdf01000 - ok
19:21:13.0334 3968 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:21:13.0339 3968 WdiServiceHost - ok
19:21:13.0345 3968 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:21:13.0348 3968 WdiSystemHost - ok
19:21:13.0393 3968 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows

\System32\webclnt.dll
19:21:13.0407 3968 WebClient - ok
19:21:13.0437 3968 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:21:13.0443 3968 Wecsvc - ok
19:21:13.0464 3968 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows

\System32\wercplsupport.dll
19:21:13.0468 3968 wercplsupport - ok
19:21:13.0498 3968 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:21:13.0501 3968 WerSvc - ok
19:21:13.0562 3968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS

\wfplwf.sys
19:21:13.0564 3968 WfpLwf - ok
19:21:13.0588 3968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers

\wimmount.sys
19:21:13.0589 3968 WIMMount - ok
19:21:13.0638 3968 WinDefend - ok
19:21:13.0647 3968 WinHttpAutoProxySvc - ok
19:21:13.0758 3968 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem

\WMIsvc.dll
19:21:13.0761 3968 Winmgmt - ok
19:21:13.0959 3968 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:21:14.0004 3968 WinRM - ok
19:21:14.0236 3968 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows

\System32\wlansvc.dll
19:21:14.0247 3968 Wlansvc - ok
19:21:14.0301 3968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers

\wmiacpi.sys
19:21:14.0302 3968 WmiAcpi - ok
19:21:14.0391 3968 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem

\WmiApSrv.exe
19:21:14.0397 3968 wmiApSrv - ok
19:21:14.0448 3968 WMPNetworkSvc - ok
19:21:14.0489 3968 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:21:14.0493 3968 WPCSvc - ok
19:21:14.0530 3968 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows

\system32\wpdbusenum.dll
19:21:14.0543 3968 WPDBusEnum - ok
19:21:14.0571 3968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers

\ws2ifsl.sys
19:21:14.0572 3968 ws2ifsl - ok
19:21:14.0610 3968 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:21:14.0615 3968 wscsvc - ok
19:21:14.0619 3968 WSearch - ok
19:21:14.0869 3968 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows

\system32\wuaueng.dll
19:21:14.0929 3968 wuauserv - ok
19:21:15.0084 3968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers

\WudfPf.sys
19:21:15.0086 3968 WudfPf - ok
19:21:15.0120 3968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS

\WUDFRd.sys
19:21:15.0130 3968 WUDFRd - ok
19:21:15.0155 3968 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows

\System32\WUDFSvc.dll
19:21:15.0158 3968 wudfsvc - ok
19:21:15.0215 3968 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows

\System32\wwansvc.dll
19:21:15.0230 3968 WwanSvc - ok
19:21:15.0267 3968 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:21:15.0662 3968 \Device\Harddisk0\DR0 - ok
19:21:15.0667 3968 Boot (0x1200) (ce4593ef1dc9a8b93a66c38c6990ebc5) \Device

\Harddisk0\DR0\Partition0
19:21:15.0669 3968 \Device\Harddisk0\DR0\Partition0 - ok
19:21:15.0708 3968 Boot (0x1200) (857b730bfd0e853fbc4c60e1466e0284) \Device

\Harddisk0\DR0\Partition1
19:21:15.0711 3968 \Device\Harddisk0\DR0\Partition1 - ok
19:21:15.0711 3968 ============================================================
19:21:15.0711 3968 Scan finished
19:21:15.0711 3968 ============================================================
19:21:15.0721 5136 Detected object count: 0
19:21:15.0721 5136 Actual detected object count: 0

--------------------------------------------------------------------------------------------------------------------------


C:\Users\KS\AppData\Local\Temp\SetupDataMngr_BearShare.exe a variant of Win32/Toolbar.SearchSuite application
C:\Users\KS\AppData\Local\Temp\uttEF1.tmp Win32/OpenCandy application
C:\Users\KS\Desktop\Kevs Harddrive\Music\Software\AutoCAD 2008.zip a variant of Win32/Keygen.BT application
C:\Users\KS\Desktop\Kevs Harddrive\Music\Software\Microsoft Office 2007 - Enterprise Edition_keygen_included.rar Win32/IRCBot.ADN trojan


-----------------------------------------------------------------------------------------------------------------------------------

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:07 PM

Posted 30 May 2012 - 03:16 PM

I suspect you do torrent downloads and P2p sharing. It appears there was a Key generator installed .. So I have to say this.

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hattricknz

hattricknz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 06 June 2012 - 05:46 AM

Thanks for that. I forgot all that stuff was there as that hasn't been used in years. I got rid of all that the best I could and then ran ESET again and came up with the following:

C:\$Recycle.Bin\S-1-5-21-2684684423-307724796-3963157818-1001\$R7BRNXW.rar Win32/IRCBot.ADN trojan deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-2684684423-307724796-3963157818-1001\$R9J2SPW.zip a variant of Win32/Keygen.BT application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-2684684423-307724796-3963157818-1001\$RKNVPS3.exe a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-2684684423-307724796-3963157818-1001\$RVY3EQE.tmp Win32/OpenCandy application cleaned by deleting - quarantined


I then ran it again and it came up with zero. But I am still seeing the text enhance symptoms. Any other ideas?

Thanks

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:07 PM

Posted 06 June 2012 - 01:32 PM

Ok, from the ESET log it shows a IRCbot,and another keygen..

We have 2 choices.. The Bot is a back door..

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.



Tp clean...We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic (tiled IRCBOT) explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users