Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My laptop's got infected. Please Help!


  • This topic is locked This topic is locked
16 replies to this topic

#1 greenp

greenp

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 18 November 2012 - 02:10 PM

Hi,

This is my first post here after I saw the great work you guys are doing. I am having quite a bad virus/malware problem I think. I am having redirects at random websites taking me to stupid search-engines, slow computer and browsing experience, online videos not playing smoothly. I think something called findgala and searchvzz has something to do behind all of this. At times, I get pop-up titled 'recommendations for you' at few sites in the bottom right corner of my screen. My K7 Antivirus Premium and Malwarebytes does not detect any infection. I even tried scanning after running Rkill.exe but still no detection.

I run on Windows 7 Ultimate AMD Anthlon Processor 32 bit OS. The windows experience index is a poor 3.0

Please help me!

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 18 November 2012 - 03:27 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 greenp

greenp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 19 November 2012 - 07:34 AM

Hi,

Thanks for the reply.

I tried installing OTL to the desktop from Chrome browser but it does not download. I get this message "Cannot save due to insufficient permissions. Please save to another location."

Did manage to install aswMBR somehow to desktop. Below is the log.



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-19 17:55:31
-----------------------------
17:55:31.046 OS Version: Windows 6.1.7600
17:55:31.046 Number of processors: 1 586 0x603
17:55:31.046 ComputerName: ASUS-PC UserName: asus
17:55:33.105 Initialize success
17:56:05.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:56:05.232 Disk 0 Vendor: WDC_WD3200BEVT-80A0RT1 01.01A01 Size: 305245MB BusType: 11
17:56:05.247 Disk 0 MBR read successfully
17:56:05.247 Disk 0 MBR scan
17:56:05.247 Disk 0 Windows 7 default MBR code
17:56:05.278 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:56:05.294 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 57900 MB offset 206848
17:56:05.310 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 120000 MB offset 118786048
17:56:05.341 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 127243 MB offset 364546048
17:56:05.341 Disk 0 scanning sectors +625139712
17:56:05.419 Disk 0 scanning C:\Windows\system32\drivers
17:56:15.309 Service scanning
17:57:15.042 Service volsnap C:\Windows\system32\DRIVERS\volsnap.sys **LOCKED** 32
17:57:22.904 Modules scanning
17:58:07.224 Disk 0 trace - called modules:
17:58:07.239 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86c621ed]<<
17:58:07.239 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b46ac8]
17:58:07.255 3 CLASSPNP.SYS[8ca6459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86b47030]
17:58:07.255 \Driver\atapi[0x85d663f0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86c621ed
17:58:07.255 Scan finished successfully
17:59:06.660 Disk 0 MBR has been saved successfully to "C:\Users\asus\Desktop\MBR.dat"
17:59:06.675 The log file has been saved successfully to "C:\Users\asus\Desktop\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 19 November 2012 - 12:32 PM

Try saving OTL to your downloads folder (or anywhere else for that matter) and see if it will save and run.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 greenp

greenp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 19 November 2012 - 12:35 PM

Yes, it gets saved in other folders. But not in the desktop.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 19 November 2012 - 12:39 PM

OK, it doesn't really matter where it is (we tell folks to put it on the desktop for convenience). Go ahead and run it from whichever location you have it saved to.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 greenp

greenp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 19 November 2012 - 01:11 PM

I downloaded it to the downloads folders and have run the scan.

Also, I got a pop up from my K7 Anti-Virus while downloading which said -
HIGH SECURITY RISK FOUND
OBJECT: C:\USERS/ASUS/DOWNLOADS/2F17.TMP
RISK: FOUND THE RISKWARE (B7A972F10)
ACTION ACCESS DENIED


OTL logfile created on: 11/19/2012 11:28:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\asus\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.75% Memory free
5.44 Gb Paging File | 4.07 Gb Available in Paging File | 74.82% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 56.54 Gb Total Space | 2.40 Gb Free Space | 4.24% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 4.35 Gb Free Space | 3.71% Space Free | Partition Type: NTFS
Drive E: | 124.26 Gb Total Space | 0.30 Gb Free Space | 0.24% Space Free | Partition Type: NTFS

Computer Name: ASUS-PC | User Name: asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/19 23:27:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asus\Downloads\OTL.exe
PRC - [2012/11/02 01:15:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/18 11:50:16 | 000,150,656 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\k7emlpxy.exe
PRC - [2012/09/14 18:35:38 | 000,239,744 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\k7fwsrvc.exe
PRC - [2012/09/04 17:27:14 | 000,218,984 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\k7tsmngr.exe
PRC - [2012/08/16 12:11:56 | 000,203,904 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\k7rtscan.exe
PRC - [2012/08/07 12:15:04 | 000,160,896 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\k7tsecurity.exe
PRC - [2012/07/12 00:24:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/07/03 17:51:44 | 000,040,136 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2012/05/25 00:09:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/06 07:46:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/04/06 07:45:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/12/21 19:46:54 | 000,262,752 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe
PRC - [2011/11/05 17:20:19 | 000,072,800 | ---- | M] (K7 Computing Pvt Ltd) -- C:\Program Files\K7 Computing\K7TSecurity\K7SysMon.Exe
PRC - [2011/07/16 10:01:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/07/13 09:38:14 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2011/06/22 20:32:18 | 000,135,168 | ---- | M] () -- C:\ProgramData\ChgService.exe
PRC - [2010/08/06 17:44:52 | 000,093,184 | ---- | M] () -- C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe
PRC - [2010/06/29 15:31:56 | 001,241,520 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/05/06 16:13:32 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
PRC - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\AMD\Reservation Manager\AMD Reservation Manager.exe
PRC - [2009/10/31 11:15:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/11 11:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/07/14 06:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/03 17:51:44 | 000,040,136 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
MOD - [2012/07/03 17:51:42 | 000,627,400 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
MOD - [2012/07/03 17:48:16 | 000,046,592 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WebParser.dll
MOD - [2012/07/03 17:47:04 | 000,026,624 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\InputText.dll
MOD - [2011/11/01 21:33:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010/08/06 17:44:52 | 000,093,184 | ---- | M] () -- C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe


========== Services (SafeList) ==========

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/18 11:50:16 | 000,150,656 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\k7emlpxy.exe -- (K7EmlPxy)
SRV - [2012/09/14 18:35:38 | 000,239,744 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\k7fwsrvc.exe -- (K7FWSrvc)
SRV - [2012/09/04 17:27:14 | 000,218,984 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\k7tsmngr.exe -- (K7TSMngr)
SRV - [2012/08/16 12:11:56 | 000,203,904 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\k7rtscan.exe -- (K7RTScan)
SRV - [2012/07/14 05:47:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/12 00:24:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/04/06 07:45:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/21 19:46:54 | 000,262,752 | ---- | M] (K7 Computing Pvt Ltd) [Auto | Running] -- C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe -- (K7CrvSvc)
SRV - [2011/06/22 20:32:18 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\ChgService.exe -- (Change Modem Device Service)
SRV - [2011/03/27 03:01:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe -- (AMD FusionUtility Service)
SRV - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\AMD\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009/08/18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbwwan.sys -- (ewusbmbb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\AMD\System Monitor\atillk64.sys -- (atillk64)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\asus\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\asus\AppData\Local\Temp\35040623\32761.sys -- (32761)
DRV - [2012/09/18 11:19:38 | 000,087,648 | ---- | M] (K7 Computing Pvt Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\K7FWHlpr.sys -- (K7FWHlpr)
DRV - [2012/08/17 18:27:00 | 001,078,112 | ---- | M] (K7 Computing Pvt Ltd) [File_System | Boot | Running] -- C:\Windows\System32\drivers\K7Sentry.sys -- (K7Sentry)
DRV - [2012/04/06 10:51:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/06 06:40:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/23 18:01:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/07/22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/21 13:13:04 | 000,110,080 | ---- | M] (Wireless Device) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmntusbser.sys -- (cmntusbser)
DRV - [2011/02/09 15:03:00 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/07/30 09:23:14 | 000,135,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\u302mdm.sys -- (u302mdm)
DRV - [2010/07/30 09:23:14 | 000,129,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\u302mgmt.sys -- (u302mgmt)
DRV - [2010/07/30 09:23:14 | 000,119,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\u302bus.sys -- (u302bus)
DRV - [2010/07/30 09:23:14 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\u302mdfl.sys -- (u302mdfl)
DRV - [2010/05/10 14:58:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/20 14:59:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 06:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 06:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 06:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 05:22:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 05:21:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 04:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 04:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/05/05 19:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481730

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14200
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 6F 0F ED 4E 35 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {92dd07ab-ab7f-424d-aa58-452f1b6815d5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {ED15ABC6-7E4D-48E4-BDB2-C19EF6E6752D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14197&src=crm&q={searchTerms}&locale=&apn_ptnrs=FN&apn_dtid=TES002YYIN&apn_uid=dd10e363-732f-41db-ad46-57d3f2cf1789&apn_sauid=2ED2CCAB-EEDB-4615-AC34-557007F26F22
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481730
IE - HKCU\..\SearchScopes\{ED15ABC6-7E4D-48E4-BDB2-C19EF6E6752D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=14200"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823
FF - prefs.js..extensions.enabledAddons: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.0.2
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14197&locale=en_US&apn_uid=dd10e363-732f-41db-ad46-57d3f2cf1789&apn_ptnrs=FN&apn_sauid=2ED2CCAB-EEDB-4615-AC34-557007F26F22&apn_dtid=TES002YYIN&&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\asus\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\asus\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\asus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\asus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/18 01:24:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/25 13:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\Mozilla\Extensions
[2012/10/13 18:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\flcxpcm1.default\extensions
[2012/02/19 11:16:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\flcxpcm1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/24 21:18:40 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\flcxpcm1.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012/10/13 18:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\flcxpcm1.default\extensions\staged
[2011/01/28 14:46:54 | 001,836,982 | ---- | M] () (No name found) -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\flcxpcm1.default\extensions\FreeVideoConverter_EN.xpi
[2012/06/09 03:06:05 | 000,002,324 | ---- | M] () -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\flcxpcm1.default\searchplugins\askcom.xml
[2011/03/21 15:12:42 | 000,000,863 | ---- | M] () -- C:\Users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\flcxpcm1.default\searchplugins\conduit.xml
[2012/08/18 21:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/14 05:47:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 05:46:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 05:46:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.ask.com/?l=dis&o=14200cr
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.ask.com/?l=dis&o=14200cr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\asus\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\asus\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\asus\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Disabled) = C:\Users\asus\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Disabled) = C:\Users\asus\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.6 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Multimedia Plug-in (Disabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - Extension: Angry Birds = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Pearltrees Extension = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgngjfgpahnnncnimlhjgjhdajmaeeoa\6.0.5_0\
CHR - Extension: BlueTog = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cajjfgajofjnfcinmjcflkgdgcaomibm\1.0.5_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Alexa Traffic Rank = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.1_0\
CHR - Extension: Screen Capture (by Google) = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\
CHR - Extension: NoFollow = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogidghaigoomjdeacndafapdijmiid\3.3.5_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: Mozbar = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp\2.3_0\
CHR - Extension: iSEO - SEO Tool for Chrome = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbkdfielojbemjihiefhbfdcpgdfdfn\2.4.1_0\
CHR - Extension: WebRank SEO = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhilblbmkdnapffblmecglknalglfji\3.3.2_0\
CHR - Extension: Plants vs Zombies = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Flash Player = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbndbmhlpjbikpjdgoplkjbiinhbemcg\11_0\
CHR - Extension: WiseStamp - Email Signatures for GMail, Google Apps and more = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg\3.11.24.200_0\
CHR - Extension: Cacoo - Diagramming & Real-Time Collaboration = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcflmbddgcmomcfngehfhlajjapabojh\1.1.12_0\
CHR - Extension: Psykopaint = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Flipora = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnagdekkpnnffafcfhlhgjfpoojfmmgk\1.0.4_0\
CHR - Extension: Canvas Rider = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2011/01/27 15:00:57 | 000,001,211 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {92DD07AB-AB7F-424D-AA58-452F1B6815D5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [K7TSStart] C:\Program Files\K7 Computing\K7TSecurity\k7tsecurity.exe (K7 Computing Pvt Ltd)
O4 - HKLM..\Run: [LiveUpdate] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [MCtlSuc] C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe ()
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D48A34D-78EF-4AC3-9C72-37F3F61FDB02}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD5A7DBF-92C8-4718-BAB2-09CDC627E2F5}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/29 13:45:06 | 000,000,142 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (K7TSDbg)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/11/19 17:53:54 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\asus\Desktop\aswMBR.exe
[2012/11/18 02:45:44 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\asus\Desktop\rkill.exe
[2012/11/18 02:25:47 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\SUPERAntiSpyware.com
[2012/11/18 02:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/11/18 02:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/11/18 02:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

========== Files - Modified Within 30 Days ==========

[2012/11/19 23:18:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/19 23:11:18 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/19 23:11:18 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/19 23:10:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2653292046-3111716209-237568885-1000UA.job
[2012/11/19 18:25:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7bb491ea-9bcd-4c7d-896d-13299c58d532.job
[2012/11/19 17:59:06 | 000,000,512 | ---- | M] () -- C:\Users\asus\Desktop\MBR.dat
[2012/11/19 17:54:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\asus\Desktop\aswMBR.exe
[2012/11/19 15:18:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/19 14:11:39 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/11/19 14:11:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/19 14:11:03 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/19 02:59:51 | 000,710,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/19 02:59:51 | 000,140,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/19 02:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b3350738-82c8-40ef-adb3-11963a44a0b0.job
[2012/11/18 14:10:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2653292046-3111716209-237568885-1000Core.job
[2012/11/18 02:46:20 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\asus\Desktop\rkill.exe
[2012/11/18 02:24:57 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/11/02 00:50:19 | 002,154,324 | ---- | M] () -- C:\Users\asus\Documents\5.jpg
[2012/11/02 00:39:31 | 000,717,504 | ---- | M] () -- C:\Users\asus\Documents\4.jpg
[2012/10/27 12:02:02 | 000,202,291 | ---- | M] () -- C:\Users\asus\Desktop\Viki Todi.jpg

========== Files Created - No Company Name ==========

[2012/11/19 17:59:06 | 000,000,512 | ---- | C] () -- C:\Users\asus\Desktop\MBR.dat
[2012/11/18 02:25:51 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7bb491ea-9bcd-4c7d-896d-13299c58d532.job
[2012/11/18 02:25:50 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b3350738-82c8-40ef-adb3-11963a44a0b0.job
[2012/11/18 02:24:57 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/11/02 00:50:15 | 002,154,324 | ---- | C] () -- C:\Users\asus\Documents\5.jpg
[2012/11/02 00:39:28 | 000,717,504 | ---- | C] () -- C:\Users\asus\Documents\4.jpg
[2012/10/27 12:02:30 | 000,202,291 | ---- | C] () -- C:\Users\asus\Desktop\Viki Todi.jpg
[2012/08/27 01:33:19 | 000,135,168 | ---- | C] () -- C:\ProgramData\ChgService.exe
[2012/08/24 21:49:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/08/19 00:08:47 | 000,453,107 | ---- | C] () -- C:\Users\asus\.websiteauditor.properties
[2012/08/15 03:37:54 | 000,182,852 | ---- | C] () -- C:\Users\asus\.spyglass.properties
[2012/08/15 03:14:31 | 000,152,045 | ---- | C] () -- C:\Users\asus\.ranktracker.properties
[2012/08/01 17:38:49 | 000,027,486 | ---- | C] () -- C:\Users\asus\links.html
[2012/08/01 17:38:49 | 000,023,140 | ---- | C] () -- C:\Users\asus\my-category.html
[2012/06/04 19:57:29 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2012/06/02 13:41:56 | 000,005,120 | ---- | C] () -- C:\Users\asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/17 04:17:52 | 000,022,240 | ---- | C] () -- C:\Users\asus\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/04/06 06:51:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/04/06 06:51:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/04/05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/01/11 02:40:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/13 03:36:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/06/25 00:10:28 | 000,007,609 | ---- | C] () -- C:\Users\asus\AppData\Local\Resmon.ResmonCfg
[2011/06/05 02:12:05 | 000,045,286 | ---- | C] () -- C:\Users\asus\AppData\Roaming\room_v3.dat
[2011/04/19 13:59:16 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/04/17 19:33:56 | 000,046,742 | ---- | C] () -- C:\Users\asus\AppData\Roaming\room.dat
[2011/04/15 17:01:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/08 00:48:26 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~34201352r
[2011/04/08 00:48:25 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~34201352
[2011/04/08 00:47:48 | 000,000,336 | -H-- | C] () -- C:\ProgramData\34201352
[2011/03/30 00:40:52 | 000,005,100 | -H-- | C] () -- C:\ProgramData\hvcatrnw.tht
[2011/03/29 22:08:16 | 000,005,061 | -H-- | C] () -- C:\ProgramData\jdhdxjyu.jga
[2011/03/25 16:02:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/25 16:01:29 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe
[2011/03/25 16:01:29 | 000,025,616 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2011/03/25 16:01:10 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2011/03/25 15:55:40 | 000,004,692 | R--- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2011/03/25 15:55:40 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/03/25 15:52:24 | 000,028,728 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/03/25 15:51:49 | 000,019,024 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 19:33:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D74B6CF5

< End of report >


OTL Extras logfile created on: 11/19/2012 11:28:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\asus\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.75% Memory free
5.44 Gb Paging File | 4.07 Gb Available in Paging File | 74.82% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 56.54 Gb Total Space | 2.40 Gb Free Space | 4.24% Space Free | Partition Type: NTFS
Drive D: | 117.19 Gb Total Space | 4.35 Gb Free Space | 3.71% Space Free | Partition Type: NTFS
Drive E: | 124.26 Gb Total Space | 0.30 Gb Free Space | 0.24% Space Free | Partition Type: NTFS

Computer Name: ASUS-PC | User Name: asus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe"
https [open] -- "C:\Program Files\Opera\opera.exe"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3065E2-66F9-45CC-B63E-B3F850D99004}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{207BE7A3-D5B9-4892-8359-2FA4840E39D5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A7519C6-52A0-4EA0-93E8-BF4EA1BA9694}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2C743786-985B-491B-904D-7EDFE589A003}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{402A2ED1-4D76-4E45-AF2D-AD1AAA8D46CC}" = lport=445 | protocol=6 | dir=in | app=system |
"{42E065FF-E50F-4AEB-8B0C-994A7DF88FCD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{49117611-929B-4190-AC67-4880CEC1952B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60D5A1F2-3245-4B2B-B32C-A2BCEE1651DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{644AF54A-E4E2-457D-8192-4442660E8CF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6AF9CCF7-49E0-4575-9940-6B7502EBAF71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D03DC3D-6FBB-45F0-9EF1-893DCCE6A9C5}" = rport=137 | protocol=17 | dir=out | app=system |
"{6FC9ACB0-664D-4989-9675-C3CC813D3FE0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{714784BF-169D-4AEE-AE8C-EB06740B24F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7209CDD3-0F80-45F3-BEB7-A93A21458FEE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{72B88795-8B88-4892-BB69-A26AEE61B59F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{754CA3F5-9704-4557-8D7F-2CAD72D8A42E}" = rport=445 | protocol=6 | dir=out | app=system |
"{89831F22-1D61-4937-9D76-386E65772C51}" = rport=138 | protocol=17 | dir=out | app=system |
"{8FEBF80A-1AC2-4636-9991-113225B0F7D7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{954B281A-B242-4C4E-B15B-C56611259FD3}" = lport=138 | protocol=17 | dir=in | app=system |
"{96EA156B-9804-48A7-9913-75C3F2BB2EBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99C8087C-FC3C-4FC3-86BF-611290DC77B0}" = lport=139 | protocol=6 | dir=in | app=system |
"{A083921D-719F-4136-BEFF-7503A1A3EB6F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AE5BEF34-0259-4A75-BC31-FF82BAB2F4F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B07A7059-C6B3-475B-8279-DB8C810E008F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B73073E7-939E-40AC-AFC9-EC92E527324E}" = rport=2869 | protocol=6 | dir=out | app=system |
"{BF175087-247F-4880-A8BE-A26FEEBA9948}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C3DCC724-B3D8-4812-9FB1-521AE51DC056}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C3F1DD49-AC45-4EB1-98F0-7FE7386E6623}" = lport=137 | protocol=17 | dir=in | app=system |
"{CE1E3F3E-8B35-4A84-A56A-6990A7AE3C83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD87D750-76B1-46B3-AB1E-61C212964D3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E5BFB068-CE16-4DA8-842A-8F92F434689B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7648507-7802-4150-BE5C-A4FDBD1B5D20}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{EA104F20-6772-4304-813A-350AECF78C4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB8F4593-8A3F-4FDB-BF7F-DF28A2661D1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED4098E8-24FE-4C65-A872-C26795725278}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F12E09F1-9658-4E8F-9059-408EEA9DD90A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1C7C9AB-8BC7-416D-B6BB-CA6B79DC84AE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F5894FAC-112D-4B9E-969E-0547CD53C227}" = rport=139 | protocol=6 | dir=out | app=system |
"{F6F437F7-4F10-47D6-9CC7-0461AC2656F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDB92978-C253-4D32-A8BB-5ABA8A64E2BB}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011CB86D-AA24-4691-9B71-E4F2E8788B0F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{05F520A8-1701-4949-AAF7-9FF4150F755D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{169457E0-95E0-4BF8-8F37-99F4ADD79800}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B21A976-EBCD-4DC9-ACD4-68B2E988A2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BD9E943-4729-4BA6-A6CE-041C2F9D3AFF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{329D0B9A-248F-402B-8930-3641525B004E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{359772A6-6B64-417C-80AA-4402E6DDD1A5}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{39BC0C5A-72B6-49E2-925C-7328F9235C0C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43CBB70D-488C-4A29-8711-FB226A977843}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{470D86F8-B64F-4839-A05C-B2B21CCDA364}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FD3125A-0D8B-408A-A5FE-BFC809ED8ED5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6BEA7A0F-9344-4839-A27C-3679F130424A}" = protocol=6 | dir=out | app=system |
"{71E74862-7D5A-4BED-971F-49877685D6AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AB553D3-962B-4AFC-9965-8715FE4A75FD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E0EE9BD-D07C-4176-B1CA-1A63062E294D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{83B27AB4-F0E9-4A3D-A2E4-1AF1A7680355}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{93E759D2-5780-4D49-A3D0-6714BD92CD9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A01CD10B-5DA7-4CB8-B8B0-15E75DBCD042}" = dir=out | app=%programfiles%\frostwire\frostwire.exe |
"{A1AFA4FF-7A66-4556-98C4-4CD59B91395C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC399ECF-6782-46B7-B76F-7C0DCA97328A}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{ADD6868C-973B-410B-A28D-6D23BC18888E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{CD28BA5F-ACED-445A-A74A-EF4E1AB4C451}" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe |
"{DD00C143-899B-47D2-9314-426A4EDE97CA}" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe |
"{DDDC95FB-7443-4D9D-9182-FCD9D0BAC30F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E34C8467-525C-44FB-8634-4C93FF12F47F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E6C4FC07-9A30-45F7-81AA-796BA07AF83C}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{EA2D8A6E-8A8A-4BB0-AABC-03A2D0D5775F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE9F7927-E3E3-4261-BA6C-33B2323C78D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F95DEE44-C5AF-4922-9062-DF3B100A7C1E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{1FB2C2C8-9C55-46D8-BA98-1F693CE7E377}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{254E4EB0-B5D5-4015-916E-A57A69DB5B6A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{2C333FD6-9054-4873-8E8A-B94D0635A3B1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{3C2195F4-0631-4597-AFA4-2A7E68FC4490}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{858A8B67-FC5E-44E8-A1CC-374427247EE2}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{8D1A48FD-E6B6-419C-9C1C-EC0A3F346FD5}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{B69EB4D3-A879-4CC8-90C1-7B124656D37A}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{EF4ECE92-42DB-4DED-99F3-4C1C3453E272}C:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FD64EFE7-4159-4AAF-A090-E24151DBFFB8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{00044934-5C02-454F-9E5C-3A9B2715823B}C:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\asus\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1F6B7D9F-63EB-4BDA-92F7-ECBEF7C1C4E0}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{2E2958DE-ACA1-4030-A1A2-7814DE666C44}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{5FA71C73-A445-4144-A89F-227327BEB8F3}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{63EC7A67-E66E-49D0-90EB-6ED0159A2618}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{927F1610-631F-455F-9328-F1671A206092}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{BD5A856F-91A9-4872-A804-D8DAEF17EEC5}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{C6BCE627-A5F7-4568-9938-5E1EEA0AF45E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{DBE3C37D-2A30-43BC-8D46-B46FBA292542}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06924979-89C7-47A9-B4ED-9D2EE9A9941C}" = Update Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1" = NEF to JPG
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2DFC31C7-8C15-4185-94A8-843943E8B569}" = BSNL 3G
"{2E9CBC83-B021-4118-8BB9-40FFF1179C3C}" = AMD Fusion Utility
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{44543AC5-8B55-F65B-4C94-989CD8D4D2B2}" = Balsamiq Mockups For Desktop
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{51216487-9A5D-4A0E-882E-50FEC6132C16}" = HSPADataCard Software Package
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CAA69CD-9C1B-5604-B14B-8FAC2BC5E228}" = Catalyst Control Center InstallProxy
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{624D63F7-BE19-6147-376A-581DA8B7A216}" = AMD Media Foundation Decoders
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718B4425-80EA-4F64-A05C-48285CE63F73}" = AMD System Monitor
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{7EFBE3EE-3EC2-96F4-560C-E56E65F2183C}" = AMD Accelerated Video Transcoding
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}" = HP Deskjet 1000 J110 series Basic Device Software
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FE641E1B-387D-963C-E13B-C23240B8F2DC}" = AMD Catalyst Install Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AntiPlagiarist_is1" = AntiPlagiarist 2.7
"A-PDF Text Extractor_is1" = A-PDF Text Extractor 1.4
"AviSynth" = AviSynth 2.5
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Desktop Plagiarism Checker_is1" = Desktop Plagiarism Checker version 1.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.95
"FrostWire 5" = FrostWire 5.3.6
"iMagic Tour Reservation_is1" = iMagic Tour Reservation 1.26
"K7AntiVirus Premium" = K7AntiVirus Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MMX310G 3G USB Manager Normal Version_is1" = MMX310G 3G USB Manager version 5.471
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Rainmeter" = Rainmeter
"seopowersuite" = SEO PowerSuite
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.4
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.2
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
"Freenet" = Freenet
"Google Chrome" = Google Chrome
"oDVT" = oDesk Team

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/5/2012 4:57:09 AM | Computer Name = asus-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 6/5/2012 4:57:09 AM | Computer Name = asus-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 6/5/2012 4:57:15 AM | Computer Name = asus-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 6/5/2012 4:57:15 AM | Computer Name = asus-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 6/5/2012 4:57:15 AM | Computer Name = asus-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 6/5/2012 4:57:15 AM | Computer Name = asus-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 6/5/2012 4:57:15 AM | Computer Name = asus-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 6/5/2012 5:05:57 AM | Computer Name = asus-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bccb3 Faulting module name: RPCRT4.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdade Exception code: 0xc0020043 Fault offset: 0x00060c93 Faulting
process id: 0x640 Faulting application start time: 0x01cd42f92384ef17 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\RPCRT4.dll
Report
Id: a8fe1573-aeed-11e1-bb33-74f06dbf7157

Error - 6/5/2012 5:08:04 AM | Computer Name = asus-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bccb3 Faulting module name: RPCRT4.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdade Exception code: 0xc0020043 Fault offset: 0x00060c93 Faulting
process id: 0x15a0 Faulting application start time: 0x01cd42fa87ef90fa Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\RPCRT4.dll
Report
Id: f493b355-aeed-11e1-bb33-74f06dbf7157

Error - 6/5/2012 6:44:47 AM | Computer Name = asus-PC | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 5/28/2011 12:39:58 PM | Computer Name = asus-PC | Source = MCUpdate | ID = 0
Description = 10:09:56 PM - Error connecting to the internet. 10:09:56 PM - Unable
to contact server..

Error - 5/28/2011 1:40:04 PM | Computer Name = asus-PC | Source = MCUpdate | ID = 0
Description = 11:10:04 PM - Error connecting to the internet. 11:10:04 PM - Unable
to contact server..

Error - 5/28/2011 1:40:11 PM | Computer Name = asus-PC | Source = MCUpdate | ID = 0
Description = 11:10:09 PM - Error connecting to the internet. 11:10:09 PM - Unable
to contact server..

Error - 5/28/2011 9:54:02 PM | Computer Name = asus-PC | Source = MCUpdate | ID = 0
Description = 7:24:02 AM - Error connecting to the internet. 7:24:02 AM - Unable
to contact server..

Error - 5/28/2011 9:54:17 PM | Computer Name = asus-PC | Source = MCUpdate | ID = 0
Description = 7:24:08 AM - Error connecting to the internet. 7:24:08 AM - Unable
to contact server..

Error - 1/25/2012 3:50:03 AM | Computer Name = asus-PC | Source = MCUpdate | ID = 0
Description = 1:19:47 PM - Error connecting to the internet. 1:19:47 PM - Unable
to contact server..

Error - 1/28/2012 10:44:42 AM | Computer Name = asus-PC | Source = MCUpdate | ID = 0
Description = 8:14:42 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 4/2/2012 10:54:45 AM | Computer Name = asus-PC | Source = MCUpdate | ID = 0
Description = 8:24:44 PM - Error connecting to the internet. 8:24:44 PM - Unable
to contact server..

Error - 5/26/2012 5:06:43 AM | Computer Name = asus-PC | Source = MCUpdate | ID = 0
Description = 2:36:43 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 8/19/2012 9:38:26 AM | Computer Name = asus-PC | Source = MCUpdate | ID = 0
Description = 7:08:25 PM - Error connecting to the internet. 7:08:25 PM - Unable
to contact server..

[ OSession Events ]
Error - 12/23/2011 5:48:33 AM | Computer Name = asus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 887
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/16/2012 5:28:03 AM | Computer Name = asus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2733
seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/6/2012 6:04:37 AM | Computer Name = asus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5775
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/18/2012 5:56:00 PM | Computer Name = asus-PC | Source = ipnathlp | ID = 31004
Description =

Error - 11/19/2012 3:38:42 AM | Computer Name = asus-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 11/19/2012 3:38:48 AM | Computer Name = asus-PC | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 11/19/2012 3:38:59 AM | Computer Name = asus-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 11/19/2012 4:30:22 AM | Computer Name = asus-PC | Source = ipnathlp | ID = 31004
Description =

Error - 11/19/2012 4:30:25 AM | Computer Name = asus-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AD5A7DBF-92C8-4718-BAB2-09CDC627E2F5}
because another computer on the network has the same name. The server could not
start.

Error - 11/19/2012 4:41:08 AM | Computer Name = asus-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:08:56 PM on ?11/?19/?2012 was unexpected.

Error - 11/19/2012 4:41:08 AM | Computer Name = asus-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 11/19/2012 4:41:14 AM | Computer Name = asus-PC | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 11/19/2012 4:41:33 AM | Computer Name = asus-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 19 November 2012 - 05:41 PM

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:890CC2F3
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:56E2E879
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D74B6CF5
    :Commands
    [EmptyTemp]
    [ResetHosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • OTL Fix log
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 greenp

greenp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 20 November 2012 - 03:29 AM

Hi,

I have run OTL and TDSSKiller. Combofix did not run. A black black screen pops up when I tried to run Combofix and then it disappears soon enough. Below is the log of OTL and TDSS.

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:890CC2F3 deleted successfully.
ADS C:\ProgramData\TEMP:56E2E879 deleted successfully.
ADS C:\ProgramData\TEMP:D74B6CF5 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: asus
->Temp folder emptied: 14014750 bytes
->Temporary Internet Files folder emptied: 59884411 bytes
->Java cache emptied: 4599263 bytes
->FireFox cache emptied: 40931462 bytes
->Google Chrome cache emptied: 159400016 bytes
->Opera cache emptied: 629532 bytes
->Flash cache emptied: 98770 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 184230310 bytes
RecycleBin emptied: 54208315 bytes

Total Files Cleaned = 494.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 11202012_133749

Files\Folders moved on Reboot...
C:\Windows\temp\HS.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





13:47:11.0694 4508 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:47:12.0802 4508 ============================================================
13:47:12.0802 4508 Current date / time: 2012/11/20 13:47:12.0802
13:47:12.0802 4508 SystemInfo:
13:47:12.0802 4508
13:47:12.0802 4508 OS Version: 6.1.7600 ServicePack: 0.0
13:47:12.0802 4508 Product type: Workstation
13:47:12.0802 4508 ComputerName: ASUS-PC
13:47:12.0802 4508 UserName: asus
13:47:12.0802 4508 Windows directory: C:\Windows
13:47:12.0802 4508 System windows directory: C:\Windows
13:47:12.0802 4508 Processor architecture: Intel x86
13:47:12.0802 4508 Number of processors: 1
13:47:12.0802 4508 Page size: 0x1000
13:47:12.0802 4508 Boot type: Normal boot
13:47:12.0802 4508 ============================================================
13:47:14.0393 4508 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:47:14.0393 4508 ============================================================
13:47:14.0393 4508 \Device\Harddisk0\DR0:
13:47:14.0393 4508 MBR partitions:
13:47:14.0393 4508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:47:14.0393 4508 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7116000
13:47:14.0393 4508 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7148800, BlocksNum 0xEA60000
13:47:14.0393 4508 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x15BA8800, BlocksNum 0xF885800
13:47:14.0393 4508 ============================================================
13:47:14.0424 4508 C: <-> \Device\Harddisk0\DR0\Partition2
13:47:14.0471 4508 D: <-> \Device\Harddisk0\DR0\Partition3
13:47:14.0518 4508 E: <-> \Device\Harddisk0\DR0\Partition4
13:47:14.0518 4508 ============================================================
13:47:14.0518 4508 Initialize success
13:47:14.0518 4508 ============================================================
13:48:20.0406 4812 ============================================================
13:48:20.0406 4812 Scan started
13:48:20.0406 4812 Mode: Manual; TDLFS;
13:48:20.0406 4812 ============================================================
13:48:23.0479 4812 ================ Scan system memory ========================
13:48:23.0479 4812 System memory - ok
13:48:23.0479 4812 ================ Scan services =============================
13:48:23.0604 4812 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:48:23.0604 4812 !SASCORE - ok
13:48:23.0978 4812 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:48:23.0994 4812 1394ohci - ok
13:48:24.0103 4812 32761 - ok
13:48:24.0212 4812 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
13:48:24.0212 4812 ACPI - ok
13:48:24.0290 4812 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
13:48:24.0290 4812 AcpiPmi - ok
13:48:24.0337 4812 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:48:24.0368 4812 adp94xx - ok
13:48:24.0446 4812 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:48:24.0446 4812 adpahci - ok
13:48:24.0493 4812 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:48:24.0493 4812 adpu320 - ok
13:48:24.0540 4812 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:48:24.0540 4812 AeLookupSvc - ok
13:48:24.0571 4812 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
13:48:24.0586 4812 AFD - ok
13:48:24.0602 4812 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
13:48:24.0618 4812 agp440 - ok
13:48:24.0649 4812 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:48:24.0649 4812 aic78xx - ok
13:48:24.0711 4812 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:48:24.0711 4812 ALG - ok
13:48:24.0727 4812 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
13:48:24.0727 4812 aliide - ok
13:48:24.0820 4812 [ 50EBBB86E493BD9AB7DDF914A90EEF8E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:48:24.0820 4812 AMD External Events Utility - ok
13:48:25.0086 4812 [ 72893D5E805CC0A721DAC0102329F94E ] AMD FusionUtility Service C:\Program Files\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
13:48:25.0086 4812 AMD FusionUtility Service - ok
13:48:25.0179 4812 [ ED5188382E64F860E0DFD32B2F1F259C ] AMD Reservation Manager C:\Program Files\AMD\Reservation Manager\AMD Reservation Manager.exe
13:48:25.0195 4812 AMD Reservation Manager - ok
13:48:25.0226 4812 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
13:48:25.0226 4812 amdagp - ok
13:48:25.0257 4812 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
13:48:25.0257 4812 amdide - ok
13:48:25.0304 4812 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
13:48:25.0304 4812 amdiox86 - ok
13:48:25.0335 4812 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:48:25.0335 4812 AmdK8 - ok
13:48:25.0694 4812 [ 70EB74785AB7FC603FEF19D87B7A7946 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:48:25.0928 4812 amdkmdag - ok
13:48:26.0006 4812 [ BA99833BBDE9C4FF389FC8114FB14843 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:48:26.0006 4812 amdkmdap - ok
13:48:26.0068 4812 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:48:26.0068 4812 AmdPPM - ok
13:48:26.0115 4812 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
13:48:26.0115 4812 amdsata - ok
13:48:26.0146 4812 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:48:26.0146 4812 amdsbs - ok
13:48:26.0178 4812 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
13:48:26.0178 4812 amdxata - ok
13:48:26.0224 4812 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
13:48:26.0224 4812 AppID - ok
13:48:26.0256 4812 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:48:26.0256 4812 AppIDSvc - ok
13:48:26.0302 4812 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
13:48:26.0302 4812 Appinfo - ok
13:48:26.0349 4812 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
13:48:26.0349 4812 AppMgmt - ok
13:48:26.0396 4812 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:48:26.0412 4812 arc - ok
13:48:26.0427 4812 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:48:26.0427 4812 arcsas - ok
13:48:26.0568 4812 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:48:26.0568 4812 aspnet_state - ok
13:48:26.0614 4812 [ A9A565C669786C402752F609AFDD0DD5 ] AsUpIO C:\Windows\system32\drivers\AsUpIO.sys
13:48:26.0614 4812 AsUpIO - ok
13:48:26.0677 4812 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
13:48:26.0677 4812 AsusService - ok
13:48:26.0724 4812 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:48:26.0724 4812 AsyncMac - ok
13:48:26.0755 4812 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
13:48:26.0755 4812 atapi - ok
13:48:26.0848 4812 [ 6ADC42CF4A6AB84975CA63DCCFAAF5D8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
13:48:26.0848 4812 AtiHDAudioService - ok
13:48:26.0911 4812 atillk64 - ok
13:48:26.0989 4812 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
13:48:26.0989 4812 AtiPcie - ok
13:48:27.0067 4812 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:48:27.0082 4812 AudioEndpointBuilder - ok
13:48:27.0098 4812 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:48:27.0114 4812 Audiosrv - ok
13:48:27.0160 4812 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:48:27.0160 4812 AxInstSV - ok
13:48:27.0207 4812 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:48:27.0223 4812 b06bdrv - ok
13:48:27.0270 4812 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:48:27.0285 4812 b57nd60x - ok
13:48:27.0753 4812 [ 2BE0F23D494C301641C42EAD2FDCD4F2 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
13:48:27.0784 4812 BCM43XX - ok
13:48:27.0862 4812 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:48:27.0862 4812 BDESVC - ok
13:48:27.0909 4812 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:48:27.0909 4812 Beep - ok
13:48:28.0003 4812 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
13:48:28.0018 4812 BFE - ok
13:48:28.0128 4812 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
13:48:28.0143 4812 BITS - ok
13:48:28.0190 4812 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:48:28.0190 4812 blbdrive - ok
13:48:28.0237 4812 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:48:28.0237 4812 bowser - ok
13:48:28.0268 4812 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:48:28.0268 4812 BrFiltLo - ok
13:48:28.0299 4812 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:48:28.0299 4812 BrFiltUp - ok
13:48:28.0330 4812 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
13:48:28.0330 4812 Browser - ok
13:48:28.0440 4812 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:48:28.0455 4812 Brserid - ok
13:48:28.0486 4812 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:48:28.0486 4812 BrSerWdm - ok
13:48:28.0518 4812 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:48:28.0518 4812 BrUsbMdm - ok
13:48:28.0533 4812 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:48:28.0533 4812 BrUsbSer - ok
13:48:28.0596 4812 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
13:48:28.0596 4812 BthEnum - ok
13:48:28.0611 4812 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:48:28.0611 4812 BTHMODEM - ok
13:48:28.0674 4812 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:48:28.0689 4812 BthPan - ok
13:48:28.0752 4812 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
13:48:28.0767 4812 BTHPORT - ok
13:48:28.0814 4812 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:48:28.0814 4812 bthserv - ok
13:48:28.0845 4812 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:48:28.0845 4812 BTHUSB - ok
13:48:28.0876 4812 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:48:28.0876 4812 cdfs - ok
13:48:28.0939 4812 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:48:28.0939 4812 cdrom - ok
13:48:29.0001 4812 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
13:48:29.0001 4812 CertPropSvc - ok
13:48:29.0079 4812 [ F992154D735C90D1E72EDB3382DB9DE0 ] Change Modem Device Service C:\ProgramData\ChgService.exe
13:48:29.0079 4812 Change Modem Device Service - ok
13:48:29.0110 4812 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:48:29.0126 4812 circlass - ok
13:48:29.0251 4812 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:48:29.0266 4812 CLFS - ok
13:48:29.0344 4812 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:48:29.0344 4812 clr_optimization_v2.0.50727_32 - ok
13:48:29.0422 4812 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:48:29.0422 4812 clr_optimization_v4.0.30319_32 - ok
13:48:29.0500 4812 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:48:29.0500 4812 CmBatt - ok
13:48:29.0547 4812 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
13:48:29.0563 4812 cmdide - ok
13:48:29.0625 4812 [ AB261285B134CC32DB437066BC619A24 ] cmntusbser C:\Windows\system32\DRIVERS\cmntusbser.sys
13:48:29.0641 4812 cmntusbser - ok
13:48:29.0766 4812 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
13:48:29.0781 4812 CNG - ok
13:48:29.0812 4812 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:48:29.0812 4812 Compbatt - ok
13:48:29.0844 4812 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:48:29.0844 4812 CompositeBus - ok
13:48:29.0875 4812 COMSysApp - ok
13:48:29.0906 4812 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:48:29.0906 4812 crcdisk - ok
13:48:29.0968 4812 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:48:29.0968 4812 CryptSvc - ok
13:48:30.0000 4812 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
13:48:30.0000 4812 CSC - ok
13:48:30.0187 4812 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
13:48:30.0187 4812 CscService - ok
13:48:30.0249 4812 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
13:48:30.0249 4812 DcomLaunch - ok
13:48:30.0405 4812 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:48:30.0405 4812 defragsvc - ok
13:48:30.0452 4812 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:48:30.0452 4812 DfsC - ok
13:48:30.0514 4812 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:48:30.0514 4812 Dhcp - ok
13:48:30.0561 4812 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:48:30.0561 4812 discache - ok
13:48:30.0592 4812 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:48:30.0592 4812 Disk - ok
13:48:30.0639 4812 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:48:30.0655 4812 Dnscache - ok
13:48:30.0670 4812 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
13:48:30.0670 4812 dot3svc - ok
13:48:30.0686 4812 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
13:48:30.0702 4812 DPS - ok
13:48:30.0748 4812 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:48:30.0748 4812 drmkaud - ok
13:48:30.0795 4812 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:48:30.0795 4812 DXGKrnl - ok
13:48:30.0842 4812 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:48:30.0842 4812 EapHost - ok
13:48:31.0279 4812 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:48:31.0357 4812 ebdrv - ok
13:48:31.0435 4812 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
13:48:31.0435 4812 EFS - ok
13:48:31.0825 4812 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:48:31.0825 4812 ehRecvr - ok
13:48:31.0887 4812 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:48:31.0887 4812 ehSched - ok
13:48:31.0950 4812 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:48:31.0965 4812 elxstor - ok
13:48:31.0981 4812 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
13:48:31.0981 4812 ErrDev - ok
13:48:32.0043 4812 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:48:32.0043 4812 EventSystem - ok
13:48:32.0074 4812 ewusbmbb - ok
13:48:32.0121 4812 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:48:32.0121 4812 exfat - ok
13:48:32.0168 4812 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:48:32.0168 4812 fastfat - ok
13:48:32.0230 4812 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
13:48:32.0230 4812 Fax - ok
13:48:32.0262 4812 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:48:32.0262 4812 fdc - ok
13:48:32.0308 4812 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:48:32.0308 4812 fdPHost - ok
13:48:32.0340 4812 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:48:32.0340 4812 FDResPub - ok
13:48:32.0386 4812 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:48:32.0386 4812 FileInfo - ok
13:48:32.0418 4812 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:48:32.0418 4812 Filetrace - ok
13:48:32.0449 4812 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:48:32.0449 4812 flpydisk - ok
13:48:32.0480 4812 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:48:32.0480 4812 FltMgr - ok
13:48:32.0558 4812 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
13:48:32.0589 4812 FontCache - ok
13:48:32.0683 4812 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:48:32.0683 4812 FontCache3.0.0.0 - ok
13:48:32.0730 4812 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:48:32.0730 4812 FsDepends - ok
13:48:32.0761 4812 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:48:32.0761 4812 Fs_Rec - ok
13:48:32.0808 4812 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:48:32.0808 4812 fvevol - ok
13:48:32.0854 4812 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:48:32.0854 4812 gagp30kx - ok
13:48:32.0886 4812 GGSAFERDriver - ok
13:48:32.0948 4812 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
13:48:32.0948 4812 gpsvc - ok
13:48:33.0135 4812 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:48:33.0135 4812 gupdate - ok
13:48:33.0260 4812 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:48:33.0260 4812 gupdatem - ok
13:48:33.0307 4812 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:48:33.0322 4812 hcw85cir - ok
13:48:33.0681 4812 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:48:33.0681 4812 HdAudAddService - ok
13:48:33.0744 4812 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:48:33.0759 4812 HDAudBus - ok
13:48:33.0806 4812 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:48:33.0806 4812 HidBatt - ok
13:48:33.0837 4812 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:48:33.0853 4812 HidBth - ok
13:48:33.0915 4812 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:48:33.0915 4812 HidIr - ok
13:48:33.0946 4812 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
13:48:33.0962 4812 hidserv - ok
13:48:33.0993 4812 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:48:33.0993 4812 HidUsb - ok
13:48:34.0056 4812 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:48:34.0056 4812 hkmsvc - ok
13:48:34.0102 4812 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:48:34.0102 4812 HomeGroupListener - ok
13:48:34.0149 4812 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:48:34.0149 4812 HomeGroupProvider - ok
13:48:34.0196 4812 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
13:48:34.0196 4812 HpSAMD - ok
13:48:34.0243 4812 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:48:34.0258 4812 HTTP - ok
13:48:34.0290 4812 huawei_enumerator - ok
13:48:34.0352 4812 hwdatacard - ok
13:48:34.0368 4812 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:48:34.0368 4812 hwpolicy - ok
13:48:34.0477 4812 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:48:34.0492 4812 i8042prt - ok
13:48:34.0555 4812 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
13:48:34.0555 4812 iaStorV - ok
13:48:34.0633 4812 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:48:34.0633 4812 idsvc - ok
13:48:34.0680 4812 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:48:34.0680 4812 iirsp - ok
13:48:34.0742 4812 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
13:48:34.0742 4812 IKEEXT - ok
13:48:34.0929 4812 [ ACEC5BBEE4AA34D74BE0E2E512CC2026 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:48:34.0960 4812 IntcAzAudAddService - ok
13:48:34.0976 4812 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:48:34.0976 4812 intelide - ok
13:48:35.0023 4812 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:48:35.0023 4812 intelppm - ok
13:48:35.0070 4812 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:48:35.0070 4812 IPBusEnum - ok
13:48:35.0116 4812 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:48:35.0132 4812 iphlpsvc - ok
13:48:35.0163 4812 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:48:35.0163 4812 IPMIDRV - ok
13:48:35.0241 4812 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:48:35.0241 4812 IPNAT - ok
13:48:35.0288 4812 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:48:35.0288 4812 IRENUM - ok
13:48:35.0319 4812 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
13:48:35.0319 4812 isapnp - ok
13:48:35.0350 4812 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:48:35.0350 4812 iScsiPrt - ok
13:48:35.0475 4812 [ 790385B5D3BC420551FA6969E5A50103 ] K7CrvSvc C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe
13:48:35.0475 4812 K7CrvSvc - ok
13:48:35.0553 4812 [ 4387EFE4FE8AFEC6CA947E294C6DE7F5 ] K7EmlPxy C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe
13:48:35.0553 4812 K7EmlPxy - ok
13:48:35.0600 4812 [ 5E2C97D9ABFEBE0FCDD2027623989E87 ] K7FWHlpr C:\Windows\system32\drivers\K7FWHlpr.sys
13:48:35.0600 4812 K7FWHlpr - ok
13:48:35.0662 4812 [ E1B0535FEFF8DAFAE38248C349943733 ] K7FWSrvc C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe
13:48:35.0662 4812 K7FWSrvc - ok
13:48:35.0725 4812 [ 03E3CFA8BB39D1D3340BDCCCC7428FE3 ] K7RTScan C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe
13:48:35.0740 4812 K7RTScan - ok
13:48:35.0943 4812 [ FE50D081C3AC64AF8CC1DD45CF49E587 ] K7Sentry C:\Windows\system32\drivers\K7Sentry.sys
13:48:35.0959 4812 K7Sentry - ok
13:48:36.0037 4812 [ C5B6F7230567B44805A0FB09E496215E ] K7TSMngr C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe
13:48:36.0037 4812 K7TSMngr - ok
13:48:36.0099 4812 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:48:36.0115 4812 kbdclass - ok
13:48:36.0177 4812 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:48:36.0177 4812 kbdhid - ok
13:48:36.0240 4812 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
13:48:36.0240 4812 kbfiltr - ok
13:48:36.0271 4812 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
13:48:36.0271 4812 KeyIso - ok
13:48:36.0302 4812 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:48:36.0302 4812 KSecDD - ok
13:48:36.0333 4812 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:48:36.0333 4812 KSecPkg - ok
13:48:36.0380 4812 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:48:36.0396 4812 KtmRm - ok
13:48:36.0442 4812 [ D1F734D9A7AAF078D88CEB51900699A7 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
13:48:36.0442 4812 L1C - ok
13:48:36.0505 4812 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
13:48:36.0520 4812 LanmanServer - ok
13:48:36.0583 4812 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:48:36.0598 4812 LanmanWorkstation - ok
13:48:36.0676 4812 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:48:36.0692 4812 lltdio - ok
13:48:36.0754 4812 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:48:36.0754 4812 lltdsvc - ok
13:48:36.0801 4812 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:48:36.0801 4812 lmhosts - ok
13:48:36.0848 4812 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:48:36.0848 4812 LSI_FC - ok
13:48:36.0895 4812 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:48:36.0895 4812 LSI_SAS - ok
13:48:36.0910 4812 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:48:36.0910 4812 LSI_SAS2 - ok
13:48:36.0942 4812 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:48:36.0942 4812 LSI_SCSI - ok
13:48:36.0988 4812 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:48:36.0988 4812 luafv - ok
13:48:37.0035 4812 MBAMProtector - ok
13:48:37.0160 4812 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:48:37.0160 4812 MBAMScheduler - ok
13:48:37.0222 4812 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:48:37.0222 4812 MBAMService - ok
13:48:37.0285 4812 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:48:37.0285 4812 Mcx2Svc - ok
13:48:37.0332 4812 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:48:37.0332 4812 megasas - ok
13:48:37.0363 4812 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:48:37.0363 4812 MegaSR - ok
13:48:37.0441 4812 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:48:37.0441 4812 Microsoft Office Groove Audit Service - ok
13:48:37.0503 4812 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:48:37.0503 4812 MMCSS - ok
13:48:37.0566 4812 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:48:37.0566 4812 Modem - ok
13:48:37.0597 4812 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:48:37.0597 4812 monitor - ok
13:48:37.0628 4812 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:48:37.0644 4812 mouclass - ok
13:48:37.0659 4812 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:48:37.0659 4812 mouhid - ok
13:48:37.0690 4812 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:48:37.0690 4812 mountmgr - ok
13:48:37.0768 4812 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:48:37.0768 4812 MozillaMaintenance - ok
13:48:37.0800 4812 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
13:48:37.0800 4812 mpio - ok
13:48:37.0846 4812 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:48:37.0846 4812 mpsdrv - ok
13:48:37.0956 4812 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
13:48:37.0971 4812 MpsSvc - ok
13:48:38.0018 4812 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:48:38.0018 4812 MRxDAV - ok
13:48:38.0080 4812 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:48:38.0080 4812 mrxsmb - ok
13:48:38.0158 4812 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:48:38.0158 4812 mrxsmb10 - ok
13:48:38.0221 4812 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:48:38.0221 4812 mrxsmb20 - ok
13:48:38.0252 4812 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
13:48:38.0252 4812 msahci - ok
13:48:38.0299 4812 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
13:48:38.0299 4812 msdsm - ok
13:48:38.0330 4812 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:48:38.0330 4812 MSDTC - ok
13:48:38.0377 4812 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:48:38.0377 4812 Msfs - ok
13:48:38.0392 4812 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:48:38.0392 4812 mshidkmdf - ok
13:48:38.0408 4812 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
13:48:38.0408 4812 msisadrv - ok
13:48:38.0439 4812 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:48:38.0439 4812 MSiSCSI - ok
13:48:38.0455 4812 msiserver - ok
13:48:38.0502 4812 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:48:38.0502 4812 MSKSSRV - ok
13:48:38.0533 4812 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:48:38.0533 4812 MSPCLOCK - ok
13:48:38.0564 4812 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:48:38.0564 4812 MSPQM - ok
13:48:38.0626 4812 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:48:38.0626 4812 MsRPC - ok
13:48:38.0673 4812 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:48:38.0673 4812 mssmbios - ok
13:48:38.0829 4812 MSSQL$SQLEXPRESS - ok
13:48:38.0970 4812 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:48:38.0970 4812 MSSQLServerADHelper - ok
13:48:39.0001 4812 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:48:39.0001 4812 MSTEE - ok
13:48:39.0048 4812 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:48:39.0048 4812 MTConfig - ok
13:48:39.0063 4812 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:48:39.0063 4812 Mup - ok
13:48:39.0110 4812 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
13:48:39.0126 4812 napagent - ok
13:48:39.0157 4812 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:48:39.0172 4812 NativeWifiP - ok
13:48:39.0219 4812 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:48:39.0235 4812 NDIS - ok
13:48:39.0266 4812 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:48:39.0266 4812 NdisCap - ok
13:48:39.0313 4812 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:48:39.0313 4812 NdisTapi - ok
13:48:39.0344 4812 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:48:39.0344 4812 Ndisuio - ok
13:48:39.0375 4812 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:48:39.0375 4812 NdisWan - ok
13:48:39.0391 4812 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:48:39.0406 4812 NDProxy - ok
13:48:39.0438 4812 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:48:39.0438 4812 NetBIOS - ok
13:48:39.0453 4812 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:48:39.0469 4812 NetBT - ok
13:48:39.0484 4812 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
13:48:39.0484 4812 Netlogon - ok
13:48:39.0547 4812 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:48:39.0547 4812 Netman - ok
13:48:39.0594 4812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:48:39.0594 4812 NetMsmqActivator - ok
13:48:39.0609 4812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:48:39.0609 4812 NetPipeActivator - ok
13:48:39.0687 4812 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:48:39.0703 4812 netprofm - ok
13:48:39.0718 4812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:48:39.0718 4812 NetTcpActivator - ok
13:48:39.0734 4812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:48:39.0734 4812 NetTcpPortSharing - ok
13:48:39.0781 4812 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:48:39.0781 4812 nfrd960 - ok
13:48:39.0812 4812 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
13:48:39.0812 4812 NlaSvc - ok
13:48:39.0828 4812 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:48:39.0828 4812 Npfs - ok
13:48:39.0843 4812 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:48:39.0859 4812 nsi - ok
13:48:39.0874 4812 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:48:39.0874 4812 nsiproxy - ok
13:48:39.0952 4812 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:48:39.0984 4812 Ntfs - ok
13:48:40.0030 4812 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:48:40.0030 4812 Null - ok
13:48:40.0062 4812 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
13:48:40.0062 4812 nvraid - ok
13:48:40.0108 4812 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
13:48:40.0124 4812 nvstor - ok
13:48:40.0140 4812 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
13:48:40.0155 4812 nv_agp - ok
13:48:40.0327 4812 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:48:40.0327 4812 odserv - ok
13:48:40.0374 4812 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:48:40.0389 4812 ohci1394 - ok
13:48:40.0452 4812 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:48:40.0467 4812 ose - ok
13:48:40.0530 4812 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:48:40.0545 4812 p2pimsvc - ok
13:48:40.0576 4812 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:48:40.0576 4812 p2psvc - ok
13:48:40.0608 4812 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:48:40.0608 4812 Parport - ok
13:48:40.0623 4812 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:48:40.0623 4812 partmgr - ok
13:48:40.0639 4812 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:48:40.0639 4812 Parvdm - ok
13:48:40.0670 4812 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:48:40.0670 4812 PcaSvc - ok
13:48:40.0717 4812 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
13:48:40.0717 4812 pci - ok
13:48:40.0748 4812 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
13:48:40.0748 4812 pciide - ok
13:48:40.0779 4812 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:48:40.0779 4812 pcmcia - ok
13:48:40.0795 4812 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:48:40.0795 4812 pcw - ok
13:48:40.0826 4812 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:48:40.0842 4812 PEAUTH - ok
13:48:40.0920 4812 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:48:40.0966 4812 PeerDistSvc - ok
13:48:41.0169 4812 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
13:48:41.0200 4812 pla - ok
13:48:41.0278 4812 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:48:41.0278 4812 PlugPlay - ok
13:48:41.0325 4812 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:48:41.0325 4812 PNRPAutoReg - ok
13:48:41.0356 4812 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:48:41.0356 4812 PNRPsvc - ok
13:48:41.0403 4812 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:48:41.0419 4812 PolicyAgent - ok
13:48:41.0450 4812 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
13:48:41.0466 4812 Power - ok
13:48:41.0512 4812 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:48:41.0512 4812 PptpMiniport - ok
13:48:41.0544 4812 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:48:41.0559 4812 Processor - ok
13:48:41.0606 4812 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
13:48:41.0606 4812 ProfSvc - ok
13:48:41.0622 4812 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:48:41.0622 4812 ProtectedStorage - ok
13:48:41.0653 4812 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:48:41.0653 4812 Psched - ok
13:48:41.0793 4812 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:48:41.0887 4812 ql2300 - ok
13:48:41.0902 4812 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:48:41.0902 4812 ql40xx - ok
13:48:41.0934 4812 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:48:41.0949 4812 QWAVE - ok
13:48:41.0965 4812 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:48:41.0965 4812 QWAVEdrv - ok
13:48:41.0996 4812 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:48:41.0996 4812 RasAcd - ok
13:48:42.0043 4812 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:48:42.0043 4812 RasAgileVpn - ok
13:48:42.0074 4812 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:48:42.0074 4812 RasAuto - ok
13:48:42.0090 4812 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:48:42.0105 4812 Rasl2tp - ok
13:48:42.0152 4812 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
13:48:42.0152 4812 RasMan - ok
13:48:42.0168 4812 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:48:42.0183 4812 RasPppoe - ok
13:48:42.0214 4812 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:48:42.0214 4812 RasSstp - ok
13:48:42.0246 4812 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:48:42.0246 4812 rdbss - ok
13:48:42.0261 4812 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:48:42.0261 4812 rdpbus - ok
13:48:42.0292 4812 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:48:42.0292 4812 RDPCDD - ok
13:48:42.0324 4812 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:48:42.0324 4812 RDPDR - ok
13:48:42.0370 4812 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:48:42.0370 4812 RDPENCDD - ok
13:48:42.0402 4812 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:48:42.0402 4812 RDPREFMP - ok
13:48:42.0433 4812 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:48:42.0433 4812 RDPWD - ok
13:48:42.0480 4812 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:48:42.0480 4812 rdyboost - ok
13:48:42.0526 4812 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:48:42.0542 4812 RemoteAccess - ok
13:48:42.0573 4812 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:48:42.0589 4812 RemoteRegistry - ok
13:48:42.0636 4812 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:48:42.0636 4812 RFCOMM - ok
13:48:42.0682 4812 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:48:42.0682 4812 RpcEptMapper - ok
13:48:42.0729 4812 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:48:42.0729 4812 RpcLocator - ok
13:48:42.0760 4812 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
13:48:42.0760 4812 RpcSs - ok
13:48:42.0823 4812 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:48:42.0823 4812 rspndr - ok
13:48:42.0854 4812 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
13:48:42.0854 4812 s3cap - ok
13:48:42.0885 4812 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
13:48:42.0885 4812 SamSs - ok
13:48:42.0963 4812 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:48:42.0963 4812 SASDIFSV - ok
13:48:43.0010 4812 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:48:43.0026 4812 SASKUTIL - ok
13:48:43.0057 4812 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
13:48:43.0057 4812 sbp2port - ok
13:48:43.0104 4812 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:48:43.0104 4812 SCardSvr - ok
13:48:43.0119 4812 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:48:43.0119 4812 scfilter - ok
13:48:43.0182 4812 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
13:48:43.0197 4812 Schedule - ok
13:48:43.0228 4812 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:48:43.0228 4812 SCPolicySvc - ok
13:48:43.0275 4812 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:48:43.0275 4812 SDRSVC - ok
13:48:43.0306 4812 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:48:43.0306 4812 secdrv - ok
13:48:43.0322 4812 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:48:43.0322 4812 seclogon - ok
13:48:43.0353 4812 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
13:48:43.0369 4812 SENS - ok
13:48:43.0384 4812 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:48:43.0384 4812 SensrSvc - ok
13:48:43.0416 4812 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:48:43.0416 4812 Serenum - ok
13:48:43.0462 4812 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:48:43.0462 4812 Serial - ok
13:48:43.0494 4812 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:48:43.0509 4812 sermouse - ok
13:48:43.0556 4812 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
13:48:43.0556 4812 SessionEnv - ok
13:48:43.0587 4812 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
13:48:43.0587 4812 sffdisk - ok
13:48:43.0603 4812 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:48:43.0603 4812 sffp_mmc - ok
13:48:43.0634 4812 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
13:48:43.0634 4812 sffp_sd - ok
13:48:43.0665 4812 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:48:43.0665 4812 sfloppy - ok
13:48:43.0712 4812 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:48:43.0712 4812 SharedAccess - ok
13:48:43.0759 4812 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:48:43.0774 4812 ShellHWDetection - ok
13:48:43.0806 4812 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
13:48:43.0806 4812 sisagp - ok
13:48:43.0837 4812 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:48:43.0852 4812 SiSRaid2 - ok
13:48:43.0868 4812 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:48:43.0868 4812 SiSRaid4 - ok
13:48:43.0915 4812 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:48:43.0915 4812 Smb - ok
13:48:43.0977 4812 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:48:43.0977 4812 SNMPTRAP - ok
13:48:43.0993 4812 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:48:43.0993 4812 spldr - ok
13:48:44.0040 4812 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
13:48:44.0040 4812 Spooler - ok
13:48:44.0149 4812 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
13:48:44.0180 4812 sppsvc - ok
13:48:44.0227 4812 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:48:44.0227 4812 sppuinotify - ok
13:48:44.0289 4812 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:48:44.0289 4812 SQLBrowser - ok
13:48:44.0336 4812 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:48:44.0336 4812 SQLWriter - ok
13:48:44.0383 4812 [ 4A9B0F215DE2519E2363F91DF25C1E97 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:48:44.0383 4812 srv - ok
13:48:44.0430 4812 [ 14C44875518AE1C982E54EA8C5F7FE28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:48:44.0445 4812 srv2 - ok
13:48:44.0461 4812 [ 07A14223B0A50E76ADE003FDF95D4FEC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:48:44.0476 4812 srvnet - ok
13:48:44.0508 4812 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:48:44.0523 4812 SSDPSRV - ok
13:48:44.0554 4812 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:48:44.0554 4812 SstpSvc - ok
13:48:44.0586 4812 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:48:44.0586 4812 stexstor - ok
13:48:44.0632 4812 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
13:48:44.0648 4812 StiSvc - ok
13:48:44.0664 4812 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
13:48:44.0664 4812 storflt - ok
13:48:44.0695 4812 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
13:48:44.0695 4812 storvsc - ok
13:48:44.0726 4812 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:48:44.0726 4812 swenum - ok
13:48:44.0757 4812 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:48:44.0757 4812 swprv - ok
13:48:44.0866 4812 [ 548E927507F65577ABB783CD207751BF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:48:44.0866 4812 SynTP - ok
13:48:44.0929 4812 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
13:48:44.0960 4812 SysMain - ok
13:48:44.0976 4812 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:48:44.0991 4812 TabletInputService - ok
13:48:45.0007 4812 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
13:48:45.0022 4812 TapiSrv - ok
13:48:45.0038 4812 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:48:45.0038 4812 TBS - ok
13:48:45.0116 4812 [ C2DAAEB48F3A47C410B041A0D2382EE1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:48:45.0163 4812 Tcpip - ok
13:48:45.0241 4812 [ C2DAAEB48F3A47C410B041A0D2382EE1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:48:45.0241 4812 TCPIP6 - ok
13:48:45.0288 4812 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:48:45.0288 4812 tcpipreg - ok
13:48:45.0319 4812 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:48:45.0319 4812 TDPIPE - ok
13:48:45.0334 4812 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:48:45.0350 4812 TDTCP - ok
13:48:45.0366 4812 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:48:45.0381 4812 tdx - ok
13:48:45.0397 4812 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:48:45.0397 4812 TermDD - ok
13:48:45.0444 4812 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
13:48:45.0459 4812 TermService - ok
13:48:45.0475 4812 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:48:45.0475 4812 Themes - ok
13:48:45.0490 4812 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:48:45.0506 4812 THREADORDER - ok
13:48:45.0537 4812 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:48:45.0537 4812 TrkWks - ok
13:48:45.0615 4812 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:48:45.0615 4812 TrustedInstaller - ok
13:48:45.0646 4812 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:48:45.0646 4812 tssecsrv - ok
13:48:45.0693 4812 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:48:45.0693 4812 tunnel - ok
13:48:45.0740 4812 [ D7B5C463518517AA606C4A1A5AD13C05 ] u302bus C:\Windows\system32\DRIVERS\u302bus.sys
13:48:45.0756 4812 u302bus - ok
13:48:45.0802 4812 [ 817F7608F6A0B63A9B4E340E837A6D54 ] u302mdfl C:\Windows\system32\DRIVERS\u302mdfl.sys
13:48:45.0802 4812 u302mdfl - ok
13:48:45.0849 4812 [ 0C3F5F21513BEE7E59F3C8275C062631 ] u302mdm C:\Windows\system32\DRIVERS\u302mdm.sys
13:48:45.0849 4812 u302mdm - ok
13:48:45.0880 4812 [ 0F10057D0B998EECE3F97927CBBE6A65 ] u302mgmt C:\Windows\system32\DRIVERS\u302mgmt.sys
13:48:45.0880 4812 u302mgmt - ok
13:48:45.0927 4812 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:48:45.0927 4812 uagp35 - ok
13:48:45.0974 4812 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:48:45.0990 4812 udfs - ok
13:48:46.0036 4812 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:48:46.0036 4812 UI0Detect - ok
13:48:46.0068 4812 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
13:48:46.0068 4812 uliagpkx - ok
13:48:46.0099 4812 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:48:46.0114 4812 umbus - ok
13:48:46.0146 4812 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:48:46.0146 4812 UmPass - ok
13:48:46.0177 4812 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
13:48:46.0192 4812 UmRdpService - ok
13:48:46.0224 4812 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:48:46.0239 4812 upnphost - ok
13:48:46.0302 4812 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:48:46.0302 4812 usbaudio - ok
13:48:46.0348 4812 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:48:46.0348 4812 usbccgp - ok
13:48:46.0380 4812 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
13:48:46.0380 4812 usbcir - ok
13:48:46.0411 4812 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:48:46.0411 4812 usbehci - ok
13:48:46.0458 4812 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:48:46.0458 4812 usbhub - ok
13:48:46.0473 4812 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:48:46.0473 4812 usbohci - ok
13:48:46.0520 4812 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:48:46.0520 4812 usbprint - ok
13:48:46.0567 4812 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:48:46.0582 4812 usbscan - ok
13:48:46.0614 4812 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:48:46.0614 4812 USBSTOR - ok
13:48:46.0645 4812 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:48:46.0645 4812 usbuhci - ok
13:48:46.0676 4812 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:48:46.0692 4812 usbvideo - ok
13:48:46.0738 4812 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
13:48:46.0738 4812 usb_rndisx - ok
13:48:46.0785 4812 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:48:46.0785 4812 UxSms - ok
13:48:46.0816 4812 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
13:48:46.0816 4812 VaultSvc - ok
13:48:46.0848 4812 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
13:48:46.0848 4812 vdrvroot - ok
13:48:46.0879 4812 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
13:48:46.0894 4812 vds - ok
13:48:46.0972 4812 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:48:46.0988 4812 vga - ok
13:48:47.0019 4812 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:48:47.0019 4812 VgaSave - ok
13:48:47.0050 4812 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
13:48:47.0050 4812 vhdmp - ok
13:48:47.0082 4812 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
13:48:47.0082 4812 viaagp - ok
13:48:47.0113 4812 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:48:47.0113 4812 ViaC7 - ok
13:48:47.0160 4812 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
13:48:47.0160 4812 viaide - ok
13:48:47.0191 4812 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
13:48:47.0191 4812 vmbus - ok
13:48:47.0206 4812 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
13:48:47.0206 4812 VMBusHID - ok
13:48:47.0253 4812 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
13:48:47.0253 4812 volmgr - ok
13:48:47.0316 4812 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:48:47.0316 4812 volmgrx - ok
13:48:47.0362 4812 [ 7C28B63E4C9E5C3BE7FFE53789593619 ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
13:48:47.0362 4812 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7C28B63E4C9E5C3BE7FFE53789593619, Fake md5: 58DF9D2481A56EDDE167E51B334D44FD
13:48:47.0362 4812 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
13:48:47.0362 4812 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
13:48:47.0409 4812 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:48:47.0409 4812 vsmraid - ok
13:48:47.0518 4812 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
13:48:47.0534 4812 VSS - ok
13:48:47.0550 4812 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:48:47.0565 4812 vwifibus - ok
13:48:47.0596 4812 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:48:47.0612 4812 vwififlt - ok
13:48:47.0706 4812 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:48:47.0706 4812 vwifimp - ok
13:48:47.0768 4812 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:48:47.0784 4812 W32Time - ok
13:48:47.0815 4812 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:48:47.0815 4812 WacomPen - ok
13:48:47.0862 4812 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:48:47.0862 4812 WANARP - ok
13:48:47.0862 4812 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:48:47.0862 4812 Wanarpv6 - ok
13:48:47.0955 4812 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:48:47.0971 4812 WatAdminSvc - ok
13:48:48.0064 4812 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
13:48:48.0096 4812 wbengine - ok
13:48:48.0127 4812 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:48:48.0127 4812 WbioSrvc - ok
13:48:48.0174 4812 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:48:48.0174 4812 wcncsvc - ok
13:48:48.0205 4812 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:48:48.0205 4812 WcsPlugInService - ok
13:48:48.0252 4812 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:48:48.0252 4812 Wd - ok
13:48:48.0283 4812 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:48:48.0283 4812 Wdf01000 - ok
13:48:48.0298 4812 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:48:48.0314 4812 WdiServiceHost - ok
13:48:48.0314 4812 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:48:48.0330 4812 WdiSystemHost - ok
13:48:48.0345 4812 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
13:48:48.0361 4812 WebClient - ok
13:48:48.0392 4812 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:48:48.0392 4812 Wecsvc - ok
13:48:48.0423 4812 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:48:48.0423 4812 wercplsupport - ok
13:48:48.0439 4812 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:48:48.0439 4812 WerSvc - ok
13:48:48.0486 4812 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:48:48.0486 4812 WfpLwf - ok
13:48:48.0517 4812 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:48:48.0517 4812 WIMMount - ok
13:48:48.0642 4812 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:48:48.0657 4812 WinDefend - ok
13:48:48.0688 4812 WinHttpAutoProxySvc - ok
13:48:48.0751 4812 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:48:48.0751 4812 Winmgmt - ok
13:48:48.0813 4812 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
13:48:48.0860 4812 WinRM - ok
13:48:48.0954 4812 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:48:48.0954 4812 WinUsb - ok
13:48:49.0032 4812 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:48:49.0063 4812 Wlansvc - ok
13:48:49.0125 4812 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:48:49.0125 4812 WmiAcpi - ok
13:48:49.0172 4812 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:48:49.0172 4812 wmiApSrv - ok
13:48:49.0266 4812 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:48:49.0281 4812 WMPNetworkSvc - ok
13:48:49.0328 4812 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:48:49.0328 4812 WPCSvc - ok
13:48:49.0344 4812 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:48:49.0344 4812 WPDBusEnum - ok
13:48:49.0390 4812 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:48:49.0390 4812 ws2ifsl - ok
13:48:49.0422 4812 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
13:48:49.0422 4812 wscsvc - ok
13:48:49.0437 4812 WSearch - ok
13:48:49.0515 4812 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:48:49.0562 4812 wuauserv - ok
13:48:49.0593 4812 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:48:49.0593 4812 WudfPf - ok
13:48:49.0702 4812 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:48:49.0702 4812 WUDFRd - ok
13:48:49.0765 4812 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:48:49.0765 4812 wudfsvc - ok
13:48:49.0827 4812 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:48:49.0843 4812 WwanSvc - ok
13:48:49.0921 4812 ================ Scan global ===============================
13:48:49.0968 4812 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
13:48:49.0999 4812 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
13:48:50.0014 4812 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
13:48:50.0061 4812 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:48:50.0092 4812 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:48:50.0092 4812 [Global] - ok
13:48:50.0092 4812 ================ Scan MBR ==================================
13:48:50.0139 4812 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:48:51.0294 4812 \Device\Harddisk0\DR0 - ok
13:48:51.0309 4812 ================ Scan VBR ==================================
13:48:51.0325 4812 [ A7CE23CA789A6F53F7AD4C96A45FAE08 ] \Device\Harddisk0\DR0\Partition1
13:48:51.0325 4812 \Device\Harddisk0\DR0\Partition1 - ok
13:48:51.0356 4812 [ 0485623897CF919A46BA8E22D4578A57 ] \Device\Harddisk0\DR0\Partition2
13:48:51.0356 4812 \Device\Harddisk0\DR0\Partition2 - ok
13:48:51.0387 4812 [ B1280F6701025292F54CA7C5FF9AF41A ] \Device\Harddisk0\DR0\Partition3
13:48:51.0387 4812 \Device\Harddisk0\DR0\Partition3 - ok
13:48:51.0419 4812 [ C434283E3E155CDE63DE5861EA76F14A ] \Device\Harddisk0\DR0\Partition4
13:48:51.0419 4812 \Device\Harddisk0\DR0\Partition4 - ok
13:48:51.0434 4812 ============================================================
13:48:51.0434 4812 Scan finished
13:48:51.0434 4812 ============================================================
13:48:51.0450 3388 Detected object count: 1
13:48:51.0450 3388 Actual detected object count: 1
13:49:01.0527 3388 C:\Windows\system32\DRIVERS\volsnap.sys - copied to quarantine
13:49:01.0761 3388 Backup copy found, using it..
13:49:01.0777 3388 C:\Windows\system32\DRIVERS\volsnap.sys - will be cured on reboot
13:49:01.0777 3388 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
13:49:08.0282 4504 Deinitialize success

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 20 November 2012 - 08:13 PM

Please try running ComboFix again, this time do it from the Safe Mode

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 greenp

greenp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 21 November 2012 - 03:14 AM

Hi,

Still no luck! ComboFix is not working in Safe Mode too.

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 22 November 2012 - 06:32 PM

Posted Image Download Farbar Recovery Scan Tool and save it to a flash drive. Note: You need the 32 bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 greenp

greenp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 23 November 2012 - 06:13 PM

Ok. At first when I tried entering System Recovery Options from the Advanced Boot Options, I ended up getting a blank blue screen with the following message -

STOP: c000021a {Fatal System Error}
The initial session process or system process terminated unexpectedly with a status of 0xc0000001 0x001003b8
The system has been shut down

Then I tired again and somehow managed to successfully run FRST.exe with the way you mentioned. Below is the log -

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012
Ran by SYSTEM at 24-11-2012 04:29:12
Running from H:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-10] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1241520 2010-06-29] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [x]
HKLM\...\Run: [MCtlSuc] C:\Program Files\BSNL 3G Data Card\Resource\MCtlSuc.exe [93184 2010-08-06] ()
HKLM\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM\...\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [1095080 2011-07-12] (AsusTek Computer Inc.)
HKLM\...\Run: [K7TSStart] C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe [160896 2012-08-06] (K7 Computing Pvt Ltd)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKU\asus\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" [399736 2011-03-30] (BitTorrent, Inc.)
HKU\asus\...\Run: [AdobeBridge] [x]
HKU\asus\...\Run: [Google Update] "C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-22] (Google Inc.)
HKU\asus\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4763008 2012-11-01] (SUPERAntiSpyware.com)
HKU\asus\...\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\asus\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\asus\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\asus\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (No File)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-07-11] (SUPERAntiSpyware.com)
2 AMD FusionUtility Service; "C:\Program Files\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe" /launchService [275832 2010-04-14] (Advanced Micro Devices, Inc.)
2 AMD Reservation Manager; "C:\Program Files\AMD\Reservation Manager\AMD Reservation Manager.exe" [140160 2010-04-14] (Advanced Micro Devices)
2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] ()
2 Change Modem Device Service; "C:\ProgramData\ChgService.exe" -service [135168 2011-06-22] ()
2 K7CrvSvc; C:\Program Files\K7 Computing\K7TSecurity\K7CrvSvc.exe [262752 2011-12-21] (K7 Computing Pvt Ltd)
2 K7EmlPxy; C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe [150656 2012-09-17] (K7 Computing Pvt Ltd)
2 K7FWSrvc; C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe [239744 2012-09-14] (K7 Computing Pvt Ltd)
2 K7RTScan; C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe [203904 2012-08-15] (K7 Computing Pvt Ltd)
2 K7TSMngr; C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe [218984 2012-09-04] (K7 Computing Pvt Ltd)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-07-13] (Mozilla Foundation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [29293408 2010-12-10] (Microsoft Corporation)
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]

==================== Drivers (Whitelisted) ====================

1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2011-02-09] ()
3 cmntusbser; C:\Windows\System32\DRIVERS\cmntusbser.sys [110080 2011-04-20] (Wireless Device)
0 K7FWHlpr; C:\Windows\System32\drivers\K7FWHlpr.sys [87648 2012-09-17] (K7 Computing Pvt Ltd)
0 K7Sentry; C:\Windows\System32\drivers\K7Sentry.sys [1078112 2012-08-17] (K7 Computing Pvt Ltd)
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 u302bus; C:\Windows\System32\DRIVERS\u302bus.sys [119112 2010-07-29] (MCCI Corporation)
3 u302mdfl; C:\Windows\System32\DRIVERS\u302mdfl.sys [14920 2010-07-29] (MCCI Corporation)
3 u302mdm; C:\Windows\System32\DRIVERS\u302mdm.sys [135880 2010-07-29] (MCCI Corporation)
3 u302mgmt; C:\Windows\System32\DRIVERS\u302mgmt.sys [129992 2010-07-29] (MCCI Corporation)
3 32761; \??\C:\Users\asus\AppData\Local\Temp\35040623\32761.sys [x]
3 atillk64; \??\C:\Program Files\AMD\System Monitor\atillk64.sys [x]
3 ewusbmbb; C:\Windows\System32\DRIVERS\ewusbwwan.sys [x]
3 GGSAFERDriver; \??\C:\Program Files\Garena\safedrv.sys [x]
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-11-24 04:28 - 2012-11-24 04:28 - 00000000 ____D C:\FRST
2012-11-23 14:12 - 2012-11-23 14:13 - 00907994 ____A (Farbar) C:\Users\asus\Downloads\FRST.exe
2012-11-23 04:56 - 2012-11-23 04:56 - 00058068 ____A C:\Users\asus\Downloads\[kat.ph]elf.man.2012.dvdrip.xvid.vomit.torrent
2012-11-22 13:54 - 2012-11-22 13:54 - 00027519 ____A C:\Users\asus\Downloads\dirty-harry-3-the-enforcer_english-102407.zip
2012-11-22 13:37 - 2012-11-22 13:37 - 00028632 ____A C:\Users\asus\Downloads\dirty-harry-3-the-enforcer_english-251358.zip
2012-11-22 08:08 - 2012-11-22 08:11 - 00000000 ____D C:\Users\asus\Desktop\Ledo Blog
2012-11-20 12:41 - 2012-11-20 12:41 - 00000000 ____D C:\Program Files\Common Files\Java
2012-11-20 12:34 - 2012-11-20 12:32 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-20 12:33 - 2012-11-20 12:32 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-20 12:33 - 2012-11-20 12:32 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-20 12:33 - 2012-11-20 12:32 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-11-20 12:31 - 2012-11-20 12:31 - 00000000 ____D C:\Program Files\Java
2012-11-20 12:20 - 2012-11-20 12:20 - 00895464 ____A (Oracle Corporation) C:\Users\asus\Downloads\chromeinstall-7u9.exe
2012-11-20 11:29 - 2012-11-20 11:44 - 07364768 ____A (Adobe Systems Inc.) C:\Users\asus\Downloads\Shockwave_Installer_Slim.exe
2012-11-20 05:30 - 2012-11-20 05:30 - 00019160 ____A C:\Users\asus\Downloads\[kat.ph]legend.of.the.fist.the.return.of.chen.zhen.2010.dvdrip.xvid.feel.free.torrent
2012-11-20 00:19 - 2012-11-20 00:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-20 00:16 - 2012-10-31 08:19 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\asus\Desktop\TDSSKiller.exe
2012-11-20 00:16 - 2010-12-31 11:44 - 00002254 ___RA C:\Users\asus\Desktop\eula.txt
2012-11-20 00:07 - 2012-11-20 00:07 - 00000000 ____D C:\_OTL
2012-11-19 23:55 - 2012-11-19 23:56 - 05000710 ____A C:\Users\asus\Desktop\ComboFix.exe
2012-11-19 23:52 - 2012-11-19 23:53 - 02195061 ____A C:\Users\asus\Desktop\tdsskiller.zip
2012-11-19 13:37 - 2012-11-19 13:37 - 00026515 ____A C:\Users\asus\Downloads\dirty-harry-2-magnum-force_english-92044.zip
2012-11-19 10:07 - 2012-11-19 10:07 - 00069182 ____A C:\Users\asus\Downloads\Extras.Txt
2012-11-19 10:04 - 2012-11-19 10:04 - 00081586 ____A C:\Users\asus\Downloads\OTL.Txt
2012-11-19 09:56 - 2012-11-19 09:57 - 00602112 ____A (OldTimer Tools) C:\Users\asus\Downloads\OTL.exe
2012-11-19 04:29 - 2012-11-19 04:29 - 00001896 ____A C:\Users\asus\Desktop\aswMBR.txt
2012-11-19 04:29 - 2012-11-19 04:29 - 00000512 ____A C:\Users\asus\Desktop\MBR.dat
2012-11-19 04:23 - 2012-11-19 04:24 - 04732416 ____A (AVAST Software) C:\Users\asus\Desktop\aswMBR.exe
2012-11-19 04:05 - 2012-11-20 00:07 - 00003612 ____A C:\Users\asus\Desktop\k.txt
2012-11-17 13:20 - 2012-11-18 12:39 - 00004358 ____A C:\Users\asus\Desktop\Rkill.txt
2012-11-17 13:15 - 2012-11-17 13:16 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\asus\Desktop\rkill.exe
2012-11-17 12:55 - 2012-11-23 12:55 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7bb491ea-9bcd-4c7d-896d-13299c58d532.job
2012-11-17 12:55 - 2012-11-23 12:30 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b3350738-82c8-40ef-adb3-11963a44a0b0.job
2012-11-17 12:55 - 2012-11-17 12:55 - 00000000 ____D C:\Users\asus\AppData\Roaming\SUPERAntiSpyware.com
2012-11-17 12:54 - 2012-11-17 12:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-11-17 12:54 - 2012-11-17 12:54 - 00001921 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-11-17 12:54 - 2012-11-17 12:54 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-11-17 12:45 - 2012-11-17 12:54 - 22061560 ____A (SUPERAntiSpyware.com) C:\Users\asus\Downloads\SUPERAntiSpywarePro.exe
2012-11-06 10:49 - 2012-11-06 10:49 - 00006144 ___AH C:\Users\asus\Downloads\photothumb.db

==================== One Month Modified Files and Folders ========

2012-11-24 04:28 - 2012-11-24 04:28 - 00000000 ____D C:\FRST
2012-11-23 14:15 - 2011-03-25 14:45 - 01767802 ____A C:\Windows\WindowsUpdate.log
2012-11-23 14:15 - 2009-07-13 20:34 - 00010416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-23 14:15 - 2009-07-13 20:34 - 00010416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-23 14:13 - 2012-11-23 14:12 - 00907994 ____A (Farbar) C:\Users\asus\Downloads\FRST.exe
2012-11-23 14:03 - 2011-03-25 02:26 - 00849914 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-23 14:00 - 2012-10-20 09:40 - 00002922 ____A C:\Windows\setupact.log
2012-11-23 13:48 - 2011-07-16 11:52 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-23 13:40 - 2011-10-22 04:37 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2653292046-3111716209-237568885-1000UA.job
2012-11-23 12:55 - 2012-11-17 12:55 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7bb491ea-9bcd-4c7d-896d-13299c58d532.job
2012-11-23 12:30 - 2012-11-17 12:55 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b3350738-82c8-40ef-adb3-11963a44a0b0.job
2012-11-23 11:18 - 2011-03-30 06:01 - 00000000 ____D C:\Users\asus\AppData\Roaming\uTorrent
2012-11-23 11:11 - 2011-11-25 05:48 - 00000000 ____D C:\Users\asus\Documents\Personal
2012-11-23 07:14 - 2011-09-16 13:54 - 00000000 ____D C:\Users\asus\AppData\Local\Paint.NET
2012-11-23 04:56 - 2012-11-23 04:56 - 00058068 ____A C:\Users\asus\Downloads\[kat.ph]elf.man.2012.dvdrip.xvid.vomit.torrent
2012-11-23 02:10 - 2011-07-16 11:52 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-23 00:40 - 2011-10-22 04:37 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2653292046-3111716209-237568885-1000Core.job
2012-11-22 13:54 - 2012-11-22 13:54 - 00027519 ____A C:\Users\asus\Downloads\dirty-harry-3-the-enforcer_english-102407.zip
2012-11-22 13:37 - 2012-11-22 13:37 - 00028632 ____A C:\Users\asus\Downloads\dirty-harry-3-the-enforcer_english-251358.zip
2012-11-22 08:11 - 2012-11-22 08:08 - 00000000 ____D C:\Users\asus\Desktop\Ledo Blog
2012-11-21 05:48 - 2012-02-12 01:12 - 00000000 ___RD C:\Users\asus\Dropbox
2012-11-21 05:48 - 2012-02-11 23:46 - 00000000 ____D C:\Users\asus\AppData\Roaming\Dropbox
2012-11-21 05:47 - 2012-01-21 09:42 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-11-21 05:47 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-20 22:47 - 2011-03-25 01:16 - 00408860 ____A C:\Windows\PFRO.log
2012-11-20 12:41 - 2012-11-20 12:41 - 00000000 ____D C:\Program Files\Common Files\Java
2012-11-20 12:32 - 2012-11-20 12:34 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-20 12:32 - 2012-11-20 12:33 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-20 12:32 - 2012-11-20 12:33 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-20 12:32 - 2012-11-20 12:33 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-11-20 12:31 - 2012-11-20 12:31 - 00000000 ____D C:\Program Files\Java
2012-11-20 12:31 - 2012-05-18 15:30 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-11-20 12:31 - 2011-03-29 09:30 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-11-20 12:20 - 2012-11-20 12:20 - 00895464 ____A (Oracle Corporation) C:\Users\asus\Downloads\chromeinstall-7u9.exe
2012-11-20 11:44 - 2012-11-20 11:29 - 07364768 ____A (Adobe Systems Inc.) C:\Users\asus\Downloads\Shockwave_Installer_Slim.exe
2012-11-20 05:57 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-20 05:30 - 2012-11-20 05:30 - 00019160 ____A C:\Users\asus\Downloads\[kat.ph]legend.of.the.fist.the.return.of.chen.zhen.2010.dvdrip.xvid.feel.free.torrent
2012-11-20 00:19 - 2012-11-20 00:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-20 00:19 - 2009-07-13 15:11 - 00245328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-11-20 00:07 - 2012-11-20 00:07 - 00000000 ____D C:\_OTL
2012-11-20 00:07 - 2012-11-19 04:05 - 00003612 ____A C:\Users\asus\Desktop\k.txt
2012-11-19 23:56 - 2012-11-19 23:55 - 05000710 ____A C:\Users\asus\Desktop\ComboFix.exe
2012-11-19 23:53 - 2012-11-19 23:52 - 02195061 ____A C:\Users\asus\Desktop\tdsskiller.zip
2012-11-19 23:29 - 2011-03-25 00:10 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-19 15:20 - 2012-10-10 00:22 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2012-11-19 15:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2012-11-19 14:39 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-11-19 13:37 - 2012-11-19 13:37 - 00026515 ____A C:\Users\asus\Downloads\dirty-harry-2-magnum-force_english-92044.zip
2012-11-19 10:07 - 2012-11-19 10:07 - 00069182 ____A C:\Users\asus\Downloads\Extras.Txt
2012-11-19 10:04 - 2012-11-19 10:04 - 00081586 ____A C:\Users\asus\Downloads\OTL.Txt
2012-11-19 09:57 - 2012-11-19 09:56 - 00602112 ____A (OldTimer Tools) C:\Users\asus\Downloads\OTL.exe
2012-11-19 04:29 - 2012-11-19 04:29 - 00001896 ____A C:\Users\asus\Desktop\aswMBR.txt
2012-11-19 04:29 - 2012-11-19 04:29 - 00000512 ____A C:\Users\asus\Desktop\MBR.dat
2012-11-19 04:24 - 2012-11-19 04:23 - 04732416 ____A (AVAST Software) C:\Users\asus\Desktop\aswMBR.exe
2012-11-18 14:17 - 2012-06-08 12:49 - 00000000 ____D C:\Users\asus\AppData\Local\Freenet
2012-11-18 12:39 - 2012-11-17 13:20 - 00004358 ____A C:\Users\asus\Desktop\Rkill.txt
2012-11-17 13:16 - 2012-11-17 13:15 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\asus\Desktop\rkill.exe
2012-11-17 12:55 - 2012-11-17 12:55 - 00000000 ____D C:\Users\asus\AppData\Roaming\SUPERAntiSpyware.com
2012-11-17 12:55 - 2012-11-17 12:54 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-11-17 12:54 - 2012-11-17 12:54 - 00001921 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-11-17 12:54 - 2012-11-17 12:54 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-11-17 12:54 - 2012-11-17 12:45 - 22061560 ____A (SUPERAntiSpyware.com) C:\Users\asus\Downloads\SUPERAntiSpywarePro.exe
2012-11-16 08:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-11-06 10:49 - 2012-11-06 10:49 - 00006144 ___AH C:\Users\asus\Downloads\photothumb.db
2012-11-04 11:44 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System
2012-11-04 09:03 - 2011-04-30 01:39 - 00000000 ____D C:\Windows\Minidump
2012-11-01 00:53 - 2012-02-15 02:15 - 00000000 ____D C:\Program Files\NCH Software
2012-11-01 00:49 - 2011-11-25 05:47 - 00000000 ____D C:\Users\asus\Documents\Good Read
2012-10-31 14:43 - 2011-03-25 00:22 - 00000000 ____D C:\Users\asus\AppData\Roaming\Mozilla
2012-10-31 08:19 - 2012-11-20 00:16 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\asus\Desktop\TDSSKiller.exe
2012-10-30 10:56 - 2012-07-21 10:49 - 00000000 ____D C:\Users\asus\AppData\Roaming\Rainmeter
2012-10-30 10:56 - 2011-03-29 13:33 - 00000000 ____D C:\Users\asus\AppData\Roaming\vlc
2012-10-30 10:56 - 2011-03-25 02:20 - 00000000 ____D C:\users\asus
2012-10-30 10:56 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-10-29 08:02 - 2011-07-11 12:28 - 64010424 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-26 07:42 - 2012-09-12 03:39 - 00000000 ____D C:\Users\All Users\HP


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-20 07:07:54
Restore point made on: 2012-11-20 12:29:57

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 3839.12 MB
Available physical RAM: 3416.17 MB
Total Pagefile: 3837.39 MB
Available Pagefile: 3418.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.95 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:56.54 GB) (Free:0.21 GB) NTFS
2 Drive e: () (Fixed) (Total:117.19 GB) (Free:2.78 GB) NTFS
3 Drive f: () (Fixed) (Total:124.26 GB) (Free:0.3 GB) NTFS
4 Drive g: (BSNL 3G LW272) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
5 Drive h: () (Removable) (Total:1.84 GB) (Free:0.94 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1888 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 56 GB 101 MB
Partition 3 Primary 117 GB 56 GB
Partition 4 Primary 124 GB 173 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 56 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 117 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F NTFS Partition 124 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1887 MB 67 KB

=========================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1887 MB Healthy

=========================================================

Last Boot: 2012-11-16 07:11

==================== End Of Log ============================

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 24 November 2012 - 12:52 PM

Posted Image Download MBAR to your desktop
  • Unzip the MBAR folder to your desktop
  • Open the Folder and double click MBAR
  • At the first screen select next
  • Update the tool
  • On completion of the Update press next
  • Then press the scan button ensuring that the boxes as shown are ticked
  • On completion of the scan click Exit
  • Two logs will be generated within the MBAR folder could you post both MBAR log and System log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 greenp

greenp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 24 November 2012 - 02:42 PM

Hi,

At first, I tried downloading to the desktop which couldn't happen. The download rate decreased to 5kb/s and kept on decreasing.

So I downloaded it to another folder and extracted the MBAR folder to the desktop. Below are the log details you've asked.



Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.24.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
asus :: ASUS-PC [administrator]

11/25/2012 1:05:21 AM
mbar-log-2012-11-25 (01-05-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 29096
Time elapsed: 26 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.695000 GHz
Memory total: 3488735232, free: 1412026368

------------ Kernel report ------------
11/25/2012 00:36:26
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\K7Sentry.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\K7FWHlpr.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\AsUpIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW73.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\u302wh.sys
\SystemRoot\system32\DRIVERS\u302cm.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8628b030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff86747030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.24.08
Downloaded database version: v2012.11.19.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8628b030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff867477c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8628b030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86747030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffa07a73e8, 0xffffffff8628b030, 0xffffffffb7237ac8
Lower DeviceData: 0xffffffffab7fb8b0, 0xffffffff86747030, 0xffffffff896e5388
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CBACABD5

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 118579200

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 118786048 Numsec = 245760000

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 364546048 Numsec = 260593664

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users