Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with possible winlogon / atieclxx virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 monkeybo

monkeybo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 24 May 2013 - 02:55 PM

Hi,

 

Hope you can help, the above files in task manager do not have a command line assigned to them.

 

I have run MWBytes, AVG and SAS in safe mode but they only found some tracking cookies, when I use my browser ghosts of tabs I have deleted remain so I have to select another tab and return then the page I deleted disappears, the system is hanging quite regularly.

 

Drivers and programs are up to date and I have tested hardware.

 

Any help would be great.....

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:57:16, on 24/05/2013
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\ASUS\EPU\EPU.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Gareth\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan4\FanHelp.exe"
O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU\EPU.exe" -b
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gareth\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.04\AsSysCtrlService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: lxcj_device -   - C:\Windows\system32\lxcjcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
 
--
End of file - 9448 bytes
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.16982  BrowserJavaVersion: 10.21.2
Run by Gareth at 20:36:24 on 2013-05-24
#Option MBR scan  is disabled.
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.44.1033.18.3326.1891 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.04\AsSysCtrlService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Windows\system32\lxcjcoms.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\ASUS\EPU\EPU.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Gareth\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gareth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fuk.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\gareth\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ApplePhotoStreams] C:\ApplePhotoStreams.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\hydravision\HydraDM.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan4\FanHelp.exe"
mRun: [TurboV EVO] "c:\program files\asus\turbov evo\TurboV_EVO.exe" -b
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [lxcjmon.exe] "c:\program files\lexmark 8300 series\lxcjmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 8300 series\ezprint.exe"
mRun: [Six Engine] "c:\program files\asus\epu\EPU.exe" -b
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0D360202-E3E7-4545-8A59-26D530F98805} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gareth\appdata\roaming\mozilla\firefox\profiles\oyx1bb9q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\users\gareth\appdata\roaming\mozilla\firefox\profiles\oyx1bb9q.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\gareth\appdata\roaming\mozilla\firefox\profiles\oyx1bb9q.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\gareth\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-05-24 18:42; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\users\gareth\appdata\roaming\mozilla\firefox\profiles\oyx1bb9q.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-11-7 65848]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-23 242240]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2012-2-7 686872]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-20 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-11-7 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-11-7 166840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-6 217600]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-9-28 291840]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-4-9 48256]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.04\AsSysCtrlService.exe [2010-12-28 578560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-3-5 235752]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-3-19 375144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-5-18 47640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-4-14 583640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-5-21 1153368]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-8-2 37944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2011-11-25 38608]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2012-7-13 73344]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2012-7-13 164736]
R3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\drivers\wfmcvad.sys [2011-8-18 19456]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-4-9 48256]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AODDriver;AODDriver;c:\program files\asus\gpu boost driver\i386\aoddriver.sys [2010-12-28 36864]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-24 18:43:44 388096 ----a-r- c:\users\gareth\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-05-24 18:34:07 -------- d-----w- c:\program files\Trend Micro
2013-05-23 14:43:18 -------- d-----w- c:\windows\pss
2013-05-21 20:43:22 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-21 20:40:47 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-21 19:56:26 -------- d-----w- c:\users\gareth\appdata\local\WindowsUpdate
2013-05-21 19:55:17 -------- d-----w- c:\users\gareth\appdata\local\Secunia PSI
2013-05-21 19:54:52 -------- d-----w- c:\program files\Secunia
2013-05-21 18:01:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-21 18:01:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-21 15:04:04 -------- d-----w- C:\Autoruns
2013-05-19 13:18:28 -------- d-----w- c:\users\gareth\appdata\local\AirVideoServer
2013-05-19 13:18:25 -------- d--h--w- C:\jexepackres
2013-05-19 13:18:21 -------- d-----w- c:\program files\AirVideoServer
2013-05-18 12:44:28 -------- d-----w- c:\users\gareth\appdata\local\LogMeIn
2013-05-18 12:44:13 53096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-05-18 12:44:12 31592 ----a-w- c:\windows\system32\LMIport.dll
2013-05-18 12:44:11 84352 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-05-18 12:44:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-05-18 12:44:07 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2013-05-18 12:44:03 92520 ----a-w- c:\windows\system32\LMIinit.dll
2013-05-18 12:43:55 -------- d-----w- c:\programdata\LogMeIn
2013-05-18 12:43:40 -------- d-----w- c:\program files\LogMeIn
2013-05-18 11:33:19 -------- d-sh--w- c:\users\gareth\appdata\local\ms-drivers
2013-05-18 11:33:15 -------- d-----w- c:\users\gareth\appdata\local\MetaGeek,_LLC
2013-05-18 11:01:02 -------- d-----w- c:\users\gareth\appdata\roaming\Hobbyist Software
2013-05-18 11:00:43 -------- d-----w- c:\program files\Hobbyist Software
2013-05-08 15:37:58 -------- d-----w- c:\users\gareth\appdata\local\Microsoft Corporation
2013-05-08 15:36:54 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2013-05-08 02:12:56 106088 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-05-08 02:12:56 106088 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-05-21 20:43:03 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-21 20:43:03 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-19 13:01:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-19 13:01:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-05 12:01:02 268616 ----a-w- C:\mmcs.dll
2013-04-05 12:00:52 3662152 ----a-w- C:\APLZOD32.dll
2013-04-05 12:00:52 2981704 ----a-w- C:\AppleOutlookDAVConfig.exe
2013-04-05 11:59:08 59720 ----a-w- C:\iCloudServices.exe
2013-04-05 11:59:08 178504 ----a-w- C:\iCloudServices_main.dll
2013-04-05 11:59:08 15176 ----a-w- C:\iCloudWeb.exe
2013-04-05 11:56:12 141640 ----a-w- C:\AOSKit.dll
2013-04-04 13:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:37:03.18 ===============
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 AM

Posted 27 May 2013 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 monkeybo

monkeybo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 28 May 2013 - 12:34 PM

Hi nasdaq,

 

Thanks for the guidance, I ran AdwCleaner and disabled avg / malware programs, ran Combofix.

 

Went to see what was happening after half an hour, but desktop would not come up on monitor, just a black screen, when it did all I saw was BSOD.

 

Rebooted and noticed in disabling protective programs link that I had not disabled windows defender,so disabled, after this I tried to run Combofix several times (leaving it to run for several hours), but it just hangs on 'However, scan times for badly infected machines may easily double' screen, there is no activity from hard drive a couple of minutes after the program has reached this point. When I try to do anything else the desktop freezes and I have to reboot, any suggestions?

 

See below for AdwCleaner log:

 

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 10:54:30
# Updated 16/05/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium  (32 bits)
# User : ????????
# Boot Mode : Normal
# Running from : C:\Users\??????\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : BCUService
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DeviceVM
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Administrator\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\???????\AppData\Local\Conduit
Folder Deleted : C:\Users\???????\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\???????\AppData\Local\PackageAware
Folder Deleted : C:\Users\???????\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\???????\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\???????\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\???????\AppData\Roaming\Mozilla\Firefox\Profiles\oyx1bb9q.default\Conduit
Folder Deleted : C:\Users\???????\AppData\Roaming\Mozilla\Firefox\Profiles\oyx1bb9q.default\ConduitCommon
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v7.0.6000.16982
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-GB)
 
File : C:\Users\????????\AppData\Roaming\Mozilla\Firefox\Profiles\oyx1bb9q.default\prefs.js
 
Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Sun Dec 18 2011 14:18:01 GMT+0000 (GMT Standard Tim[...]
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "18-1-2012");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Standard T[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Wed Jan 18 2012 21:09:50 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun May 15 2011 11:03:50 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun May 15 2011 11:03:50 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun May 15 2011 11:03:49 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun May 15 2011 11:03:49 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun May 15 2011 11:03:49 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun May 15 2011 11:03:49 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun May 15 2011 11:03:49 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun May 15 2011 11:03:49 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun May 15 2011 11:03:49 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun May 15 2011 11:03:49 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun May 15 2011 11:03:50 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Wed Jan 18 2012 20:54:51 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Wed Jan 18 2012 20:54:51 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "20-4-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Tue Apr 19 2011 22:16:23 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Wed Jan 18 2012 21:05:55 GMT+0000 (GMT Standard Ti[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Wed Aug 17 2011 09:10:15 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.LastLogin_3.6.0.10", "Thu Sep 22 2011 23:21:09 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Sat Nov 19 2011 14:08:57 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2786678.LastLogin_3.8.0.8", "Tue Dec 06 2011 14:38:07 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Thu Jan 12 2012 21:49:46 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2786678.LastLogin_3.9.0.3", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2786678.LatestVersion", "3.9.0.3");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "Amazon.co.uk");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Wed Jan 18 2012 21:05:55 GMT+0000 (GMT Standard [...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Jan 18 2012 21:05:55 GMT+0000 (GMT Standard Time[...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Wed Jan 18 2012 20:54:50 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1326723880");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Jan 08 2012 11:21:42 GMT+0000 (GMT Standar[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN26487620902155307");
Deleted : user_pref("CT2786678.ValidationData_Search", 2);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Wed Jan 18 2012 20:54:51 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Deleted : user_pref("CT2786678.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e.:2z527", "247E706A73744345343D4436387E4A3F422F77317D7C207[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el8:", "6E6D706F6F7072717470");
Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737675757678777A76242F4B4947[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e31;cjc<=fbj#nc&?j", "247E61393F236B25757674752A212C6E414F4[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e8x305", "247E3441402B327844393C29712B7A7C207D3027324740434[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT2786678.backendstorage./9b-0?3g>d", "693C3C6D6E3F6F707A7778714820487A7E7B2551517C502A54[...]
Deleted : user_pref("CT2786678.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2786678.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Deleted : user_pref("CT2786678.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "676A6D7273747576");
Deleted : user_pref("CT2786678.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]
Deleted : user_pref("CT2786678.backendstorage./9b5ba==9cjag", "6F686D3D6C406F447A737479797C7748784F4D224D");
Deleted : user_pref("CT2786678.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706F6F7072726E77707572");
Deleted : user_pref("CT2786678.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2786678.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2786678.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2786678.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2786678.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2786678.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2786678.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "536174204F637420303120323031312031333A32323A33312[...]
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E676F6F676C652E636F2E756B2F7[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333236393230323634363131");
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Tue Jan 17 2012 21:05:55 GMT+0000 (GMT Stan[...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Wed Jan 18 2012 21:05:55 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Jan 15 2012 13:59:55 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Gareth\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Apr 19 2011 22:16:23 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Aug 10 2011 18:48:55 GMT+0100 (GMT D[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Aug 18 2011 09:10:14 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "0b238430-85e8-467c-aa7a-b920790200fc");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jan 18 2012 21:05:56 GMT+0000 (GMT[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "d9371ddd-32e8-491b-8b63-d137c53074fd");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Jul 07 2012 00:53:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jul 10 2012 20:01:53 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jul 10 2012 20:01:44 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "b1d482ad-4468-42b6-949b-e4399229d44e");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("extensions.crossriderapp435.435.active", true);
Deleted : user_pref("extensions.crossriderapp435.435.affid", "0");
Deleted : user_pref("extensions.crossriderapp435.435.backgroundjs", "\nfunction buttonClick() {        \n  \n [...]
Deleted : user_pref("extensions.crossriderapp435.435.backgroundver", 8);
Deleted : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221324581289%22");
Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_geo.expiration", "Sun Jan 22 2012 14:00:04 GM[...]
Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_geo.value", "%7B%22geoplugin_city%22%3A%22Exe[...]
Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22");
Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00[...]
Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2214977%22");
Deleted : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
Deleted : user_pref("extensions.crossriderapp435.435.domain", "");
Deleted : user_pref("extensions.crossriderapp435.435.emailsig", "");
Deleted : user_pref("extensions.crossriderapp435.435.exposesites", "");
Deleted : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp435.435.group", 0);
Deleted : user_pref("extensions.crossriderapp435.435.homepage", "");
Deleted : user_pref("extensions.crossriderapp435.435.iframe", false);
Deleted : user_pref("extensions.crossriderapp435.435.js", "\n\n//------------------  PLUGIN autocomplete START[...]
Deleted : user_pref("extensions.crossriderapp435.435.name", "Premiumplay Codec-C");
Deleted : user_pref("extensions.crossriderapp435.435.premium", true);
Deleted : user_pref("extensions.crossriderapp435.435.publisher", "WebPicks");
Deleted : user_pref("extensions.crossriderapp435.435.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp435.435.thankyou", "");
Deleted : user_pref("extensions.crossriderapp435.435.ver", 36);
Deleted : user_pref("extensions.crossriderapp435.apps", "435");
Deleted : user_pref("extensions.crossriderapp435.bic", "1335bae469c9f5afcdb49890c55e8a4c");
Deleted : user_pref("extensions.crossriderapp435.cid", 435);
Deleted : user_pref("extensions.crossriderapp435.firstrun", false);
Deleted : user_pref("extensions.crossriderapp435.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp435.installationdate", 1320093108);
Deleted : user_pref("extensions.crossriderapp435.jsver", 3);
Deleted : user_pref("extensions.crossriderapp435.lastcheck", 22115335);
Deleted : user_pref("extensions.crossriderapp435.lastcheckitem", 22115339);
Deleted : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1326921230789");
Deleted : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1326921230783");
Deleted : user_pref("extensions.facemoods._xpiupdate", true);
Deleted : user_pref("extensions.facemoods.aflt", "_#wbst");
Deleted : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Deleted : user_pref("extensions.facemoods.first_time", false);
Deleted : user_pref("extensions.facemoods.id", "_#3809d45106c240eb8c185b20dd162b1e");
Deleted : user_pref("extensions.facemoods.instlDay", "_#15278");
Deleted : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Deleted : user_pref("extensions.facemoods.sid", "_#3809d45106c240eb8c185b20dd162b1e");
Deleted : user_pref("extensions.facemoods.update", "_#v1.4.0");
Deleted : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
 
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qhslo7y6.default\prefs.js
 
Deleted : user_pref("extensions.crossriderapp435.435.active", true);
Deleted : user_pref("extensions.crossriderapp435.435.affid", "0");
Deleted : user_pref("extensions.crossriderapp435.435.backgroundjs", "function buttonClick() {        \n  \n  i[...]
Deleted : user_pref("extensions.crossriderapp435.435.backgroundver", 6);
Deleted : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
Deleted : user_pref("extensions.crossriderapp435.435.domain", "");
Deleted : user_pref("extensions.crossriderapp435.435.emailsig", "");
Deleted : user_pref("extensions.crossriderapp435.435.exposesites", "");
Deleted : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp435.435.group", 0);
Deleted : user_pref("extensions.crossriderapp435.435.homepage", "");
Deleted : user_pref("extensions.crossriderapp435.435.iframe", false);
Deleted : user_pref("extensions.crossriderapp435.435.js", "$jquery(document).ready(function() {\n //if(locatio[...]
Deleted : user_pref("extensions.crossriderapp435.435.name", "Premiumplay Codec-C");
Deleted : user_pref("extensions.crossriderapp435.435.premium", true);
Deleted : user_pref("extensions.crossriderapp435.435.publisher", "WebPicks");
Deleted : user_pref("extensions.crossriderapp435.435.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp435.435.thankyou", "");
Deleted : user_pref("extensions.crossriderapp435.435.ver", 21);
Deleted : user_pref("extensions.crossriderapp435.apps", "435");
Deleted : user_pref("extensions.crossriderapp435.bic", "1342d8c2af6f69e64e5e9598eb08724a");
Deleted : user_pref("extensions.crossriderapp435.cid", 435);
Deleted : user_pref("extensions.crossriderapp435.firstrun", false);
Deleted : user_pref("extensions.crossriderapp435.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp435.installationdate", 1323614088);
Deleted : user_pref("extensions.crossriderapp435.jsver", 3);
Deleted : user_pref("extensions.crossriderapp435.lastcheck", 22060235);
Deleted : user_pref("extensions.crossriderapp435.lastcheckitem", 22060243);
Deleted : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1323614708660");
Deleted : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1323614708660");
Deleted : user_pref("extensions.enabledAddons", "{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{1E73965B-8B48-4[...]
 
-\\ Google Chrome v27.0.1453.94
 
File : C:\Users\???????\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [34688 octets] - [28/05/2013 10:54:30]
 
########## EOF - C:\AdwCleaner[S1].txt - [34749 octets] ##########


#4 monkeybo

monkeybo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 28 May 2013 - 12:53 PM

Sorry forgot to add info of security check:

 

 Results of screen317's Security Check version 0.99.64  
 Windows Vista  x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java™ 6 Update 45  
 Java 7 Update 21  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (21.0) 
 Google Chrome 27.0.1453.93  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0 % 
````````````````````End of Log`````````````````````` 


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 AM

Posted 29 May 2013 - 07:18 AM

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List installed programs
  • Click Go and copy/paste the log (Result.txt) into your next post.


#6 monkeybo

monkeybo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 29 May 2013 - 10:52 AM

Hi nasdaq,

 

See below for TDSSKiller, asw and mtb logs, thanks for your help:

 

15:18:13.0308 5308  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:18:13.0842 5308  ============================================================
15:18:13.0843 5308  Current date / time: 2013/05/29 15:18:13.0842
15:18:13.0843 5308  SystemInfo:
15:18:13.0843 5308  
15:18:13.0843 5308  OS Version: 6.0.6000 ServicePack: 0.0
15:18:13.0843 5308  Product type: Workstation
15:18:13.0843 5308  ComputerName: 
15:18:13.0843 5308  UserName: 
15:18:13.0843 5308  Windows directory: C:\Windows
15:18:13.0843 5308  System windows directory: C:\Windows
15:18:13.0843 5308  Processor architecture: Intel x86
15:18:13.0843 5308  Number of processors: 4
15:18:13.0843 5308  Page size: 0x1000
15:18:13.0843 5308  Boot type: Normal boot
15:18:13.0843 5308  ============================================================
15:18:14.0998 5308  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:18:15.0006 5308  ============================================================
15:18:15.0006 5308  \Device\Harddisk0\DR0:
15:18:15.0072 5308  MBR partitions:
15:18:15.0072 5308  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74709082
15:18:15.0072 5308  ============================================================
15:18:15.0110 5308  C: <-> \Device\Harddisk0\DR0\Partition1
15:18:15.0110 5308  ============================================================
15:18:15.0111 5308  Initialize success
15:18:15.0111 5308  ============================================================
15:18:55.0574 2984  ============================================================
15:18:55.0574 2984  Scan started
15:18:55.0574 2984  Mode: Manual; SigCheck; TDLFS; 
15:18:55.0574 2984  ============================================================
15:18:55.0945 2984  ================ Scan system memory ========================
15:18:55.0945 2984  System memory - ok
15:18:55.0945 2984  ================ Scan services =============================
15:18:56.0018 2984  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:18:56.0136 2984  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
15:18:56.0136 2984  !SASCORE - detected UnsignedFile.Multi.Generic (1)
15:18:56.0245 2984  [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:18:56.0255 2984  ACPI - ok
15:18:56.0362 2984  [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
15:18:56.0369 2984  AdobeActiveFileMonitor7.0 - ok
15:18:56.0422 2984  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:18:56.0457 2984  adp94xx - ok
15:18:56.0499 2984  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:18:56.0512 2984  adpahci - ok
15:18:56.0544 2984  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:18:56.0553 2984  adpu160m - ok
15:18:56.0599 2984  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:18:56.0609 2984  adpu320 - ok
15:18:56.0656 2984  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:18:56.0701 2984  AeLookupSvc - ok
15:18:56.0736 2984  [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD             C:\Windows\system32\drivers\afd.sys
15:18:56.0785 2984  AFD - ok
15:18:56.0795 2984  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:18:56.0803 2984  agp440 - ok
15:18:56.0816 2984  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:18:56.0827 2984  aic78xx - ok
15:18:56.0841 2984  [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG             C:\Windows\System32\alg.exe
15:18:56.0853 2984  ALG - ok
15:18:56.0879 2984  [ 3A99CB23A2D326FD532618705D6E3048 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:18:56.0888 2984  aliide - ok
15:18:56.0926 2984  [ 50EBBB86E493BD9AB7DDF914A90EEF8E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:18:56.0982 2984  AMD External Events Utility - ok
15:18:57.0052 2984  AMD FUEL Service - ok
15:18:57.0072 2984  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:18:57.0082 2984  amdagp - ok
15:18:57.0114 2984  amdide - ok
15:18:57.0138 2984  [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
15:18:57.0170 2984  amdiox86 - ok
15:18:57.0181 2984  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:18:57.0238 2984  AmdK7 - ok
15:18:57.0254 2984  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:18:57.0309 2984  AmdK8 - ok
15:18:57.0486 2984  [ 70EB74785AB7FC603FEF19D87B7A7946 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:18:57.0764 2984  amdkmdag - ok
15:18:57.0803 2984  [ BA99833BBDE9C4FF389FC8114FB14843 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:18:57.0835 2984  amdkmdap - ok
15:18:57.0946 2984  [ 5BD30B502168013C9EA03A5C2F1C9776 ] AODDriver       C:\Program Files\ASUS\GPU Boost Driver\i386\AODDriver.sys
15:18:57.0976 2984  AODDriver ( UnsignedFile.Multi.Generic ) - warning
15:18:57.0976 2984  AODDriver - detected UnsignedFile.Multi.Generic (1)
15:18:58.0007 2984  [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
15:18:58.0017 2984  AODDriver4.01 - ok
15:18:58.0040 2984  [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
15:18:58.0048 2984  AODDriver4.2 - ok
15:18:58.0073 2984  [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo         C:\Windows\System32\appinfo.dll
15:18:58.0120 2984  Appinfo - ok
15:18:58.0209 2984  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:18:58.0217 2984  Apple Mobile Device - ok
15:18:58.0248 2984  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
15:18:58.0255 2984  arc - ok
15:18:58.0262 2984  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:18:58.0270 2984  arcsas - ok
15:18:58.0305 2984  [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO            C:\Windows\system32\drivers\AsIO.sys
15:18:58.0310 2984  AsIO - ok
15:18:58.0371 2984  [ 8D058CACC9FB52DAC0E6F3F038B1AE5E ] AsSysCtrlService C:\Program Files\ASUS\AsSysCtrlService\1.00.04\AsSysCtrlService.exe
15:18:58.0419 2984  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
15:18:58.0419 2984  AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
15:18:58.0428 2984  [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:18:58.0465 2984  AsyncMac - ok
15:18:58.0484 2984  [ B35CFCEF838382AB6490B321C87EDF17 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:18:58.0492 2984  atapi - ok
15:18:58.0540 2984  [ 35290682DBDB9CEDE934B73369F3CEDE ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH3.sys
15:18:58.0548 2984  AtiHDAudioService - ok
15:18:58.0552 2984  AtiHdmiService - ok
15:18:58.0585 2984  [ ACA01C43D065E546C6DC88EA669CECA6 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
15:18:58.0592 2984  AtiPcie - ok
15:18:58.0609 2984  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:18:58.0661 2984  AudioEndpointBuilder - ok
15:18:58.0667 2984  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:18:58.0714 2984  Audiosrv - ok
15:18:58.0888 2984  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
15:18:59.0149 2984  AVGIDSAgent - ok
15:18:59.0252 2984  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
15:18:59.0262 2984  AVGIDSDriver - ok
15:18:59.0342 2984  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
15:18:59.0351 2984  AVGIDSHX - ok
15:18:59.0389 2984  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
15:18:59.0398 2984  AVGIDSShim - ok
15:18:59.0427 2984  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
15:18:59.0438 2984  Avgldx86 - ok
15:18:59.0478 2984  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
15:18:59.0489 2984  Avglogx - ok
15:18:59.0518 2984  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
15:18:59.0528 2984  Avgmfx86 - ok
15:18:59.0568 2984  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
15:18:59.0577 2984  Avgrkx86 - ok
15:18:59.0617 2984  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
15:18:59.0629 2984  Avgtdix - ok
15:18:59.0669 2984  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
15:18:59.0680 2984  avgwd - ok
15:18:59.0718 2984  [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:18:59.0775 2984  Beep - ok
15:18:59.0800 2984  [ 98EBDFFB824A7C265337D68DD480E45C ] BFE             C:\Windows\System32\bfe.dll
15:18:59.0860 2984  BFE - ok
15:18:59.0893 2984  [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS            C:\Windows\System32\qmgr.dll
15:18:59.0937 2984  BITS - ok
15:18:59.0940 2984  blbdrive - ok
15:19:00.0034 2984  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:19:00.0045 2984  Bonjour Service - ok
15:19:00.0066 2984  [ 913CD06FBE9105CE6077E90FD4418561 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:19:00.0108 2984  bowser - ok
15:19:00.0122 2984  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:19:00.0170 2984  BrFiltLo - ok
15:19:00.0177 2984  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:19:00.0217 2984  BrFiltUp - ok
15:19:00.0228 2984  [ BEB6470532B7461D7BB426E3FACB424F ] Browser         C:\Windows\System32\browser.dll
15:19:00.0270 2984  Browser - ok
15:19:00.0279 2984  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:19:00.0309 2984  Brserid - ok
15:19:00.0318 2984  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:19:00.0353 2984  BrSerWdm - ok
15:19:00.0365 2984  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:19:00.0394 2984  BrUsbMdm - ok
15:19:00.0405 2984  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:19:00.0445 2984  BrUsbSer - ok
15:19:00.0460 2984  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:19:00.0502 2984  BTHMODEM - ok
15:19:00.0582 2984  [ D94B86AD01A3CC323619D4FF512ED6FA ] catchme         C:\Users\Gareth\AppData\Local\Temp\catchme.sys
15:19:00.0594 2984  catchme ( UnsignedFile.Multi.Generic ) - warning
15:19:00.0594 2984  catchme - detected UnsignedFile.Multi.Generic (1)
15:19:00.0598 2984  [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:19:00.0648 2984  cdfs - ok
15:19:00.0691 2984  [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:19:00.0728 2984  cdrom - ok
15:19:00.0735 2984  [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:19:00.0771 2984  CertPropSvc - ok
15:19:00.0785 2984  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:19:00.0829 2984  circlass - ok
15:19:00.0859 2984  [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS            C:\Windows\system32\CLFS.sys
15:19:00.0869 2984  CLFS - ok
15:19:00.0924 2984  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:00.0962 2984  clr_optimization_v2.0.50727_32 - ok
15:19:01.0215 2984  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:19:01.0240 2984  clr_optimization_v4.0.30319_32 - ok
15:19:01.0269 2984  [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:19:01.0290 2984  cmdide - ok
15:19:01.0306 2984  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:19:01.0328 2984  Compbatt - ok
15:19:01.0332 2984  COMSysApp - ok
15:19:01.0349 2984  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:19:01.0366 2984  crcdisk - ok
15:19:01.0380 2984  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:19:01.0441 2984  Crusoe - ok
15:19:01.0468 2984  [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:19:01.0514 2984  CryptSvc - ok
15:19:01.0552 2984  [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:19:01.0608 2984  DcomLaunch - ok
15:19:01.0636 2984  [ A7179DE59AE269AB70345527894CCD7C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:19:01.0682 2984  DfsC - ok
15:19:01.0735 2984  [ E0D584AA76C7D845BA9F3A788260528F ] DFSR            C:\Windows\system32\DFSR.exe
15:19:01.0846 2984  DFSR - ok
15:19:01.0886 2984  [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:19:01.0923 2984  Dhcp - ok
15:19:01.0933 2984  [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk            C:\Windows\system32\drivers\disk.sys
15:19:01.0943 2984  disk - ok
15:19:02.0071 2984  [ DD347806400462F1937B162B5983E471 ] Diskeeper       C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
15:19:02.0126 2984  Diskeeper - ok
15:19:02.0157 2984  [ AB24EE68FF85A592586C03A3F339FCD5 ] DKRtWrt         C:\Windows\system32\DRIVERS\DKRtWrt.sys
15:19:02.0163 2984  DKRtWrt - ok
15:19:02.0182 2984  [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:19:02.0221 2984  Dnscache - ok
15:19:02.0230 2984  [ 1F795D214820E496BF1124434A6DB546 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:19:02.0267 2984  dot3svc - ok
15:19:02.0288 2984  [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS             C:\Windows\system32\dps.dll
15:19:02.0299 2984  DPS - ok
15:19:02.0333 2984  [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:19:02.0373 2984  drmkaud - ok
15:19:02.0408 2984  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:19:02.0416 2984  dtsoftbus01 - ok
15:19:02.0438 2984  [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:19:02.0493 2984  DXGKrnl - ok
15:19:02.0514 2984  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:19:02.0564 2984  E1G60 - ok
15:19:02.0581 2984  [ 90A0A875642E18618010645311B4E89E ] EapHost         C:\Windows\System32\eapsvc.dll
15:19:02.0632 2984  EapHost - ok
15:19:02.0643 2984  [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:19:02.0652 2984  Ecache - ok
15:19:02.0698 2984  [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:19:02.0737 2984  ehRecvr - ok
15:19:02.0746 2984  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
15:19:02.0764 2984  ehSched - ok
15:19:02.0767 2984  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
15:19:02.0776 2984  ehstart - ok
15:19:02.0793 2984  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:19:02.0807 2984  elxstor - ok
15:19:02.0827 2984  [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:19:02.0892 2984  EMDMgmt - ok
15:19:02.0945 2984  [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem     C:\Windows\system32\es.dll
15:19:03.0004 2984  EventSystem - ok
15:19:03.0092 2984  [ E1C954057935D51D85077A57012554B2 ] Ext2Fsd         C:\Windows\system32\drivers\Ext2Fsd.sys
15:19:03.0136 2984  Ext2Fsd - ok
15:19:03.0171 2984  [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:19:03.0231 2984  fastfat - ok
15:19:03.0253 2984  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:19:03.0298 2984  fdc - ok
15:19:03.0318 2984  [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:19:03.0374 2984  fdPHost - ok
15:19:03.0383 2984  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:19:03.0427 2984  FDResPub - ok
15:19:03.0431 2984  [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:19:03.0437 2984  FileInfo - ok
15:19:03.0452 2984  [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:19:03.0486 2984  Filetrace - ok
15:19:03.0525 2984  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:19:03.0543 2984  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:19:03.0543 2984  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:19:03.0558 2984  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:19:03.0628 2984  flpydisk - ok
15:19:03.0647 2984  [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:19:03.0655 2984  FltMgr - ok
15:19:03.0701 2984  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:19:03.0707 2984  FontCache3.0.0.0 - ok
15:19:03.0726 2984  [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:19:03.0742 2984  Fs_Rec - ok
15:19:03.0751 2984  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:19:03.0759 2984  gagp30kx - ok
15:19:03.0790 2984  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:19:03.0810 2984  GEARAspiWDM - ok
15:19:03.0840 2984  [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:19:03.0926 2984  gpsvc - ok
15:19:03.0994 2984  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:19:04.0036 2984  HdAudAddService - ok
15:19:04.0070 2984  [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:19:04.0091 2984  HDAudBus - ok
15:19:04.0114 2984  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:19:04.0160 2984  HidBth - ok
15:19:04.0166 2984  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:19:04.0211 2984  HidIr - ok
15:19:04.0220 2984  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\System32\hidserv.dll
15:19:04.0249 2984  hidserv - ok
15:19:04.0252 2984  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:19:04.0293 2984  HidUsb - ok
15:19:04.0305 2984  [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:19:04.0341 2984  hkmsvc - ok
15:19:04.0354 2984  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:19:04.0361 2984  HpCISSs - ok
15:19:04.0381 2984  HtcVCom32 - ok
15:19:04.0417 2984  [ EA24FE637D974A8A31BC650F478E3533 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:19:04.0454 2984  HTTP - ok
15:19:04.0465 2984  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:19:04.0472 2984  i2omp - ok
15:19:04.0490 2984  [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:19:04.0517 2984  i8042prt - ok
15:19:04.0552 2984  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:19:04.0564 2984  iaStorV - ok
15:19:04.0627 2984  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:19:04.0654 2984  idsvc - ok
15:19:04.0706 2984  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:19:04.0714 2984  iirsp - ok
15:19:04.0744 2984  [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:19:04.0833 2984  IKEEXT - ok
15:19:04.0923 2984  [ 345AC48D17F5C2F2AA1EE50D34C3978B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:19:05.0028 2984  IntcAzAudAddService - ok
15:19:05.0057 2984  [ 1C60617D54BC9F035671A44B75D9F7CC ] intelide        C:\Windows\system32\drivers\intelide.sys
15:19:05.0067 2984  intelide - ok
15:19:05.0075 2984  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:19:05.0127 2984  intelppm - ok
15:19:05.0131 2984  [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:19:05.0193 2984  IPBusEnum - ok
15:19:05.0215 2984  [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:19:05.0272 2984  IpFilterDriver - ok
15:19:05.0298 2984  [ ECC9AD72CFC4AB41CF6A9BCC11F9FEF6 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:19:05.0336 2984  iphlpsvc - ok
15:19:05.0339 2984  IpInIp - ok
15:19:05.0354 2984  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:19:05.0401 2984  IPMIDRV - ok
15:19:05.0410 2984  [ 10077C35845101548037DF04FD1A420B ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:19:05.0441 2984  IPNAT - ok
15:19:05.0494 2984  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:19:05.0509 2984  iPod Service - ok
15:19:05.0538 2984  [ A82F328F4792304184642D6D397BB1E3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:19:05.0603 2984  IRENUM - ok
15:19:05.0615 2984  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:19:05.0623 2984  isapnp - ok
15:19:05.0644 2984  [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:19:05.0652 2984  iScsiPrt - ok
15:19:05.0662 2984  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:19:05.0669 2984  iteatapi - ok
15:19:05.0681 2984  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:19:05.0688 2984  iteraid - ok
15:19:05.0698 2984  [ B076B2AB806B3F696DAB21375389101C ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:19:05.0704 2984  kbdclass - ok
15:19:05.0711 2984  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:19:05.0741 2984  kbdhid - ok
15:19:05.0760 2984  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso          C:\Windows\system32\lsass.exe
15:19:05.0797 2984  KeyIso - ok
15:19:05.0858 2984  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:19:05.0874 2984  KMWDFILTER - ok
15:19:05.0887 2984  [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:19:05.0918 2984  KSecDD - ok
15:19:05.0959 2984  [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:19:06.0000 2984  KtmRm - ok
15:19:06.0031 2984  [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:19:06.0085 2984  LanmanServer - ok
15:19:06.0116 2984  [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:19:06.0156 2984  LanmanWorkstation - ok
15:19:06.0164 2984  [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:19:06.0209 2984  lltdio - ok
15:19:06.0242 2984  [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:19:06.0331 2984  lltdsvc - ok
15:19:06.0369 2984  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:19:06.0414 2984  lmhosts - ok
15:19:06.0534 2984  [ 412776CC8A69AC86BE9DEBED4CD82172 ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
15:19:06.0544 2984  LMIGuardianSvc - ok
15:19:06.0621 2984  [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
15:19:06.0627 2984  LMIInfo - ok
15:19:06.0660 2984  [ 7E78DB3671549438C98D2BAB35DD4DDC ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
15:19:06.0668 2984  LMIMaint - ok
15:19:06.0700 2984  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
15:19:06.0705 2984  lmimirr - ok
15:19:06.0730 2984  LMIRfsClientNP - ok
15:19:06.0744 2984  [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
15:19:06.0751 2984  LMIRfsDriver - ok
15:19:06.0772 2984  [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
15:19:06.0787 2984  LogMeIn - ok
15:19:06.0812 2984  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:19:06.0821 2984  LSI_FC - ok
15:19:06.0832 2984  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:19:06.0841 2984  LSI_SAS - ok
15:19:06.0851 2984  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:19:06.0859 2984  LSI_SCSI - ok
15:19:06.0863 2984  [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:19:06.0903 2984  luafv - ok
15:19:06.0936 2984  lxcj_device - ok
15:19:06.0941 2984  mcdbus - ok
15:19:06.0965 2984  [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:19:06.0977 2984  Mcx2Svc - ok
15:19:06.0990 2984  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
15:19:06.0998 2984  megasas - ok
15:19:07.0007 2984  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS           C:\Windows\system32\mmcss.dll
15:19:07.0052 2984  MMCSS - ok
15:19:07.0067 2984  [ 21755967298A46FB6ADFEC9DB6012211 ] Modem           C:\Windows\system32\drivers\modem.sys
15:19:07.0113 2984  Modem - ok
15:19:07.0146 2984  [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:19:07.0178 2984  monitor - ok
15:19:07.0181 2984  [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:19:07.0189 2984  mouclass - ok
15:19:07.0197 2984  [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:19:07.0213 2984  mouhid - ok
15:19:07.0221 2984  [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:19:07.0228 2984  MountMgr - ok
15:19:07.0280 2984  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:19:07.0288 2984  MozillaMaintenance - ok
15:19:07.0295 2984  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:19:07.0302 2984  mpio - ok
15:19:07.0321 2984  [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:19:07.0334 2984  mpsdrv - ok
15:19:07.0360 2984  [ 563ED845885C6A7C09A7715D8BD0585C ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:19:07.0400 2984  MpsSvc - ok
15:19:07.0408 2984  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:19:07.0414 2984  Mraid35x - ok
15:19:07.0443 2984  [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:19:07.0463 2984  MRxDAV - ok
15:19:07.0486 2984  [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:19:07.0501 2984  mrxsmb - ok
15:19:07.0506 2984  [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:19:07.0526 2984  mrxsmb10 - ok
15:19:07.0529 2984  [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:19:07.0539 2984  mrxsmb20 - ok
15:19:07.0574 2984  [ F0EC3A4E0693A34B148723B4DA31668C ] msahci          C:\Windows\system32\drivers\msahci.sys
15:19:07.0581 2984  msahci - ok
15:19:07.0589 2984  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:19:07.0598 2984  msdsm - ok
15:19:07.0612 2984  [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC           C:\Windows\System32\msdtc.exe
15:19:07.0630 2984  MSDTC - ok
15:19:07.0659 2984  [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:19:07.0704 2984  Msfs - ok
15:19:07.0707 2984  [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:19:07.0715 2984  msisadrv - ok
15:19:07.0732 2984  [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:19:07.0770 2984  MSiSCSI - ok
15:19:07.0773 2984  msiserver - ok
15:19:07.0783 2984  [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:19:07.0820 2984  MSKSSRV - ok
15:19:07.0837 2984  [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:19:07.0884 2984  MSPCLOCK - ok
15:19:07.0895 2984  [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:19:07.0933 2984  MSPQM - ok
15:19:07.0941 2984  [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:19:07.0950 2984  MsRPC - ok
15:19:07.0960 2984  [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:19:07.0967 2984  mssmbios - ok
15:19:07.0972 2984  [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:19:08.0008 2984  MSTEE - ok
15:19:08.0046 2984  [ CBE71C122434805CB73FFB6619F60598 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:19:08.0052 2984  MTsensor - ok
15:19:08.0064 2984  [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:19:08.0071 2984  Mup - ok
15:19:08.0088 2984  [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent        C:\Windows\system32\qagentRT.dll
15:19:08.0136 2984  napagent - ok
15:19:08.0160 2984  [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:19:08.0182 2984  NativeWifiP - ok
15:19:08.0197 2984  [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:19:08.0215 2984  NDIS - ok
15:19:08.0238 2984  [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:19:08.0255 2984  NdisTapi - ok
15:19:08.0259 2984  [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:19:08.0305 2984  Ndisuio - ok
15:19:08.0320 2984  [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:19:08.0351 2984  NdisWan - ok
15:19:08.0358 2984  [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:19:08.0367 2984  NDProxy - ok
15:19:08.0378 2984  [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:19:08.0407 2984  NetBIOS - ok
15:19:08.0414 2984  [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:19:08.0454 2984  netbt - ok
15:19:08.0467 2984  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon        C:\Windows\system32\lsass.exe
15:19:08.0476 2984  Netlogon - ok
15:19:08.0496 2984  [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman          C:\Windows\System32\netman.dll
15:19:08.0528 2984  Netman - ok
15:19:08.0565 2984  [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm        C:\Windows\System32\netprofm.dll
15:19:08.0597 2984  netprofm - ok
15:19:08.0618 2984  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:19:08.0626 2984  NetTcpPortSharing - ok
15:19:08.0638 2984  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:19:08.0645 2984  nfrd960 - ok
15:19:08.0654 2984  [ C424117A562F2DE37A42266894C79AEB ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:19:08.0690 2984  NlaSvc - ok
15:19:08.0711 2984  [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:19:08.0757 2984  Npfs - ok
15:19:08.0766 2984  [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi             C:\Windows\system32\nsisvc.dll
15:19:08.0795 2984  nsi - ok
15:19:08.0797 2984  [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:19:08.0836 2984  nsiproxy - ok
15:19:08.0875 2984  [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:19:08.0902 2984  Ntfs - ok
15:19:08.0937 2984  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:19:08.0985 2984  ntrigdigi - ok
15:19:09.0007 2984  [ EC5EFB3C60F1B624648344A328BCE596 ] Null            C:\Windows\system32\drivers\Null.sys
15:19:09.0042 2984  Null - ok
15:19:09.0104 2984  [ 13EA23E5B699CAE353FA711495FDFF20 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
15:19:09.0129 2984  nusb3hub - ok
15:19:09.0143 2984  [ FA3240B26A1E150E3770A9E01C7BBA4E ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:19:09.0172 2984  nusb3xhc - ok
15:19:09.0192 2984  [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:19:09.0207 2984  nvraid - ok
15:19:09.0220 2984  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:19:09.0249 2984  nvstor - ok
15:19:09.0274 2984  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:19:09.0284 2984  nv_agp - ok
15:19:09.0287 2984  NwlnkFlt - ok
15:19:09.0291 2984  NwlnkFwd - ok
15:19:09.0301 2984  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:19:09.0353 2984  ohci1394 - ok
15:19:09.0404 2984  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:19:09.0414 2984  ose - ok
15:19:09.0434 2984  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:19:09.0494 2984  p2pimsvc - ok
15:19:09.0504 2984  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc          C:\Windows\system32\p2psvc.dll
15:19:09.0540 2984  p2psvc - ok
15:19:09.0573 2984  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:19:09.0620 2984  Parport - ok
15:19:09.0624 2984  [ 555A5B2C8022983BC7467BC925B222EE ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:19:09.0633 2984  partmgr - ok
15:19:09.0654 2984  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:19:09.0699 2984  Parvdm - ok
15:19:09.0704 2984  [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:19:09.0716 2984  PcaSvc - ok
15:19:09.0725 2984  [ 1085D75657807E0E8B32F9E19A1647C3 ] pci             C:\Windows\system32\drivers\pci.sys
15:19:09.0733 2984  pci - ok
15:19:09.0756 2984  [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:19:09.0762 2984  pciide - ok
15:19:09.0774 2984  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:19:09.0783 2984  pcmcia - ok
15:19:09.0823 2984  [ 3E9CD8646EBF1C15438F9135796C02B7 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
15:19:09.0835 2984  PCToolsSSDMonitorSvc - ok
15:19:09.0878 2984  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:19:09.0917 2984  PEAUTH - ok
15:19:09.0962 2984  [ CD05A38D166BEADE18030BAFC0C0A939 ] pla             C:\Windows\system32\pla.dll
15:19:10.0021 2984  pla - ok
15:19:10.0051 2984  [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:19:10.0064 2984  PlugPlay - ok
15:19:10.0110 2984  [ 0E01D7EEBADA0B324DB0CA1EE73440BA ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
15:19:10.0118 2984  PnkBstrA - ok
15:19:10.0144 2984  [ 1428E6CC1458A36CBFC1F2E304C7C42D ] PnkBstrB        C:\Windows\system32\PnkBstrB.exe
15:19:10.0153 2984  PnkBstrB - ok
15:19:10.0163 2984  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:19:10.0194 2984  PNRPAutoReg - ok
15:19:10.0203 2984  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:19:10.0239 2984  PNRPsvc - ok
15:19:10.0276 2984  [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:19:10.0334 2984  PolicyAgent - ok
15:19:10.0374 2984  [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:19:10.0461 2984  PptpMiniport - ok
15:19:10.0482 2984  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:19:10.0539 2984  Processor - ok
15:19:10.0566 2984  [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:19:10.0611 2984  ProfSvc - ok
15:19:10.0645 2984  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:19:10.0653 2984  ProtectedStorage - ok
15:19:10.0670 2984  [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:19:10.0678 2984  PSched - ok
15:19:10.0728 2984  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
15:19:10.0734 2984  PxHelp20 - ok
15:19:10.0762 2984  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:19:10.0808 2984  ql2300 - ok
15:19:10.0845 2984  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:19:10.0854 2984  ql40xx - ok
15:19:10.0899 2984  [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE           C:\Windows\system32\qwave.dll
15:19:10.0923 2984  QWAVE - ok
15:19:10.0926 2984  [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:19:10.0938 2984  QWAVEdrv - ok
15:19:11.0095 2984  [ 3AF684252780CF87DC2809F85B8F7591 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys
15:19:11.0107 2984  RapportCerberus_43926 - ok
15:19:11.0173 2984  [ E59302E32009F38A24AB573B039D8F21 ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
15:19:11.0181 2984  RapportEI - ok
15:19:11.0244 2984  [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso     c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
15:19:11.0253 2984  RapportIaso - ok
15:19:11.0257 2984  [ 25BFCB71DE17B2DE56800219F8E80959 ] RapportKELL     C:\Windows\system32\Drivers\RapportKELL.sys
15:19:11.0266 2984  RapportKELL - ok
15:19:11.0314 2984  [ 0DE51300C256DE1206EE892521764C76 ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
15:19:11.0326 2984  RapportPG - ok
15:19:11.0342 2984  [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:19:11.0387 2984  RasAcd - ok
15:19:11.0402 2984  [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto         C:\Windows\System32\rasauto.dll
15:19:11.0449 2984  RasAuto - ok
15:19:11.0456 2984  [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:19:11.0502 2984  Rasl2tp - ok
15:19:11.0530 2984  [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan          C:\Windows\System32\rasmans.dll
15:19:11.0591 2984  RasMan - ok
15:19:11.0594 2984  [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:19:11.0632 2984  RasPppoe - ok
15:19:11.0643 2984  [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:19:11.0677 2984  rdbss - ok
15:19:11.0680 2984  [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:19:11.0718 2984  RDPCDD - ok
15:19:11.0739 2984  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:19:11.0789 2984  rdpdr - ok
15:19:11.0791 2984  [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:19:11.0823 2984  RDPENCDD - ok
15:19:11.0841 2984  [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:19:11.0872 2984  RDPWD - ok
15:19:11.0890 2984  [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:19:11.0920 2984  RemoteAccess - ok
15:19:11.0929 2984  [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:19:11.0969 2984  RemoteRegistry - ok
15:19:11.0977 2984  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
15:19:11.0986 2984  RpcLocator - ok
15:19:11.0999 2984  [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs           C:\Windows\system32\rpcss.dll
15:19:12.0029 2984  RpcSs - ok
15:19:12.0065 2984  [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:19:12.0095 2984  rspndr - ok
15:19:12.0116 2984  RTHDMIAzAudService - ok
15:19:12.0161 2984  [ 811C4A6EA5C3B8C07352D4503409EF26 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
15:19:12.0188 2984  RTL8169 - ok
15:19:12.0191 2984  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs           C:\Windows\system32\lsass.exe
15:19:12.0201 2984  SamSs - ok
15:19:12.0259 2984  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:19:12.0274 2984  SASDIFSV - ok
15:19:12.0325 2984  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:19:12.0339 2984  SASKUTIL - ok
15:19:12.0347 2984  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:19:12.0354 2984  sbp2port - ok
15:19:12.0458 2984  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
15:19:12.0486 2984  SBSDWSCService - ok
15:19:12.0532 2984  [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:19:12.0562 2984  SCardSvr - ok
15:19:12.0599 2984  [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule        C:\Windows\system32\schedsvc.dll
15:19:12.0636 2984  Schedule - ok
15:19:12.0657 2984  [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:19:12.0692 2984  SCPolicySvc - ok
15:19:12.0716 2984  [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:19:12.0737 2984  SDRSVC - ok
15:19:12.0748 2984  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:19:12.0783 2984  secdrv - ok
15:19:12.0790 2984  [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon        C:\Windows\system32\seclogon.dll
15:19:12.0827 2984  seclogon - ok
15:19:12.0849 2984  [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS            C:\Windows\System32\sens.dll
15:19:12.0886 2984  SENS - ok
15:19:12.0889 2984  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:19:12.0938 2984  Serenum - ok
15:19:12.0952 2984  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:19:13.0002 2984  Serial - ok
15:19:13.0012 2984  [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:19:13.0022 2984  sermouse - ok
15:19:13.0059 2984  [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:19:13.0097 2984  SessionEnv - ok
15:19:13.0103 2984  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:19:13.0159 2984  sffdisk - ok
15:19:13.0171 2984  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:19:13.0231 2984  sffp_mmc - ok
15:19:13.0235 2984  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:19:13.0279 2984  sffp_sd - ok
15:19:13.0290 2984  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:19:13.0326 2984  sfloppy - ok
15:19:13.0357 2984  [ 9A82BF4C90B00A63150A606A1E2FD82B ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:19:13.0367 2984  SharedAccess - ok
15:19:13.0413 2984  [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:19:13.0425 2984  ShellHWDetection - ok
15:19:13.0430 2984  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:19:13.0437 2984  sisagp - ok
15:19:13.0449 2984  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:19:13.0456 2984  SiSRaid2 - ok
15:19:13.0463 2984  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:19:13.0470 2984  SiSRaid4 - ok
15:19:13.0529 2984  [ A1DCD30534835CB67733AD00175125A6 ] slsvc           C:\Windows\system32\SLsvc.exe
15:19:13.0640 2984  slsvc - ok
15:19:13.0647 2984  [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:19:13.0662 2984  SLUINotify - ok
15:19:13.0665 2984  [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:19:13.0696 2984  Smb - ok
15:19:13.0709 2984  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:19:13.0720 2984  SNMPTRAP - ok
15:19:13.0725 2984  [ 426F9B029AA9162CECCF65369457D046 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:19:13.0733 2984  spldr - ok
15:19:13.0744 2984  [ DA612EF2556776DF2630B68BF2D48935 ] Spooler         C:\Windows\System32\spoolsv.exe
15:19:13.0756 2984  Spooler - ok
15:19:13.0781 2984  sptd - ok
15:19:13.0804 2984  [ 038579C35F7CAD4A4BBF735DBF83277D ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:19:13.0826 2984  srv - ok
15:19:13.0835 2984  [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:19:13.0862 2984  srv2 - ok
15:19:13.0866 2984  [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:19:13.0889 2984  srvnet - ok
15:19:13.0924 2984  [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:19:13.0987 2984  SSDPSRV - ok
15:19:14.0017 2984  [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc          C:\Windows\System32\wiaservc.dll
15:19:14.0059 2984  stisvc - ok
15:19:14.0082 2984  [ 1379BDB336F8158C176A465E30759F57 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:19:14.0092 2984  swenum - ok
15:19:14.0108 2984  [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv           C:\Windows\System32\swprv.dll
15:19:14.0159 2984  swprv - ok
15:19:14.0169 2984  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:19:14.0180 2984  Symc8xx - ok
15:19:14.0191 2984  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:19:14.0201 2984  Sym_hi - ok
15:19:14.0212 2984  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:19:14.0219 2984  Sym_u3 - ok
15:19:14.0244 2984  [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain         C:\Windows\system32\sysmain.dll
15:19:14.0301 2984  SysMain - ok
15:19:14.0324 2984  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:19:14.0345 2984  TabletInputService - ok
15:19:14.0358 2984  [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:19:14.0389 2984  TapiSrv - ok
15:19:14.0398 2984  [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS             C:\Windows\System32\tbssvc.dll
15:19:14.0428 2984  TBS - ok
15:19:14.0441 2984  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:19:14.0505 2984  Tcpip - ok
15:19:14.0514 2984  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:19:14.0548 2984  Tcpip6 - ok
15:19:14.0579 2984  [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:19:14.0657 2984  tcpipreg - ok
15:19:14.0679 2984  [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:19:14.0715 2984  TDPIPE - ok
15:19:14.0720 2984  [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:19:14.0756 2984  TDTCP - ok
15:19:14.0768 2984  [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:19:14.0806 2984  tdx - ok
15:19:14.0809 2984  [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:19:14.0818 2984  TermDD - ok
15:19:14.0830 2984  [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService     C:\Windows\System32\termsrv.dll
15:19:14.0904 2984  TermService - ok
15:19:14.0928 2984  [ B264DFA21677728613267FE63802B332 ] Themes          C:\Windows\system32\shsvcs.dll
15:19:14.0939 2984  Themes - ok
15:19:14.0946 2984  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER     C:\Windows\system32\mmcss.dll
15:19:14.0976 2984  THREADORDER - ok
15:19:14.0995 2984  [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks          C:\Windows\System32\trkwks.dll
15:19:15.0025 2984  TrkWks - ok
15:19:15.0056 2984  [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:19:15.0064 2984  TrustedInstaller - ok
15:19:15.0078 2984  [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:19:15.0107 2984  tssecsrv - ok
15:19:15.0124 2984  [ 65E953BC0084D44498B51F59784D2A82 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:19:15.0136 2984  tunmp - ok
15:19:15.0139 2984  [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:19:15.0150 2984  tunnel - ok
15:19:15.0154 2984  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:19:15.0162 2984  uagp35 - ok
15:19:15.0187 2984  [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:19:15.0226 2984  udfs - ok
15:19:15.0233 2984  [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:19:15.0252 2984  UI0Detect - ok
15:19:15.0268 2984  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:19:15.0276 2984  uliagpkx - ok
15:19:15.0286 2984  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:19:15.0298 2984  uliahci - ok
15:19:15.0311 2984  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:19:15.0321 2984  UlSata - ok
15:19:15.0332 2984  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:19:15.0342 2984  ulsata2 - ok
15:19:15.0359 2984  [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:19:15.0414 2984  umbus - ok
15:19:15.0434 2984  [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost        C:\Windows\System32\upnphost.dll
15:19:15.0473 2984  upnphost - ok
15:19:15.0525 2984  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
15:19:15.0587 2984  USBAAPL - ok
15:19:15.0616 2984  [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:19:15.0643 2984  usbccgp - ok
15:19:15.0657 2984  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:19:15.0704 2984  usbcir - ok
15:19:15.0724 2984  [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:19:15.0737 2984  usbehci - ok
15:19:15.0748 2984  [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:19:15.0782 2984  usbhub - ok
15:19:15.0797 2984  [ 9333E482A173938788CBDE8F81EC52FB ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:19:15.0809 2984  usbohci - ok
15:19:15.0834 2984  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:19:15.0879 2984  usbprint - ok
15:19:15.0918 2984  [ B1F95285C08DDFE00C0B955462637EC7 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:19:15.0977 2984  usbscan - ok
15:19:15.0996 2984  [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:19:16.0030 2984  USBSTOR - ok
15:19:16.0037 2984  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:19:16.0084 2984  usbuhci - ok
15:19:16.0090 2984  [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms           C:\Windows\System32\uxsms.dll
15:19:16.0143 2984  UxSms - ok
15:19:16.0173 2984  [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds             C:\Windows\System32\vds.exe
15:19:16.0193 2984  vds - ok
15:19:16.0222 2984  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:19:16.0253 2984  vga - ok
15:19:16.0256 2984  [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:19:16.0295 2984  VgaSave - ok
15:19:16.0305 2984  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:19:16.0312 2984  viaagp - ok
15:19:16.0321 2984  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:19:16.0351 2984  ViaC7 - ok
15:19:16.0372 2984  [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide          C:\Windows\system32\drivers\viaide.sys
15:19:16.0379 2984  viaide - ok
15:19:16.0390 2984  [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:19:16.0396 2984  volmgr - ok
15:19:16.0423 2984  [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:19:16.0432 2984  volmgrx - ok
15:19:16.0464 2984  [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:19:16.0472 2984  volsnap - ok
15:19:16.0485 2984  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:19:16.0518 2984  vsmraid - ok
15:19:16.0599 2984  [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS             C:\Windows\system32\vssvc.exe
15:19:16.0657 2984  VSS - ok
15:19:16.0696 2984  [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time         C:\Windows\system32\w32time.dll
15:19:16.0735 2984  W32Time - ok
15:19:16.0757 2984  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:19:16.0792 2984  WacomPen - ok
15:19:16.0817 2984  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:19:16.0827 2984  Wanarp - ok
15:19:16.0830 2984  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:19:16.0840 2984  Wanarpv6 - ok
15:19:16.0848 2984  [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:19:16.0880 2984  wcncsvc - ok
15:19:16.0892 2984  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:19:16.0940 2984  WcsPlugInService - ok
15:19:16.0954 2984  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
15:19:16.0962 2984  Wd - ok
15:19:16.0993 2984  [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:19:17.0027 2984  Wdf01000 - ok
15:19:17.0067 2984  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:19:17.0108 2984  WdiServiceHost - ok
15:19:17.0112 2984  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:19:17.0128 2984  WdiSystemHost - ok
15:19:17.0151 2984  [ 01E41C264EEDCB827820A1909162579F ] WebClient       C:\Windows\System32\webclnt.dll
15:19:17.0184 2984  WebClient - ok
15:19:17.0227 2984  [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:19:17.0275 2984  Wecsvc - ok
15:19:17.0289 2984  [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:19:17.0337 2984  wercplsupport - ok
15:19:17.0348 2984  [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:19:17.0397 2984  WerSvc - ok
15:19:17.0442 2984  [ 8563FCED6483CA76FC130F1FF6F20278 ] WFMC_VAD        C:\Windows\system32\DRIVERS\wfmcvad.sys
15:19:17.0459 2984  WFMC_VAD - ok
15:19:17.0496 2984  [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:19:17.0511 2984  WinDefend - ok
15:19:17.0517 2984  WinHttpAutoProxySvc - ok
15:19:17.0550 2984  [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:19:17.0629 2984  Winmgmt - ok
15:19:17.0664 2984  [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:19:17.0717 2984  WinRM - ok
15:19:17.0760 2984  [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:19:17.0829 2984  Wlansvc - ok
15:19:17.0840 2984  [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:19:17.0851 2984  WmiAcpi - ok
15:19:17.0865 2984  [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:19:17.0874 2984  wmiApSrv - ok
15:19:17.0900 2984  [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:19:17.0963 2984  WMPNetworkSvc - ok
15:19:18.0017 2984  [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:19:18.0062 2984  WPCSvc - ok
15:19:18.0101 2984  [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:19:18.0121 2984  WPDBusEnum - ok
15:19:18.0132 2984  [ 2D27171B16A577EF14C1273668753485 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:19:18.0163 2984  WpdUsb - ok
15:19:18.0240 2984  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:19:18.0259 2984  WPFFontCache_v0400 - ok
15:19:18.0296 2984  [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:19:18.0333 2984  ws2ifsl - ok
15:19:18.0346 2984  [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc          C:\Windows\system32\wscsvc.dll
15:19:18.0359 2984  wscsvc - ok
15:19:18.0362 2984  WSearch - ok
15:19:18.0417 2984  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:19:18.0504 2984  wuauserv - ok
15:19:18.0533 2984  [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:19:18.0578 2984  WUDFRd - ok
15:19:18.0610 2984  [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:19:18.0657 2984  wudfsvc - ok
15:19:18.0676 2984  ================ Scan global ===============================
15:19:18.0711 2984  [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
15:19:18.0729 2984  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
15:19:18.0740 2984  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
15:19:18.0765 2984  [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
15:19:18.0769 2984  [Global] - ok
15:19:18.0770 2984  ================ Scan MBR ==================================
15:19:18.0779 2984  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:19:18.0936 2984  \Device\Harddisk0\DR0 - ok
15:19:18.0937 2984  ================ Scan VBR ==================================
15:19:18.0939 2984  [ 9CCB401B0698E31951AC5DF1BFF76DF2 ] \Device\Harddisk0\DR0\Partition1
15:19:18.0941 2984  \Device\Harddisk0\DR0\Partition1 - ok
15:19:18.0941 2984  ============================================================
15:19:18.0941 2984  Scan finished
15:19:18.0941 2984  ============================================================
15:19:18.0951 3968  Detected object count: 5
15:19:18.0951 3968  Actual detected object count: 5
15:21:21.0587 3968  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:21.0587 3968  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:21.0588 3968  AODDriver ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:21.0588 3968  AODDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:21.0589 3968  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:21.0589 3968  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:21.0590 3968  catchme ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:21.0590 3968  catchme ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:21.0591 3968  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:21.0591 3968  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:57.0878 5164  Deinitialize success
 
See below for ASWMBR log:
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-29 15:22:52
-----------------------------
15:22:52.958    OS Version: Windows 6.0.6000 
15:22:52.958    Number of processors: 4 586 0x402
15:22:52.959    ComputerName:   UserName: 
15:22:54.947    Initialize success
15:27:15.325    AVAST engine defs: 13052900
15:27:22.872    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:27:22.876    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
15:27:23.475    Disk 0 MBR read successfully
15:27:23.480    Disk 0 MBR scan
15:27:23.490    Disk 0 Windows VISTA default MBR code
15:27:23.500    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       953874 MB offset 2048
15:27:23.514    Disk 0 scanning sectors +1953536130
15:27:24.070    Disk 0 scanning C:\Windows\system32\drivers
15:27:33.508    Service scanning
15:27:55.014    Modules scanning
15:27:58.948    Disk 0 trace - called modules:
15:27:58.969    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
15:27:58.973    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f5b538]
15:27:58.977    3 ntkrnlpa.exe[82cb07e2] -> nt!IofCallDriver -> [0x85dc7848]
15:27:58.982    5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d99030]
15:28:00.525    AVAST engine scan C:\Windows
15:28:05.291    AVAST engine scan C:\Windows\system32
15:30:28.558    AVAST engine scan C:\Windows\system32\drivers
15:30:41.425    AVAST engine scan C:\Users\
16:21:02.522    AVAST engine scan C:\ProgramData
16:27:19.891    Scan finished successfully
16:40:05.420    Disk 0 MBR has been saved successfully to "C:\Users\???????\Desktop\MBR.dat"
16:40:05.432    The log file has been saved successfully to "C:\Users\???????\Desktop\aswMBR.txt"
 
See below for MTB log:
 
MiniToolBox by Farbar  Version:21-04-2013
Ran by ??????? (administrator) on 29-05-2013 at 16:41:01
Running from "C:\Users\???????\Desktop"
Windows Vista ™ Home Premium  (X86)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/28/2013 07:18:44 PM) (Source: Application Error) (User: )
Description: Faulting application AsSysCtrlService.exe, version 0.0.0.0, time stamp 0x4c06395c, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x724, application start time 0xAsSysCtrlService.exe0.
 
Error: (05/28/2013 02:42:48 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
 
Error: (05/28/2013 01:14:24 PM) (Source: Application Hang) (User: )
Description: The program TurboV_EVO.exe version 1.0.2.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c64
Start Time: 01ce5b9bd7684218
Termination Time: 9
 
Error: (05/28/2013 10:55:48 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (05/28/2013 10:55:48 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (05/28/2013 10:55:48 AM) (Source: Perflib) (User: )
Description: DFSRC:\Windows\System32\DfsrPerf.dll4
 
Error: (05/24/2013 07:42:22 PM) (Source: Microsoft-Windows-RestartManager) (User: Gareth-PC)
Description: 0C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeHijackThis0111746120
 
Error: (05/24/2013 04:15:37 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (05/24/2013 04:15:37 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (05/24/2013 04:15:37 PM) (Source: Perflib) (User: )
Description: DFSRC:\Windows\System32\DfsrPerf.dll4
 
 
System errors:
=============
Error: (05/28/2013 07:18:35 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5
 
Error: (05/28/2013 06:08:54 PM) (Source: Service Control Manager) (User: )
Description: amdide
 
Error: (05/28/2013 06:08:54 PM) (Source: Service Control Manager) (User: )
Description: AODDriver4.2%%2
 
Error: (05/28/2013 06:08:54 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5
 
Error: (05/28/2013 06:08:53 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5
 
Error: (05/28/2013 06:08:53 PM) (Source: Service Control Manager) (User: )
Description: AODDriver4.2%%2
 
Error: (05/28/2013 06:08:38 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 17:15:07 on 28/05/2013 was unexpected.
 
Error: (05/28/2013 05:14:40 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
 
Error: (05/28/2013 05:14:37 PM) (Source: Service Control Manager) (User: )
Description: ASUS System Control Service1
 
Error: (05/28/2013 05:09:33 PM) (Source: Service Control Manager) (User: )
Description: amdide
 
 
Microsoft Office Sessions:
=========================
Error: (05/28/2013 07:18:44 PM) (Source: Application Error)(User: )
Description: AsSysCtrlService.exe0.0.0.04c06395cunknown0.0.0.000000000c00000050000000072401ce5bc6054eae6f
 
Error: (05/28/2013 02:42:48 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
 
Error: (05/28/2013 01:14:24 PM) (Source: Application Hang)(User: )
Description: TurboV_EVO.exe1.0.2.6c6401ce5b9bd76842189
 
Error: (05/28/2013 10:55:48 AM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (05/28/2013 10:55:48 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (05/28/2013 10:55:48 AM) (Source: Perflib)(User: )
Description: DFSRC:\Windows\System32\DfsrPerf.dll4
 
Error: (05/24/2013 07:42:22 PM) (Source: Microsoft-Windows-RestartManager)(User: Gareth-PC)
Description: 0C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeHijackThis0111746120
 
Error: (05/24/2013 04:15:37 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (05/24/2013 04:15:37 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (05/24/2013 04:15:37 PM) (Source: Perflib)(User: )
Description: DFSRC:\Windows\System32\DfsrPerf.dll4
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-24 19:57:15.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-24 19:57:15.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-24 19:57:15.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-24 19:57:15.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-24 19:57:15.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-24 19:57:15.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-24 19:57:15.475
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-24 19:57:15.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-24 19:56:16.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-24 19:56:16.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.1.3)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.6.0.6090)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Photoshop Elements 7.0 (Version: 7.0)
Adobe Reader 9.5.5 (Version: 9.5.5)
Adobe Shockwave Player (Version: 10.2.0.22)
AI Suite (Version: 1.06.20)
Air Video Server 2.4.6-beta3 (Version: 2.4.6-beta3)
Akamai NetSession Interface
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Fuel (Version: 2012.0928.1532.26058)
AMD Processor Driver (Version: 1.3.2.0053)
AMD VISION Engine Control Center (Version: 2012.0928.1532.26058)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO Codecs (Version: 11.6.0.51118)
ATI Problem Report Wizard (Version: 3.0.800.0)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3184)
AVG 2013 (Version: 2013.0.2904)
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
AVStoDVD 2.6.0 (Version: 2.6.0)
BBC iPlayer Desktop (Version: 3.2.15)
Bonjour (Version: 3.0.0.10)
Browser Configuration Utility (Version: 1.0.12.1)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058)
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058)
CCC Help Chinese Standard (Version: 2012.0928.1531.26058)
CCC Help Chinese Traditional (Version: 2012.0928.1531.26058)
CCC Help Czech (Version: 2012.0928.1531.26058)
CCC Help Danish (Version: 2012.0928.1531.26058)
CCC Help Dutch (Version: 2012.0928.1531.26058)
CCC Help English (Version: 2012.0928.1531.26058)
CCC Help Finnish (Version: 2012.0928.1531.26058)
CCC Help French (Version: 2012.0928.1531.26058)
CCC Help German (Version: 2012.0928.1531.26058)
CCC Help Greek (Version: 2012.0928.1531.26058)
CCC Help Hungarian (Version: 2012.0928.1531.26058)
CCC Help Italian (Version: 2012.0928.1531.26058)
CCC Help Japanese (Version: 2012.0928.1531.26058)
CCC Help Korean (Version: 2012.0928.1531.26058)
CCC Help Norwegian (Version: 2012.0928.1531.26058)
CCC Help Polish (Version: 2012.0928.1531.26058)
CCC Help Portuguese (Version: 2012.0928.1531.26058)
CCC Help Russian (Version: 2012.0928.1531.26058)
CCC Help Spanish (Version: 2012.0928.1531.26058)
CCC Help Swedish (Version: 2012.0928.1531.26058)
CCC Help Thai (Version: 2012.0928.1531.26058)
CCC Help Turkish (Version: 2012.0928.1531.26058)
ccc-utility (Version: 2012.0928.1532.26058)
CCleaner (Version: 3.26)
CDBurnerXP (Version: 4.4.0.2838)
Cool & Quiet
DAEMON Tools Lite (Version: 4.45.3.0297)
Diskeeper 2011  (Version: 15.0.951.32)
DriverPack Solution Updater (Version: 0.0.25)
DVBPortal HDTVPump Filter and Plugin
EPU (Version: 1.02.21)
Ext2Fsd 0.51 (Version: 0.51)
FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
FormatFactory 2.30 (Version: 2.30)
Free Video Dub version 1.8.12.908
gBurner
Google Chrome (Version: 27.0.1453.94)
GPU Boost Driver (Version: 1.01.15)
HiJackThis (Version: 1.0.0)
HydraVision (Version: 4.2.208.0)
iCloud (Version: 2.1.2.8)
ImgBurn (Version: 2.5.7.0)
iTunes (Version: 11.0.2.26)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 45 (Version: 6.0.450)
K-Lite Codec Pack 9.9.0 (Full) (Version: 9.9.0)
Lexmark 8300 Series
LogMeIn (Version: 4.1.2694)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 en-GB) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.20.0)
OpenAL
PC Probe II (Version: 1.04.86)
Pro Evolution Soccer 2011 (Version: 1.01.0000)
QuickTime (Version: 7.73.80.64)
Rapport (Version: 3.5.1205.15)
Realtek Ethernet Controller Driver For Windows Vista (Version: 6.236.322.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6482)
Registry Mechanic 9.0 (Version: 9.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
SoulSeek 157 NS 13e
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (Version: 0.5.1)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1134)
Tom Clancy's Splinter Cell Conviction (Version: 1.00.000)
TurboV EVO (Version: 1.02.28)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VLC media player 2.0.6 (Version: 2.0.6)
VLC Streamer 3.28
Wi-Fi MediaConnect (Version: 1.6.42)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
WM Capture
 
**** End of log ****
 
 
 
 

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 AM

Posted 29 May 2013 - 12:50 PM


Please run the TDSSKiller tool and delete this.

15:21:21.0590 3968 catchme ( UnsignedFile.Multi.Generic ) - skipped by use
15:21:21.0590 3968 catchme ( UnsignedFile.Multi.Generic ) - User select action: Skip

Post the new log.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+


#8 monkeybo

monkeybo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 30 May 2013 - 02:37 AM

TDSSKiller log:

 

08:08:20.0485 2280  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:08:20.0626 2280  ============================================================
08:08:20.0626 2280  Current date / time: 2013/05/30 08:08:20.0626
08:08:20.0626 2280  SystemInfo:
08:08:20.0626 2280  
08:08:20.0626 2280  OS Version: 6.0.6000 ServicePack: 0.0
08:08:20.0626 2280  Product type: Workstation
08:08:20.0626 2280  ComputerName: 
08:08:20.0626 2280  UserName: 
08:08:20.0626 2280  Windows directory: C:\Windows
08:08:20.0626 2280  System windows directory: C:\Windows
08:08:20.0626 2280  Processor architecture: Intel x86
08:08:20.0626 2280  Number of processors: 4
08:08:20.0626 2280  Page size: 0x1000
08:08:20.0626 2280  Boot type: Normal boot
08:08:20.0626 2280  ============================================================
08:08:21.0734 2280  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:08:21.0741 2280  ============================================================
08:08:21.0741 2280  \Device\Harddisk0\DR0:
08:08:21.0741 2280  MBR partitions:
08:08:21.0741 2280  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74709082
08:08:21.0741 2280  ============================================================
08:08:21.0742 2280  C: <-> \Device\Harddisk0\DR0\Partition1
08:08:21.0742 2280  ============================================================
08:08:21.0742 2280  Initialize success
08:08:21.0742 2280  ============================================================
08:08:27.0735 3868  ============================================================
08:08:27.0735 3868  Scan started
08:08:27.0735 3868  Mode: Manual; SigCheck; TDLFS; 
08:08:27.0735 3868  ============================================================
08:08:28.0109 3868  ================ Scan system memory ========================
08:08:28.0109 3868  System memory - ok
08:08:28.0110 3868  ================ Scan services =============================
08:08:28.0182 3868  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:08:28.0284 3868  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
08:08:28.0284 3868  !SASCORE - detected UnsignedFile.Multi.Generic (1)
08:08:28.0418 3868  [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI            C:\Windows\system32\drivers\acpi.sys
08:08:28.0435 3868  ACPI - ok
08:08:28.0543 3868  [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
08:08:28.0556 3868  AdobeActiveFileMonitor7.0 - ok
08:08:28.0702 3868  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:08:28.0733 3868  adp94xx - ok
08:08:28.0779 3868  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:08:28.0788 3868  adpahci - ok
08:08:28.0799 3868  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
08:08:28.0806 3868  adpu160m - ok
08:08:28.0821 3868  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:08:28.0829 3868  adpu320 - ok
08:08:28.0854 3868  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:08:28.0883 3868  AeLookupSvc - ok
08:08:28.0917 3868  [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD             C:\Windows\system32\drivers\afd.sys
08:08:28.0949 3868  AFD - ok
08:08:28.0960 3868  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:08:28.0966 3868  agp440 - ok
08:08:28.0972 3868  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
08:08:28.0979 3868  aic78xx - ok
08:08:28.0989 3868  [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG             C:\Windows\System32\alg.exe
08:08:28.0997 3868  ALG - ok
08:08:29.0027 3868  [ 3A99CB23A2D326FD532618705D6E3048 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:08:29.0034 3868  aliide - ok
08:08:29.0074 3868  [ 50EBBB86E493BD9AB7DDF914A90EEF8E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:08:29.0088 3868  AMD External Events Utility - ok
08:08:29.0158 3868  AMD FUEL Service - ok
08:08:29.0178 3868  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
08:08:29.0186 3868  amdagp - ok
08:08:29.0205 3868  amdide - ok
08:08:29.0228 3868  [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
08:08:29.0253 3868  amdiox86 - ok
08:08:29.0262 3868  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
08:08:29.0299 3868  AmdK7 - ok
08:08:29.0311 3868  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
08:08:29.0351 3868  AmdK8 - ok
08:08:29.0510 3868  [ 70EB74785AB7FC603FEF19D87B7A7946 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:08:29.0641 3868  amdkmdag - ok
08:08:29.0711 3868  [ BA99833BBDE9C4FF389FC8114FB14843 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
08:08:29.0721 3868  amdkmdap - ok
08:08:29.0837 3868  [ 5BD30B502168013C9EA03A5C2F1C9776 ] AODDriver       C:\Program Files\ASUS\GPU Boost Driver\i386\AODDriver.sys
08:08:29.0841 3868  AODDriver ( UnsignedFile.Multi.Generic ) - warning
08:08:29.0841 3868  AODDriver - detected UnsignedFile.Multi.Generic (1)
08:08:29.0874 3868  [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
08:08:29.0881 3868  AODDriver4.01 - ok
08:08:29.0897 3868  [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
08:08:29.0903 3868  AODDriver4.2 - ok
08:08:29.0940 3868  [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo         C:\Windows\System32\appinfo.dll
08:08:29.0975 3868  Appinfo - ok
08:08:30.0076 3868  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:08:30.0085 3868  Apple Mobile Device - ok
08:08:30.0106 3868  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
08:08:30.0114 3868  arc - ok
08:08:30.0129 3868  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:08:30.0138 3868  arcsas - ok
08:08:30.0171 3868  [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO            C:\Windows\system32\drivers\AsIO.sys
08:08:30.0179 3868  AsIO - ok
08:08:30.0238 3868  [ 8D058CACC9FB52DAC0E6F3F038B1AE5E ] AsSysCtrlService C:\Program Files\ASUS\AsSysCtrlService\1.00.04\AsSysCtrlService.exe
08:08:30.0251 3868  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
08:08:30.0252 3868  AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
08:08:30.0286 3868  [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:08:30.0331 3868  AsyncMac - ok
08:08:30.0359 3868  [ B35CFCEF838382AB6490B321C87EDF17 ] atapi           C:\Windows\system32\drivers\atapi.sys
08:08:30.0368 3868  atapi - ok
08:08:30.0415 3868  [ 35290682DBDB9CEDE934B73369F3CEDE ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH3.sys
08:08:30.0424 3868  AtiHDAudioService - ok
08:08:30.0440 3868  AtiHdmiService - ok
08:08:30.0460 3868  [ ACA01C43D065E546C6DC88EA669CECA6 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
08:08:30.0467 3868  AtiPcie - ok
08:08:30.0484 3868  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:08:30.0532 3868  AudioEndpointBuilder - ok
08:08:30.0538 3868  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:08:30.0585 3868  Audiosrv - ok
08:08:30.0757 3868  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
08:08:30.0927 3868  AVGIDSAgent - ok
08:08:30.0961 3868  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
08:08:30.0968 3868  AVGIDSDriver - ok
08:08:31.0018 3868  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
08:08:31.0024 3868  AVGIDSHX - ok
08:08:31.0057 3868  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
08:08:31.0062 3868  AVGIDSShim - ok
08:08:31.0110 3868  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
08:08:31.0117 3868  Avgldx86 - ok
08:08:31.0162 3868  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
08:08:31.0169 3868  Avglogx - ok
08:08:31.0186 3868  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
08:08:31.0192 3868  Avgmfx86 - ok
08:08:31.0219 3868  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
08:08:31.0225 3868  Avgrkx86 - ok
08:08:31.0243 3868  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
08:08:31.0252 3868  Avgtdix - ok
08:08:31.0287 3868  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
08:08:31.0296 3868  avgwd - ok
08:08:31.0311 3868  [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:08:31.0343 3868  Beep - ok
08:08:31.0367 3868  [ 98EBDFFB824A7C265337D68DD480E45C ] BFE             C:\Windows\System32\bfe.dll
08:08:31.0398 3868  BFE - ok
08:08:31.0427 3868  [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS            C:\Windows\System32\qmgr.dll
08:08:31.0444 3868  BITS - ok
08:08:31.0447 3868  blbdrive - ok
08:08:31.0537 3868  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:08:31.0547 3868  Bonjour Service - ok
08:08:31.0576 3868  [ 913CD06FBE9105CE6077E90FD4418561 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:08:31.0605 3868  bowser - ok
08:08:31.0616 3868  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
08:08:31.0645 3868  BrFiltLo - ok
08:08:31.0654 3868  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
08:08:31.0684 3868  BrFiltUp - ok
08:08:31.0697 3868  [ BEB6470532B7461D7BB426E3FACB424F ] Browser         C:\Windows\System32\browser.dll
08:08:31.0727 3868  Browser - ok
08:08:31.0748 3868  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
08:08:31.0777 3868  Brserid - ok
08:08:31.0786 3868  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
08:08:31.0816 3868  BrSerWdm - ok
08:08:31.0826 3868  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
08:08:31.0854 3868  BrUsbMdm - ok
08:08:31.0866 3868  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
08:08:31.0895 3868  BrUsbSer - ok
08:08:31.0904 3868  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
08:08:31.0933 3868  BTHMODEM - ok
08:08:32.0018 3868  [ D94B86AD01A3CC323619D4FF512ED6FA ] catchme         C:\Users\Gareth\AppData\Local\Temp\catchme.sys
08:08:32.0021 3868  catchme ( UnsignedFile.Multi.Generic ) - warning
08:08:32.0022 3868  catchme - detected UnsignedFile.Multi.Generic (1)
08:08:32.0025 3868  [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:08:32.0054 3868  cdfs - ok
08:08:32.0094 3868  [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:08:32.0123 3868  cdrom - ok
08:08:32.0130 3868  [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:08:32.0166 3868  CertPropSvc - ok
08:08:32.0179 3868  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
08:08:32.0215 3868  circlass - ok
08:08:32.0236 3868  [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS            C:\Windows\system32\CLFS.sys
08:08:32.0247 3868  CLFS - ok
08:08:32.0293 3868  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:08:32.0302 3868  clr_optimization_v2.0.50727_32 - ok
08:08:32.0402 3868  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:08:32.0411 3868  clr_optimization_v4.0.30319_32 - ok
08:08:32.0431 3868  [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:08:32.0441 3868  cmdide - ok
08:08:32.0469 3868  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
08:08:32.0478 3868  Compbatt - ok
08:08:32.0482 3868  COMSysApp - ok
08:08:32.0495 3868  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:08:32.0504 3868  crcdisk - ok
08:08:32.0534 3868  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
08:08:32.0579 3868  Crusoe - ok
08:08:32.0597 3868  [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:08:32.0644 3868  CryptSvc - ok
08:08:32.0674 3868  [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:08:32.0696 3868  DcomLaunch - ok
08:08:32.0716 3868  [ A7179DE59AE269AB70345527894CCD7C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:08:32.0762 3868  DfsC - ok
08:08:32.0815 3868  [ E0D584AA76C7D845BA9F3A788260528F ] DFSR            C:\Windows\system32\DFSR.exe
08:08:32.0860 3868  DFSR - ok
08:08:32.0916 3868  [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
08:08:32.0931 3868  Dhcp - ok
08:08:32.0938 3868  [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk            C:\Windows\system32\drivers\disk.sys
08:08:32.0948 3868  disk - ok
08:08:33.0061 3868  [ DD347806400462F1937B162B5983E471 ] Diskeeper       C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
08:08:33.0112 3868  Diskeeper - ok
08:08:33.0138 3868  [ AB24EE68FF85A592586C03A3F339FCD5 ] DKRtWrt         C:\Windows\system32\DRIVERS\DKRtWrt.sys
08:08:33.0146 3868  DKRtWrt - ok
08:08:33.0170 3868  [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:08:33.0184 3868  Dnscache - ok
08:08:33.0194 3868  [ 1F795D214820E496BF1124434A6DB546 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:08:33.0241 3868  dot3svc - ok
08:08:33.0269 3868  [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS             C:\Windows\system32\dps.dll
08:08:33.0282 3868  DPS - ok
08:08:33.0313 3868  [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:08:33.0358 3868  drmkaud - ok
08:08:33.0397 3868  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:08:33.0408 3868  dtsoftbus01 - ok
08:08:33.0436 3868  [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:08:33.0457 3868  DXGKrnl - ok
08:08:33.0486 3868  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
08:08:33.0532 3868  E1G60 - ok
08:08:33.0536 3868  [ 90A0A875642E18618010645311B4E89E ] EapHost         C:\Windows\System32\eapsvc.dll
08:08:33.0581 3868  EapHost - ok
08:08:33.0590 3868  [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache          C:\Windows\system32\drivers\ecache.sys
08:08:33.0601 3868  Ecache - ok
08:08:33.0637 3868  [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:08:33.0652 3868  ehRecvr - ok
08:08:33.0660 3868  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
08:08:33.0673 3868  ehSched - ok
08:08:33.0676 3868  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
08:08:33.0688 3868  ehstart - ok
08:08:33.0708 3868  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:08:33.0722 3868  elxstor - ok
08:08:33.0742 3868  [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
08:08:33.0764 3868  EMDMgmt - ok
08:08:33.0892 3868  [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem     C:\Windows\system32\es.dll
08:08:33.0902 3868  EventSystem - ok
08:08:34.0055 3868  [ E1C954057935D51D85077A57012554B2 ] Ext2Fsd         C:\Windows\system32\drivers\Ext2Fsd.sys
08:08:34.0070 3868  Ext2Fsd - ok
08:08:34.0093 3868  [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:08:34.0123 3868  fastfat - ok
08:08:34.0134 3868  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:08:34.0170 3868  fdc - ok
08:08:34.0182 3868  [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:08:34.0219 3868  fdPHost - ok
08:08:34.0231 3868  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:08:34.0268 3868  FDResPub - ok
08:08:34.0272 3868  [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:08:34.0279 3868  FileInfo - ok
08:08:34.0292 3868  [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:08:34.0327 3868  Filetrace - ok
08:08:34.0365 3868  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:08:34.0379 3868  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
08:08:34.0379 3868  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
08:08:34.0406 3868  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:08:34.0434 3868  flpydisk - ok
08:08:34.0446 3868  [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:08:34.0453 3868  FltMgr - ok
08:08:34.0499 3868  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:08:34.0505 3868  FontCache3.0.0.0 - ok
08:08:34.0532 3868  [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:08:34.0541 3868  Fs_Rec - ok
08:08:34.0549 3868  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:08:34.0556 3868  gagp30kx - ok
08:08:34.0589 3868  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:08:34.0595 3868  GEARAspiWDM - ok
08:08:34.0622 3868  [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:08:34.0640 3868  gpsvc - ok
08:08:34.0693 3868  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:08:34.0732 3868  HdAudAddService - ok
08:08:34.0744 3868  [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:08:34.0753 3868  HDAudBus - ok
08:08:34.0763 3868  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
08:08:34.0799 3868  HidBth - ok
08:08:34.0807 3868  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
08:08:34.0844 3868  HidIr - ok
08:08:34.0847 3868  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\System32\hidserv.dll
08:08:34.0885 3868  hidserv - ok
08:08:34.0888 3868  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:08:34.0926 3868  HidUsb - ok
08:08:34.0946 3868  [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:08:34.0981 3868  hkmsvc - ok
08:08:34.0995 3868  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
08:08:35.0001 3868  HpCISSs - ok
08:08:35.0030 3868  HtcVCom32 - ok
08:08:35.0066 3868  [ EA24FE637D974A8A31BC650F478E3533 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:08:35.0079 3868  HTTP - ok
08:08:35.0098 3868  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
08:08:35.0104 3868  i2omp - ok
08:08:35.0123 3868  [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:08:35.0131 3868  i8042prt - ok
08:08:35.0143 3868  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
08:08:35.0151 3868  iaStorV - ok
08:08:35.0193 3868  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:08:35.0211 3868  idsvc - ok
08:08:35.0247 3868  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:08:35.0254 3868  iirsp - ok
08:08:35.0269 3868  [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:08:35.0302 3868  IKEEXT - ok
08:08:35.0388 3868  [ 345AC48D17F5C2F2AA1EE50D34C3978B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:08:35.0459 3868  IntcAzAudAddService - ok
08:08:35.0475 3868  [ 1C60617D54BC9F035671A44B75D9F7CC ] intelide        C:\Windows\system32\drivers\intelide.sys
08:08:35.0483 3868  intelide - ok
08:08:35.0492 3868  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:08:35.0528 3868  intelppm - ok
08:08:35.0544 3868  [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:08:35.0580 3868  IPBusEnum - ok
08:08:35.0591 3868  [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:08:35.0627 3868  IpFilterDriver - ok
08:08:35.0657 3868  [ ECC9AD72CFC4AB41CF6A9BCC11F9FEF6 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:08:35.0669 3868  iphlpsvc - ok
08:08:35.0672 3868  IpInIp - ok
08:08:35.0688 3868  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
08:08:35.0725 3868  IPMIDRV - ok
08:08:35.0737 3868  [ 10077C35845101548037DF04FD1A420B ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
08:08:35.0782 3868  IPNAT - ok
08:08:35.0838 3868  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:08:35.0859 3868  iPod Service - ok
08:08:35.0889 3868  [ A82F328F4792304184642D6D397BB1E3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:08:35.0934 3868  IRENUM - ok
08:08:35.0942 3868  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:08:35.0952 3868  isapnp - ok
08:08:35.0966 3868  [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:08:35.0977 3868  iScsiPrt - ok
08:08:35.0988 3868  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
08:08:35.0998 3868  iteatapi - ok
08:08:36.0008 3868  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
08:08:36.0017 3868  iteraid - ok
08:08:36.0024 3868  [ B076B2AB806B3F696DAB21375389101C ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:08:36.0034 3868  kbdclass - ok
08:08:36.0046 3868  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
08:08:36.0090 3868  kbdhid - ok
08:08:36.0103 3868  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso          C:\Windows\system32\lsass.exe
08:08:36.0117 3868  KeyIso - ok
08:08:36.0168 3868  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
08:08:36.0179 3868  KMWDFILTER - ok
08:08:36.0189 3868  [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:08:36.0206 3868  KSecDD - ok
08:08:36.0236 3868  [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:08:36.0285 3868  KtmRm - ok
08:08:36.0308 3868  [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer    C:\Windows\System32\srvsvc.dll
08:08:36.0356 3868  LanmanServer - ok
08:08:36.0392 3868  [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:08:36.0407 3868  LanmanWorkstation - ok
08:08:36.0416 3868  [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:08:36.0449 3868  lltdio - ok
08:08:36.0460 3868  [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:08:36.0491 3868  lltdsvc - ok
08:08:36.0505 3868  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:08:36.0534 3868  lmhosts - ok
08:08:36.0653 3868  [ 412776CC8A69AC86BE9DEBED4CD82172 ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
08:08:36.0663 3868  LMIGuardianSvc - ok
08:08:36.0732 3868  [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
08:08:36.0738 3868  LMIInfo - ok
08:08:36.0755 3868  [ 7E78DB3671549438C98D2BAB35DD4DDC ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
08:08:36.0761 3868  LMIMaint - ok
08:08:36.0794 3868  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
08:08:36.0799 3868  lmimirr - ok
08:08:36.0824 3868  LMIRfsClientNP - ok
08:08:36.0847 3868  [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
08:08:36.0854 3868  LMIRfsDriver - ok
08:08:36.0875 3868  [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
08:08:36.0887 3868  LogMeIn - ok
08:08:36.0915 3868  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:08:36.0923 3868  LSI_FC - ok
08:08:36.0935 3868  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:08:36.0943 3868  LSI_SAS - ok
08:08:36.0953 3868  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:08:36.0961 3868  LSI_SCSI - ok
08:08:36.0965 3868  [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv           C:\Windows\system32\drivers\luafv.sys
08:08:37.0001 3868  luafv - ok
08:08:37.0039 3868  lxcj_device - ok
08:08:37.0052 3868  mcdbus - ok
08:08:37.0076 3868  [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:08:37.0087 3868  Mcx2Svc - ok
08:08:37.0101 3868  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
08:08:37.0111 3868  megasas - ok
08:08:37.0118 3868  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS           C:\Windows\system32\mmcss.dll
08:08:37.0164 3868  MMCSS - ok
08:08:37.0170 3868  [ 21755967298A46FB6ADFEC9DB6012211 ] Modem           C:\Windows\system32\drivers\modem.sys
08:08:37.0214 3868  Modem - ok
08:08:37.0249 3868  [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:08:37.0257 3868  monitor - ok
08:08:37.0260 3868  [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:08:37.0266 3868  mouclass - ok
08:08:37.0275 3868  [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:08:37.0283 3868  mouhid - ok
08:08:37.0291 3868  [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
08:08:37.0298 3868  MountMgr - ok
08:08:37.0358 3868  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:08:37.0365 3868  MozillaMaintenance - ok
08:08:37.0373 3868  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:08:37.0379 3868  mpio - ok
08:08:37.0399 3868  [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:08:37.0407 3868  mpsdrv - ok
08:08:37.0422 3868  [ 563ED845885C6A7C09A7715D8BD0585C ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:08:37.0435 3868  MpsSvc - ok
08:08:37.0453 3868  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
08:08:37.0459 3868  Mraid35x - ok
08:08:37.0467 3868  [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:08:37.0475 3868  MRxDAV - ok
08:08:37.0489 3868  [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:08:37.0498 3868  mrxsmb - ok
08:08:37.0502 3868  [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:08:37.0512 3868  mrxsmb10 - ok
08:08:37.0515 3868  [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:08:37.0523 3868  mrxsmb20 - ok
08:08:37.0545 3868  [ F0EC3A4E0693A34B148723B4DA31668C ] msahci          C:\Windows\system32\drivers\msahci.sys
08:08:37.0553 3868  msahci - ok
08:08:37.0568 3868  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:08:37.0576 3868  msdsm - ok
08:08:37.0590 3868  [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC           C:\Windows\System32\msdtc.exe
08:08:37.0602 3868  MSDTC - ok
08:08:37.0613 3868  [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:08:37.0649 3868  Msfs - ok
08:08:37.0652 3868  [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:08:37.0659 3868  msisadrv - ok
08:08:37.0677 3868  [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:08:37.0715 3868  MSiSCSI - ok
08:08:37.0718 3868  msiserver - ok
08:08:37.0729 3868  [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:08:37.0764 3868  MSKSSRV - ok
08:08:37.0782 3868  [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:08:37.0818 3868  MSPCLOCK - ok
08:08:37.0824 3868  [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:08:37.0860 3868  MSPQM - ok
08:08:37.0870 3868  [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:08:37.0879 3868  MsRPC - ok
08:08:37.0889 3868  [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:08:37.0896 3868  mssmbios - ok
08:08:37.0901 3868  [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:08:37.0938 3868  MSTEE - ok
08:08:37.0975 3868  [ CBE71C122434805CB73FFB6619F60598 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
08:08:37.0981 3868  MTsensor - ok
08:08:38.0009 3868  [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:08:38.0017 3868  Mup - ok
08:08:38.0034 3868  [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent        C:\Windows\system32\qagentRT.dll
08:08:38.0073 3868  napagent - ok
08:08:38.0097 3868  [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:08:38.0108 3868  NativeWifiP - ok
08:08:38.0125 3868  [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:08:38.0143 3868  NDIS - ok
08:08:38.0175 3868  [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:08:38.0186 3868  NdisTapi - ok
08:08:38.0190 3868  [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:08:38.0235 3868  Ndisuio - ok
08:08:38.0249 3868  [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:08:38.0295 3868  NdisWan - ok
08:08:38.0304 3868  [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:08:38.0316 3868  NDProxy - ok
08:08:38.0323 3868  [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:08:38.0368 3868  NetBIOS - ok
08:08:38.0376 3868  [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
08:08:38.0423 3868  netbt - ok
08:08:38.0429 3868  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon        C:\Windows\system32\lsass.exe
08:08:38.0443 3868  Netlogon - ok
08:08:38.0476 3868  [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman          C:\Windows\System32\netman.dll
08:08:38.0524 3868  Netman - ok
08:08:38.0536 3868  [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm        C:\Windows\System32\netprofm.dll
08:08:38.0585 3868  netprofm - ok
08:08:38.0605 3868  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:08:38.0616 3868  NetTcpPortSharing - ok
08:08:38.0625 3868  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:08:38.0635 3868  nfrd960 - ok
08:08:38.0650 3868  [ C424117A562F2DE37A42266894C79AEB ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:08:38.0698 3868  NlaSvc - ok
08:08:38.0718 3868  [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:08:38.0763 3868  Npfs - ok
08:08:38.0778 3868  [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi             C:\Windows\system32\nsisvc.dll
08:08:38.0824 3868  nsi - ok
08:08:38.0829 3868  [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:08:38.0873 3868  nsiproxy - ok
08:08:38.0913 3868  [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:08:38.0944 3868  Ntfs - ok
08:08:38.0973 3868  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
08:08:39.0019 3868  ntrigdigi - ok
08:08:39.0027 3868  [ EC5EFB3C60F1B624648344A328BCE596 ] Null            C:\Windows\system32\drivers\Null.sys
08:08:39.0072 3868  Null - ok
08:08:39.0215 3868  [ 13EA23E5B699CAE353FA711495FDFF20 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
08:08:39.0227 3868  nusb3hub - ok
08:08:39.0271 3868  [ FA3240B26A1E150E3770A9E01C7BBA4E ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:08:39.0284 3868  nusb3xhc - ok
08:08:39.0295 3868  [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:08:39.0308 3868  nvraid - ok
08:08:39.0315 3868  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:08:39.0327 3868  nvstor - ok
08:08:39.0335 3868  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:08:39.0346 3868  nv_agp - ok
08:08:39.0350 3868  NwlnkFlt - ok
08:08:39.0354 3868  NwlnkFwd - ok
08:08:39.0363 3868  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:08:39.0409 3868  ohci1394 - ok
08:08:39.0457 3868  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:08:39.0463 3868  ose - ok
08:08:39.0494 3868  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
08:08:39.0510 3868  p2pimsvc - ok
08:08:39.0518 3868  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc          C:\Windows\system32\p2psvc.dll
08:08:39.0534 3868  p2psvc - ok
08:08:39.0568 3868  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:08:39.0597 3868  Parport - ok
08:08:39.0600 3868  [ 555A5B2C8022983BC7467BC925B222EE ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:08:39.0606 3868  partmgr - ok
08:08:39.0625 3868  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
08:08:39.0654 3868  Parvdm - ok
08:08:39.0658 3868  [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:08:39.0668 3868  PcaSvc - ok
08:08:39.0672 3868  [ 1085D75657807E0E8B32F9E19A1647C3 ] pci             C:\Windows\system32\drivers\pci.sys
08:08:39.0680 3868  pci - ok
08:08:39.0701 3868  [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide          C:\Windows\system32\drivers\pciide.sys
08:08:39.0708 3868  pciide - ok
08:08:39.0719 3868  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:08:39.0727 3868  pcmcia - ok
08:08:39.0760 3868  [ 3E9CD8646EBF1C15438F9135796C02B7 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
08:08:39.0772 3868  PCToolsSSDMonitorSvc - ok
08:08:39.0816 3868  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:08:39.0855 3868  PEAUTH - ok
08:08:39.0892 3868  [ CD05A38D166BEADE18030BAFC0C0A939 ] pla             C:\Windows\system32\pla.dll
08:08:39.0941 3868  pla - ok
08:08:39.0972 3868  [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:08:39.0985 3868  PlugPlay - ok
08:08:40.0031 3868  [ 0E01D7EEBADA0B324DB0CA1EE73440BA ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
08:08:40.0039 3868  PnkBstrA - ok
08:08:40.0048 3868  [ 1428E6CC1458A36CBFC1F2E304C7C42D ] PnkBstrB        C:\Windows\system32\PnkBstrB.exe
08:08:40.0056 3868  PnkBstrB - ok
08:08:40.0066 3868  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
08:08:40.0085 3868  PNRPAutoReg - ok
08:08:40.0094 3868  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
08:08:40.0113 3868  PNRPsvc - ok
08:08:40.0155 3868  [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:08:40.0170 3868  PolicyAgent - ok
08:08:40.0203 3868  [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:08:40.0240 3868  PptpMiniport - ok
08:08:40.0246 3868  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:08:40.0282 3868  Processor - ok
08:08:40.0304 3868  [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:08:40.0343 3868  ProfSvc - ok
08:08:40.0375 3868  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:08:40.0386 3868  ProtectedStorage - ok
08:08:40.0401 3868  [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
08:08:40.0410 3868  PSched - ok
08:08:40.0467 3868  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
08:08:40.0473 3868  PxHelp20 - ok
08:08:40.0493 3868  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:08:40.0516 3868  ql2300 - ok
08:08:40.0550 3868  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:08:40.0561 3868  ql40xx - ok
08:08:40.0571 3868  [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE           C:\Windows\system32\qwave.dll
08:08:40.0590 3868  QWAVE - ok
08:08:40.0594 3868  [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:08:40.0608 3868  QWAVEdrv - ok
08:08:40.0759 3868  [ 3AF684252780CF87DC2809F85B8F7591 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys
08:08:40.0772 3868  RapportCerberus_43926 - ok
08:08:40.0846 3868  [ E59302E32009F38A24AB573B039D8F21 ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
08:08:40.0865 3868  RapportEI - ok
08:08:40.0933 3868  [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso     c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
08:08:40.0941 3868  RapportIaso - ok
08:08:40.0945 3868  [ 25BFCB71DE17B2DE56800219F8E80959 ] RapportKELL     C:\Windows\system32\Drivers\RapportKELL.sys
08:08:40.0954 3868  RapportKELL - ok
08:08:40.0994 3868  [ 0DE51300C256DE1206EE892521764C76 ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
08:08:41.0005 3868  RapportPG - ok
08:08:41.0014 3868  [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:08:41.0059 3868  RasAcd - ok
08:08:41.0066 3868  [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto         C:\Windows\System32\rasauto.dll
08:08:41.0114 3868  RasAuto - ok
08:08:41.0121 3868  [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:08:41.0153 3868  Rasl2tp - ok
08:08:41.0177 3868  [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan          C:\Windows\System32\rasmans.dll
08:08:41.0208 3868  RasMan - ok
08:08:41.0211 3868  [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:08:41.0240 3868  RasPppoe - ok
08:08:41.0249 3868  [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:08:41.0279 3868  rdbss - ok
08:08:41.0282 3868  [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:08:41.0310 3868  RDPCDD - ok
08:08:41.0320 3868  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
08:08:41.0351 3868  rdpdr - ok
08:08:41.0353 3868  [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:08:41.0383 3868  RDPENCDD - ok
08:08:41.0397 3868  [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:08:41.0427 3868  RDPWD - ok
08:08:41.0446 3868  [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:08:41.0476 3868  RemoteAccess - ok
08:08:41.0486 3868  [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:08:41.0516 3868  RemoteRegistry - ok
08:08:41.0525 3868  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
08:08:41.0534 3868  RpcLocator - ok
08:08:41.0548 3868  [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs           C:\Windows\system32\rpcss.dll
08:08:41.0562 3868  RpcSs - ok
08:08:41.0589 3868  [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:08:41.0618 3868  rspndr - ok
08:08:41.0631 3868  RTHDMIAzAudService - ok
08:08:41.0676 3868  [ 811C4A6EA5C3B8C07352D4503409EF26 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
08:08:41.0686 3868  RTL8169 - ok
08:08:41.0689 3868  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs           C:\Windows\system32\lsass.exe
08:08:41.0697 3868  SamSs - ok
08:08:41.0758 3868  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:08:41.0763 3868  SASDIFSV - ok
08:08:41.0798 3868  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:08:41.0804 3868  SASKUTIL - ok
08:08:41.0813 3868  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:08:41.0819 3868  sbp2port - ok
08:08:41.0916 3868  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
08:08:41.0942 3868  SBSDWSCService - ok
08:08:42.0006 3868  [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:08:42.0044 3868  SCardSvr - ok
08:08:42.0081 3868  [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule        C:\Windows\system32\schedsvc.dll
08:08:42.0100 3868  Schedule - ok
08:08:42.0122 3868  [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:08:42.0166 3868  SCPolicySvc - ok
08:08:42.0174 3868  [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:08:42.0187 3868  SDRSVC - ok
08:08:42.0197 3868  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:08:42.0242 3868  secdrv - ok
08:08:42.0247 3868  [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon        C:\Windows\system32\seclogon.dll
08:08:42.0293 3868  seclogon - ok
08:08:42.0306 3868  [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS            C:\Windows\System32\sens.dll
08:08:42.0353 3868  SENS - ok
08:08:42.0364 3868  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:08:42.0409 3868  Serenum - ok
08:08:42.0418 3868  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:08:42.0451 3868  Serial - ok
08:08:42.0461 3868  [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:08:42.0469 3868  sermouse - ok
08:08:42.0500 3868  [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:08:42.0530 3868  SessionEnv - ok
08:08:42.0535 3868  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:08:42.0564 3868  sffdisk - ok
08:08:42.0570 3868  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:08:42.0599 3868  sffp_mmc - ok
08:08:42.0604 3868  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:08:42.0633 3868  sffp_sd - ok
08:08:42.0639 3868  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:08:42.0668 3868  sfloppy - ok
08:08:42.0723 3868  [ 9A82BF4C90B00A63150A606A1E2FD82B ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:08:42.0733 3868  SharedAccess - ok
08:08:42.0746 3868  [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:08:42.0757 3868  ShellHWDetection - ok
08:08:42.0763 3868  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
08:08:42.0769 3868  sisagp - ok
08:08:42.0782 3868  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
08:08:42.0788 3868  SiSRaid2 - ok
08:08:42.0796 3868  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:08:42.0802 3868  SiSRaid4 - ok
08:08:42.0854 3868  [ A1DCD30534835CB67733AD00175125A6 ] slsvc           C:\Windows\system32\SLsvc.exe
08:08:42.0895 3868  slsvc - ok
08:08:42.0930 3868  [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
08:08:42.0941 3868  SLUINotify - ok
08:08:42.0945 3868  [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:08:42.0981 3868  Smb - ok
08:08:43.0001 3868  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:08:43.0012 3868  SNMPTRAP - ok
08:08:43.0017 3868  [ 426F9B029AA9162CECCF65369457D046 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:08:43.0024 3868  spldr - ok
08:08:43.0035 3868  [ DA612EF2556776DF2630B68BF2D48935 ] Spooler         C:\Windows\System32\spoolsv.exe
08:08:43.0047 3868  Spooler - ok
08:08:43.0072 3868  sptd - ok
08:08:43.0095 3868  [ 038579C35F7CAD4A4BBF735DBF83277D ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:08:43.0107 3868  srv - ok
08:08:43.0118 3868  [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:08:43.0129 3868  srv2 - ok
08:08:43.0134 3868  [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:08:43.0144 3868  srvnet - ok
08:08:43.0157 3868  [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:08:43.0196 3868  SSDPSRV - ok
08:08:43.0225 3868  [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc          C:\Windows\System32\wiaservc.dll
08:08:43.0247 3868  stisvc - ok
08:08:43.0258 3868  [ 1379BDB336F8158C176A465E30759F57 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:08:43.0267 3868  swenum - ok
08:08:43.0292 3868  [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv           C:\Windows\System32\swprv.dll
08:08:43.0341 3868  swprv - ok
08:08:43.0353 3868  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
08:08:43.0363 3868  Symc8xx - ok
08:08:43.0375 3868  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
08:08:43.0385 3868  Sym_hi - ok
08:08:43.0396 3868  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
08:08:43.0406 3868  Sym_u3 - ok
08:08:43.0437 3868  [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain         C:\Windows\system32\sysmain.dll
08:08:43.0458 3868  SysMain - ok
08:08:43.0491 3868  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:08:43.0508 3868  TabletInputService - ok
08:08:43.0518 3868  [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:08:43.0567 3868  TapiSrv - ok
08:08:43.0574 3868  [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS             C:\Windows\System32\tbssvc.dll
08:08:43.0620 3868  TBS - ok
08:08:43.0643 3868  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:08:43.0667 3868  Tcpip - ok
08:08:43.0680 3868  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
08:08:43.0705 3868  Tcpip6 - ok
08:08:43.0729 3868  [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:08:43.0759 3868  tcpipreg - ok
08:08:43.0762 3868  [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:08:43.0791 3868  TDPIPE - ok
08:08:43.0796 3868  [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:08:43.0825 3868  TDTCP - ok
08:08:43.0836 3868  [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:08:43.0866 3868  tdx - ok
08:08:43.0869 3868  [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:08:43.0875 3868  TermDD - ok
08:08:43.0906 3868  [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService     C:\Windows\System32\termsrv.dll
08:08:43.0940 3868  TermService - ok
08:08:43.0944 3868  [ B264DFA21677728613267FE63802B332 ] Themes          C:\Windows\system32\shsvcs.dll
08:08:43.0956 3868  Themes - ok
08:08:43.0973 3868  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER     C:\Windows\system32\mmcss.dll
08:08:44.0003 3868  THREADORDER - ok
08:08:44.0013 3868  [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks          C:\Windows\System32\trkwks.dll
08:08:44.0044 3868  TrkWks - ok
08:08:44.0087 3868  [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:08:44.0095 3868  TrustedInstaller - ok
08:08:44.0104 3868  [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:08:44.0133 3868  tssecsrv - ok
08:08:44.0142 3868  [ 65E953BC0084D44498B51F59784D2A82 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
08:08:44.0151 3868  tunmp - ok
08:08:44.0153 3868  [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:08:44.0161 3868  tunnel - ok
08:08:44.0164 3868  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:08:44.0170 3868  uagp35 - ok
08:08:44.0181 3868  [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:08:44.0211 3868  udfs - ok
08:08:44.0236 3868  [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:08:44.0245 3868  UI0Detect - ok
08:08:44.0253 3868  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:08:44.0260 3868  uliagpkx - ok
08:08:44.0305 3868  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
08:08:44.0313 3868  uliahci - ok
08:08:44.0330 3868  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
08:08:44.0336 3868  UlSata - ok
08:08:44.0350 3868  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
08:08:44.0357 3868  ulsata2 - ok
08:08:44.0394 3868  [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:08:44.0423 3868  umbus - ok
08:08:44.0452 3868  [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost        C:\Windows\System32\upnphost.dll
08:08:44.0492 3868  upnphost - ok
08:08:44.0543 3868  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
08:08:44.0554 3868  USBAAPL - ok
08:08:44.0585 3868  [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:08:44.0595 3868  usbccgp - ok
08:08:44.0609 3868  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:08:44.0646 3868  usbcir - ok
08:08:44.0668 3868  [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:08:44.0678 3868  usbehci - ok
08:08:44.0692 3868  [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:08:44.0703 3868  usbhub - ok
08:08:44.0707 3868  [ 9333E482A173938788CBDE8F81EC52FB ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
08:08:44.0717 3868  usbohci - ok
08:08:44.0728 3868  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:08:44.0764 3868  usbprint - ok
08:08:44.0804 3868  [ B1F95285C08DDFE00C0B955462637EC7 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:08:44.0834 3868  usbscan - ok
08:08:44.0857 3868  [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:08:44.0865 3868  USBSTOR - ok
08:08:44.0873 3868  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
08:08:44.0903 3868  usbuhci - ok
08:08:44.0926 3868  [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms           C:\Windows\System32\uxsms.dll
08:08:44.0956 3868  UxSms - ok
08:08:44.0967 3868  [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds             C:\Windows\System32\vds.exe
08:08:44.0981 3868  vds - ok
08:08:45.0009 3868  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:08:45.0038 3868  vga - ok
08:08:45.0040 3868  [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:08:45.0069 3868  VgaSave - ok
08:08:45.0075 3868  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
08:08:45.0082 3868  viaagp - ok
08:08:45.0091 3868  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
08:08:45.0120 3868  ViaC7 - ok
08:08:45.0142 3868  [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide          C:\Windows\system32\drivers\viaide.sys
08:08:45.0148 3868  viaide - ok
08:08:45.0160 3868  [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:08:45.0166 3868  volmgr - ok
08:08:45.0176 3868  [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:08:45.0185 3868  volmgrx - ok
08:08:45.0193 3868  [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:08:45.0201 3868  volsnap - ok
08:08:45.0214 3868  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:08:45.0221 3868  vsmraid - ok
08:08:45.0253 3868  [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS             C:\Windows\system32\vssvc.exe
08:08:45.0273 3868  VSS - ok
08:08:45.0308 3868  [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time         C:\Windows\system32\w32time.dll
08:08:45.0340 3868  W32Time - ok
08:08:45.0353 3868  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:08:45.0381 3868  WacomPen - ok
08:08:45.0405 3868  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
08:08:45.0412 3868  Wanarp - ok
08:08:45.0415 3868  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:08:45.0422 3868  Wanarpv6 - ok
08:08:45.0436 3868  [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:08:45.0451 3868  wcncsvc - ok
08:08:45.0455 3868  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:08:45.0493 3868  WcsPlugInService - ok
08:08:45.0500 3868  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
08:08:45.0507 3868  Wd - ok
08:08:45.0523 3868  [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:08:45.0538 3868  Wdf01000 - ok
08:08:45.0564 3868  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:08:45.0577 3868  WdiServiceHost - ok
08:08:45.0580 3868  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:08:45.0593 3868  WdiSystemHost - ok
08:08:45.0606 3868  [ 01E41C264EEDCB827820A1909162579F ] WebClient       C:\Windows\System32\webclnt.dll
08:08:45.0618 3868  WebClient - ok
08:08:45.0657 3868  [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:08:45.0696 3868  Wecsvc - ok
08:08:45.0703 3868  [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:08:45.0741 3868  wercplsupport - ok
08:08:45.0754 3868  [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:08:45.0793 3868  WerSvc - ok
08:08:45.0831 3868  [ 8563FCED6483CA76FC130F1FF6F20278 ] WFMC_VAD        C:\Windows\system32\DRIVERS\wfmcvad.sys
08:08:45.0839 3868  WFMC_VAD - ok
08:08:45.0876 3868  [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:08:45.0887 3868  WinDefend - ok
08:08:45.0893 3868  WinHttpAutoProxySvc - ok
08:08:45.0939 3868  [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:08:45.0976 3868  Winmgmt - ok
08:08:46.0011 3868  [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:08:46.0049 3868  WinRM - ok
08:08:46.0082 3868  [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:08:46.0097 3868  Wlansvc - ok
08:08:46.0131 3868  [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
08:08:46.0138 3868  WmiAcpi - ok
08:08:46.0146 3868  [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:08:46.0155 3868  wmiApSrv - ok
08:08:46.0189 3868  [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:08:46.0206 3868  WMPNetworkSvc - ok
08:08:46.0248 3868  [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:08:46.0258 3868  WPCSvc - ok
08:08:46.0266 3868  [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:08:46.0276 3868  WPDBusEnum - ok
08:08:46.0289 3868  [ 2D27171B16A577EF14C1273668753485 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
08:08:46.0318 3868  WpdUsb - ok
08:08:46.0398 3868  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:08:46.0417 3868  WPFFontCache_v0400 - ok
08:08:46.0454 3868  [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:08:46.0482 3868  ws2ifsl - ok
08:08:46.0495 3868  [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc          C:\Windows\system32\wscsvc.dll
08:08:46.0506 3868  wscsvc - ok
08:08:46.0508 3868  WSearch - ok
08:08:46.0555 3868  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:08:46.0592 3868  wuauserv - ok
08:08:46.0641 3868  [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:08:46.0670 3868  WUDFRd - ok
08:08:46.0676 3868  [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:08:46.0706 3868  wudfsvc - ok
08:08:46.0724 3868  ================ Scan global ===============================
08:08:46.0752 3868  [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
08:08:46.0770 3868  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
08:08:46.0778 3868  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
08:08:46.0805 3868  [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
08:08:46.0807 3868  [Global] - ok
08:08:46.0807 3868  ================ Scan MBR ==================================
08:08:46.0812 3868  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:08:46.0986 3868  \Device\Harddisk0\DR0 - ok
08:08:46.0986 3868  ================ Scan VBR ==================================
08:08:46.0988 3868  [ 9CCB401B0698E31951AC5DF1BFF76DF2 ] \Device\Harddisk0\DR0\Partition1
08:08:46.0989 3868  \Device\Harddisk0\DR0\Partition1 - ok
08:08:46.0990 3868  ============================================================
08:08:46.0990 3868  Scan finished
08:08:46.0990 3868  ============================================================
08:08:46.0998 5208  Detected object count: 5
08:08:46.0998 5208  Actual detected object count: 5
08:09:18.0638 5208  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:18.0638 5208  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:09:18.0641 5208  AODDriver ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:18.0642 5208  AODDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:09:18.0645 5208  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:18.0645 5208  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:09:18.0744 5208  C:\Users\???????\AppData\Local\Temp\catchme.sys - copied to quarantine
08:09:18.0745 5208  HKLM\SYSTEM\ControlSet001\services\catchme - will be deleted on reboot
08:09:18.0763 5208  HKLM\SYSTEM\ControlSet004\services\catchme - will be deleted on reboot
08:09:18.0779 5208  C:\Users\???????\AppData\Local\Temp\catchme.sys - will be deleted on reboot
08:09:18.0779 5208  catchme ( UnsignedFile.Multi.Generic ) - User select action: Delete 
08:09:18.0784 5208  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:18.0784 5208  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:09:49.0213 1380  Deinitialize success

 

 
TDSSKiller log after reboot:

 

08:12:14.0158 2896  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:12:14.0423 2896  ============================================================
08:12:14.0423 2896  Current date / time: 2013/05/30 08:12:14.0423
08:12:14.0423 2896  SystemInfo:
08:12:14.0423 2896  
08:12:14.0423 2896  OS Version: 6.0.6000 ServicePack: 0.0
08:12:14.0423 2896  Product type: Workstation
08:12:14.0423 2896  ComputerName: 
08:12:14.0423 2896  UserName: 
08:12:14.0423 2896  Windows directory: C:\Windows
08:12:14.0423 2896  System windows directory: C:\Windows
08:12:14.0423 2896  Processor architecture: Intel x86
08:12:14.0423 2896  Number of processors: 4
08:12:14.0423 2896  Page size: 0x1000
08:12:14.0423 2896  Boot type: Normal boot
08:12:14.0423 2896  ============================================================
08:12:15.0734 2896  BG loaded
08:12:16.0124 2896  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:12:16.0139 2896  ============================================================
08:12:16.0139 2896  \Device\Harddisk0\DR0:
08:12:16.0139 2896  MBR partitions:
08:12:16.0139 2896  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74709082
08:12:16.0139 2896  ============================================================
08:12:16.0202 2896  C: <-> \Device\Harddisk0\DR0\Partition1
08:12:16.0202 2896  ============================================================
08:12:16.0202 2896  Initialize success
08:12:16.0202 2896  ============================================================
08:12:26.0513 3292  ============================================================
08:12:26.0513 3292  Scan started
08:12:26.0513 3292  Mode: Manual; SigCheck; TDLFS; 
08:12:26.0513 3292  ============================================================
08:12:30.0023 3292  ================ Scan system memory ========================
08:12:30.0023 3292  System memory - ok
08:12:30.0023 3292  ================ Scan services =============================
08:12:30.0569 3292  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:12:39.0336 3292  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
08:12:39.0336 3292  !SASCORE - detected UnsignedFile.Multi.Generic (1)
08:12:39.0477 3292  [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI            C:\Windows\system32\drivers\acpi.sys
08:12:39.0492 3292  ACPI - ok
08:12:39.0680 3292  [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
08:12:39.0711 3292  AdobeActiveFileMonitor7.0 - ok
08:12:39.0820 3292  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:12:39.0867 3292  adp94xx - ok
08:12:39.0929 3292  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:12:39.0960 3292  adpahci - ok
08:12:39.0992 3292  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
08:12:40.0023 3292  adpu160m - ok
08:12:40.0038 3292  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:12:40.0070 3292  adpu320 - ok
08:12:40.0116 3292  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:12:40.0257 3292  AeLookupSvc - ok
08:12:40.0304 3292  [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD             C:\Windows\system32\drivers\afd.sys
08:12:40.0350 3292  AFD - ok
08:12:40.0366 3292  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:12:40.0382 3292  agp440 - ok
08:12:40.0413 3292  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
08:12:40.0428 3292  aic78xx - ok
08:12:40.0428 3292  [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG             C:\Windows\System32\alg.exe
08:12:40.0460 3292  ALG - ok
08:12:40.0475 3292  [ 3A99CB23A2D326FD532618705D6E3048 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:12:40.0491 3292  aliide - ok
08:12:40.0538 3292  [ 50EBBB86E493BD9AB7DDF914A90EEF8E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:12:40.0584 3292  AMD External Events Utility - ok
08:12:40.0647 3292  AMD FUEL Service - ok
08:12:40.0694 3292  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
08:12:40.0740 3292  amdagp - ok
08:12:40.0756 3292  amdide - ok
08:12:40.0787 3292  [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
08:12:40.0834 3292  amdiox86 - ok
08:12:40.0850 3292  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
08:12:40.0896 3292  AmdK7 - ok
08:12:40.0912 3292  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
08:12:40.0959 3292  AmdK8 - ok
08:12:41.0302 3292  [ 70EB74785AB7FC603FEF19D87B7A7946 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:12:41.0552 3292  amdkmdag - ok
08:12:41.0567 3292  [ BA99833BBDE9C4FF389FC8114FB14843 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
08:12:41.0598 3292  amdkmdap - ok
08:12:41.0692 3292  [ 5BD30B502168013C9EA03A5C2F1C9776 ] AODDriver       C:\Program Files\ASUS\GPU Boost Driver\i386\AODDriver.sys
08:12:41.0739 3292  AODDriver ( UnsignedFile.Multi.Generic ) - warning
08:12:41.0739 3292  AODDriver - detected UnsignedFile.Multi.Generic (1)
08:12:41.0786 3292  [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
08:12:41.0801 3292  AODDriver4.01 - ok
08:12:41.0817 3292  [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
08:12:41.0832 3292  AODDriver4.2 - ok
08:12:41.0848 3292  [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo         C:\Windows\System32\appinfo.dll
08:12:41.0910 3292  Appinfo - ok
08:12:42.0035 3292  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:12:42.0051 3292  Apple Mobile Device - ok
08:12:42.0098 3292  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
08:12:42.0144 3292  arc - ok
08:12:42.0176 3292  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:12:42.0207 3292  arcsas - ok
08:12:42.0269 3292  [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO            C:\Windows\system32\drivers\AsIO.sys
08:12:42.0285 3292  AsIO - ok
08:12:42.0347 3292  [ 8D058CACC9FB52DAC0E6F3F038B1AE5E ] AsSysCtrlService C:\Program Files\ASUS\AsSysCtrlService\1.00.04\AsSysCtrlService.exe
08:12:42.0410 3292  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
08:12:42.0410 3292  AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
08:12:42.0410 3292  [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:12:42.0472 3292  AsyncMac - ok
08:12:42.0503 3292  [ B35CFCEF838382AB6490B321C87EDF17 ] atapi           C:\Windows\system32\drivers\atapi.sys
08:12:42.0519 3292  atapi - ok
08:12:42.0612 3292  [ 35290682DBDB9CEDE934B73369F3CEDE ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH3.sys
08:12:42.0612 3292  AtiHDAudioService - ok
08:12:42.0612 3292  AtiHdmiService - ok
08:12:42.0628 3292  [ ACA01C43D065E546C6DC88EA669CECA6 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
08:12:42.0644 3292  AtiPcie - ok
08:12:42.0706 3292  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:12:42.0768 3292  AudioEndpointBuilder - ok
08:12:42.0800 3292  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:12:42.0846 3292  Audiosrv - ok
08:12:43.0236 3292  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
08:12:43.0377 3292  AVGIDSAgent - ok
08:12:43.0486 3292  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
08:12:43.0502 3292  AVGIDSDriver - ok
08:12:43.0580 3292  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
08:12:43.0595 3292  AVGIDSHX - ok
08:12:43.0626 3292  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
08:12:43.0642 3292  AVGIDSShim - ok
08:12:43.0673 3292  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
08:12:43.0673 3292  Avgldx86 - ok
08:12:43.0736 3292  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
08:12:43.0751 3292  Avglogx - ok
08:12:43.0767 3292  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
08:12:43.0782 3292  Avgmfx86 - ok
08:12:43.0876 3292  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
08:12:43.0876 3292  Avgrkx86 - ok
08:12:43.0938 3292  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
08:12:43.0954 3292  Avgtdix - ok
08:12:44.0001 3292  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
08:12:44.0016 3292  avgwd - ok
08:12:44.0032 3292  [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:12:44.0094 3292  Beep - ok
08:12:44.0126 3292  [ 98EBDFFB824A7C265337D68DD480E45C ] BFE             C:\Windows\System32\bfe.dll
08:12:44.0188 3292  BFE - ok
08:12:44.0204 3292  [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS            C:\Windows\System32\qmgr.dll
08:12:44.0250 3292  BITS - ok
08:12:44.0266 3292  blbdrive - ok
08:12:44.0360 3292  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:12:44.0375 3292  Bonjour Service - ok
08:12:44.0391 3292  [ 913CD06FBE9105CE6077E90FD4418561 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:12:44.0453 3292  bowser - ok
08:12:44.0469 3292  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
08:12:44.0531 3292  BrFiltLo - ok
08:12:44.0562 3292  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
08:12:44.0640 3292  BrFiltUp - ok
08:12:44.0687 3292  [ BEB6470532B7461D7BB426E3FACB424F ] Browser         C:\Windows\System32\browser.dll
08:12:44.0734 3292  Browser - ok
08:12:44.0781 3292  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
08:12:44.0843 3292  Brserid - ok
08:12:44.0859 3292  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
08:12:44.0921 3292  BrSerWdm - ok
08:12:44.0952 3292  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
08:12:45.0015 3292  BrUsbMdm - ok
08:12:45.0030 3292  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
08:12:45.0093 3292  BrUsbSer - ok
08:12:45.0108 3292  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
08:12:45.0171 3292  BTHMODEM - ok
08:12:45.0171 3292  [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:12:45.0223 3292  cdfs - ok
08:12:45.0263 3292  [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:12:45.0323 3292  cdrom - ok
08:12:45.0373 3292  [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:12:45.0418 3292  CertPropSvc - ok
08:12:45.0438 3292  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
08:12:45.0518 3292  circlass - ok
08:12:45.0548 3292  [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS            C:\Windows\system32\CLFS.sys
08:12:45.0558 3292  CLFS - ok
08:12:45.0878 3292  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:12:45.0888 3292  clr_optimization_v2.0.50727_32 - ok
08:12:46.0183 3292  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:12:46.0208 3292  clr_optimization_v4.0.30319_32 - ok
08:12:46.0248 3292  [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:12:46.0268 3292  cmdide - ok
08:12:46.0283 3292  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
08:12:46.0303 3292  Compbatt - ok
08:12:46.0303 3292  COMSysApp - ok
08:12:46.0378 3292  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:12:46.0383 3292  crcdisk - ok
08:12:46.0484 3292  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
08:12:46.0565 3292  Crusoe - ok
08:12:46.0680 3292  [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:12:46.0759 3292  CryptSvc - ok
08:12:47.0050 3292  [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:12:47.0163 3292  DcomLaunch - ok
08:12:47.0213 3292  [ A7179DE59AE269AB70345527894CCD7C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:12:47.0318 3292  DfsC - ok
08:12:47.0801 3292  [ E0D584AA76C7D845BA9F3A788260528F ] DFSR            C:\Windows\system32\DFSR.exe
08:12:55.0875 3292  DFSR - ok
08:12:55.0965 3292  [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
08:12:56.0090 3292  Dhcp - ok
08:12:56.0120 3292  [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk            C:\Windows\system32\drivers\disk.sys
08:12:56.0130 3292  disk - ok
08:12:56.0883 3292  [ DD347806400462F1937B162B5983E471 ] Diskeeper       C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
08:12:57.0244 3292  Diskeeper - ok
08:12:57.0337 3292  [ AB24EE68FF85A592586C03A3F339FCD5 ] DKRtWrt         C:\Windows\system32\DRIVERS\DKRtWrt.sys
08:12:57.0372 3292  DKRtWrt - ok
08:12:57.0486 3292  [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:12:57.0595 3292  Dnscache - ok
08:12:57.0734 3292  [ 1F795D214820E496BF1124434A6DB546 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:12:57.0834 3292  dot3svc - ok
08:12:58.0010 3292  [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS             C:\Windows\system32\dps.dll
08:12:58.0111 3292  DPS - ok
08:12:58.0332 3292  [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:12:58.0411 3292  drmkaud - ok
08:12:58.0557 3292  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:12:58.0569 3292  dtsoftbus01 - ok
08:12:58.0807 3292  [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:12:59.0059 3292  DXGKrnl - ok
08:12:59.0135 3292  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
08:12:59.0303 3292  E1G60 - ok
08:12:59.0376 3292  [ 90A0A875642E18618010645311B4E89E ] EapHost         C:\Windows\System32\eapsvc.dll
08:12:59.0484 3292  EapHost - ok
08:12:59.0542 3292  [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache          C:\Windows\system32\drivers\ecache.sys
08:12:59.0553 3292  Ecache - ok
08:12:59.0791 3292  [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:12:59.0840 3292  ehRecvr - ok
08:12:59.0864 3292  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
08:12:59.0894 3292  ehSched - ok
08:12:59.0913 3292  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
08:12:59.0925 3292  ehstart - ok
08:12:59.0994 3292  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:13:00.0048 3292  elxstor - ok
08:13:00.0174 3292  [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
08:13:00.0353 3292  EMDMgmt - ok
08:13:00.0487 3292  [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem     C:\Windows\system32\es.dll
08:13:00.0535 3292  EventSystem - ok
08:13:00.0731 3292  [ E1C954057935D51D85077A57012554B2 ] Ext2Fsd         C:\Windows\system32\drivers\Ext2Fsd.sys
08:13:00.0774 3292  Ext2Fsd - ok
08:13:00.0817 3292  [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:13:00.0887 3292  fastfat - ok
08:13:00.0900 3292  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:13:00.0961 3292  fdc - ok
08:13:01.0039 3292  [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:13:01.0177 3292  fdPHost - ok
08:13:01.0212 3292  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:13:01.0253 3292  FDResPub - ok
08:13:01.0283 3292  [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:13:01.0290 3292  FileInfo - ok
08:13:01.0298 3292  [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:13:01.0357 3292  Filetrace - ok
08:13:01.0570 3292  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:13:01.0793 3292  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
08:13:01.0793 3292  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
08:13:01.0842 3292  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:13:01.0927 3292  flpydisk - ok
08:13:01.0998 3292  [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:13:02.0010 3292  FltMgr - ok
08:13:02.0143 3292  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:13:02.0287 3292  FontCache3.0.0.0 - ok
08:13:02.0317 3292  [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:13:02.0371 3292  Fs_Rec - ok
08:13:02.0400 3292  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:13:02.0411 3292  gagp30kx - ok
08:13:02.0448 3292  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:13:02.0456 3292  GEARAspiWDM - ok
08:13:02.0692 3292  [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:13:03.0191 3292  gpsvc - ok
08:13:03.0258 3292  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:13:03.0394 3292  HdAudAddService - ok
08:13:03.0455 3292  [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:13:03.0491 3292  HDAudBus - ok
08:13:03.0533 3292  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
08:13:03.0617 3292  HidBth - ok
08:13:03.0652 3292  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
08:13:03.0697 3292  HidIr - ok
08:13:03.0763 3292  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\System32\hidserv.dll
08:13:03.0799 3292  hidserv - ok
08:13:03.0827 3292  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:13:03.0883 3292  HidUsb - ok
08:13:03.0931 3292  [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:13:03.0998 3292  hkmsvc - ok
08:13:04.0029 3292  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
08:13:04.0052 3292  HpCISSs - ok
08:13:04.0098 3292  HtcVCom32 - ok
08:13:04.0247 3292  [ EA24FE637D974A8A31BC650F478E3533 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:13:04.0507 3292  HTTP - ok
08:13:04.0580 3292  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
08:13:04.0632 3292  i2omp - ok
08:13:04.0688 3292  [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:13:04.0874 3292  i8042prt - ok
08:13:05.0049 3292  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
08:13:05.0088 3292  iaStorV - ok
08:13:05.0288 3292  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:13:05.0401 3292  idsvc - ok
08:13:05.0416 3292  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:13:05.0439 3292  iirsp - ok
08:13:05.0495 3292  [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:13:05.0576 3292  IKEEXT - ok
08:13:06.0491 3292  [ 345AC48D17F5C2F2AA1EE50D34C3978B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:13:06.0672 3292  IntcAzAudAddService - ok
08:13:06.0720 3292  [ 1C60617D54BC9F035671A44B75D9F7CC ] intelide        C:\Windows\system32\drivers\intelide.sys
08:13:06.0741 3292  intelide - ok
08:13:06.0820 3292  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:13:06.0899 3292  intelppm - ok
08:13:06.0921 3292  [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:13:06.0983 3292  IPBusEnum - ok
08:13:06.0994 3292  [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:13:07.0084 3292  IpFilterDriver - ok
08:13:07.0167 3292  [ ECC9AD72CFC4AB41CF6A9BCC11F9FEF6 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:13:07.0248 3292  iphlpsvc - ok
08:13:07.0256 3292  IpInIp - ok
08:13:07.0290 3292  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
08:13:07.0397 3292  IPMIDRV - ok
08:13:07.0421 3292  [ 10077C35845101548037DF04FD1A420B ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
08:13:07.0486 3292  IPNAT - ok
08:13:07.0635 3292  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:13:07.0696 3292  iPod Service - ok
08:13:07.0722 3292  [ A82F328F4792304184642D6D397BB1E3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:13:07.0762 3292  IRENUM - ok
08:13:07.0783 3292  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:13:07.0819 3292  isapnp - ok
08:13:07.0869 3292  [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:13:07.0876 3292  iScsiPrt - ok
08:13:07.0937 3292  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
08:13:07.0978 3292  iteatapi - ok
08:13:08.0006 3292  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
08:13:08.0037 3292  iteraid - ok
08:13:08.0113 3292  [ B076B2AB806B3F696DAB21375389101C ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:13:08.0121 3292  kbdclass - ok
08:13:08.0144 3292  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
08:13:08.0243 3292  kbdhid - ok
08:13:08.0350 3292  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso          C:\Windows\system32\lsass.exe
08:13:08.0431 3292  KeyIso - ok
08:13:08.0638 3292  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
08:13:08.0804 3292  KMWDFILTER - ok
08:13:09.0031 3292  [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:13:16.0610 3292  KSecDD - ok
08:13:16.0875 3292  [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:13:17.0079 3292  KtmRm - ok
08:13:17.0181 3292  [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer    C:\Windows\System32\srvsvc.dll
08:13:17.0294 3292  LanmanServer - ok
08:13:17.0440 3292  [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:13:17.0562 3292  LanmanWorkstation - ok
08:13:17.0670 3292  [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:13:17.0799 3292  lltdio - ok
08:13:17.0963 3292  [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:13:18.0168 3292  lltdsvc - ok
08:13:18.0264 3292  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:13:18.0311 3292  lmhosts - ok
08:13:18.0838 3292  [ 412776CC8A69AC86BE9DEBED4CD82172 ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
08:13:18.0879 3292  LMIGuardianSvc - ok
08:13:19.0121 3292  [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
08:13:19.0140 3292  LMIInfo - ok
08:13:19.0231 3292  [ 7E78DB3671549438C98D2BAB35DD4DDC ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
08:13:19.0369 3292  LMIMaint - ok
08:13:19.0456 3292  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
08:13:19.0475 3292  lmimirr - ok
08:13:19.0538 3292  LMIRfsClientNP - ok
08:13:19.0584 3292  [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
08:13:19.0595 3292  LMIRfsDriver - ok
08:13:19.0801 3292  [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
08:13:19.0960 3292  LogMeIn - ok
08:13:19.0999 3292  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:13:20.0048 3292  LSI_FC - ok
08:13:20.0135 3292  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:13:20.0187 3292  LSI_SAS - ok
08:13:20.0244 3292  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:13:20.0287 3292  LSI_SCSI - ok
08:13:20.0314 3292  [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv           C:\Windows\system32\drivers\luafv.sys
08:13:20.0374 3292  luafv - ok
08:13:20.0512 3292  lxcj_device - ok
08:13:20.0534 3292  mcdbus - ok
08:13:20.0615 3292  [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:13:20.0658 3292  Mcx2Svc - ok
08:13:20.0748 3292  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
08:13:20.0796 3292  megasas - ok
08:13:20.0881 3292  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS           C:\Windows\system32\mmcss.dll
08:13:20.0960 3292  MMCSS - ok
08:13:21.0048 3292  [ 21755967298A46FB6ADFEC9DB6012211 ] Modem           C:\Windows\system32\drivers\modem.sys
08:13:21.0119 3292  Modem - ok
08:13:21.0178 3292  [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:13:21.0210 3292  monitor - ok
08:13:21.0254 3292  [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:13:21.0262 3292  mouclass - ok
08:13:21.0287 3292  [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:13:21.0337 3292  mouhid - ok
08:13:21.0393 3292  [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
08:13:21.0403 3292  MountMgr - ok
08:13:21.0544 3292  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:13:21.0578 3292  MozillaMaintenance - ok
08:13:21.0599 3292  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:13:21.0610 3292  mpio - ok
08:13:21.0658 3292  [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:13:21.0740 3292  mpsdrv - ok
08:13:21.0916 3292  [ 563ED845885C6A7C09A7715D8BD0585C ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:13:22.0129 3292  MpsSvc - ok
08:13:22.0185 3292  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
08:13:22.0266 3292  Mraid35x - ok
08:13:22.0377 3292  [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:13:22.0457 3292  MRxDAV - ok
08:13:22.0527 3292  [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:13:22.0669 3292  mrxsmb - ok
08:13:22.0761 3292  [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:13:22.0817 3292  mrxsmb10 - ok
08:13:22.0827 3292  [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:13:22.0840 3292  mrxsmb20 - ok
08:13:22.0929 3292  [ F0EC3A4E0693A34B148723B4DA31668C ] msahci          C:\Windows\system32\drivers\msahci.sys
08:13:22.0951 3292  msahci - ok
08:13:23.0044 3292  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:13:23.0089 3292  msdsm - ok
08:13:23.0125 3292  [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC           C:\Windows\System32\msdtc.exe
08:13:23.0227 3292  MSDTC - ok
08:13:23.0272 3292  [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:13:23.0342 3292  Msfs - ok
08:13:23.0367 3292  [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:13:23.0377 3292  msisadrv - ok
08:13:23.0427 3292  [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:13:23.0518 3292  MSiSCSI - ok
08:13:23.0521 3292  msiserver - ok
08:13:23.0545 3292  [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:13:23.0591 3292  MSKSSRV - ok
08:13:23.0623 3292  [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:13:23.0694 3292  MSPCLOCK - ok
08:13:23.0715 3292  [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:13:23.0793 3292  MSPQM - ok
08:13:30.0251 3292  [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:13:30.0263 3292  MsRPC - ok
08:13:30.0311 3292  [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:13:30.0321 3292  mssmbios - ok
08:13:30.0349 3292  [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:13:30.0395 3292  MSTEE - ok
08:13:30.0447 3292  [ CBE71C122434805CB73FFB6619F60598 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
08:13:30.0455 3292  MTsensor - ok
08:13:30.0531 3292  [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:13:30.0541 3292  Mup - ok
08:13:30.0647 3292  [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent        C:\Windows\system32\qagentRT.dll
08:13:30.0703 3292  napagent - ok
08:13:30.0810 3292  [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:13:30.0873 3292  NativeWifiP - ok
08:13:31.0004 3292  [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:13:31.0039 3292  NDIS - ok
08:13:31.0112 3292  [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:13:31.0220 3292  NdisTapi - ok
08:13:31.0247 3292  [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:13:31.0320 3292  Ndisuio - ok
08:13:31.0351 3292  [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:13:31.0404 3292  NdisWan - ok
08:13:31.0430 3292  [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:13:31.0479 3292  NDProxy - ok
08:13:31.0508 3292  [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:13:31.0553 3292  NetBIOS - ok
08:13:31.0586 3292  [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
08:13:31.0656 3292  netbt - ok
08:13:31.0705 3292  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon        C:\Windows\system32\lsass.exe
08:13:31.0718 3292  Netlogon - ok
08:13:31.0808 3292  [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman          C:\Windows\System32\netman.dll
08:13:31.0857 3292  Netman - ok
08:13:31.0903 3292  [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm        C:\Windows\System32\netprofm.dll
08:13:31.0993 3292  netprofm - ok
08:13:32.0086 3292  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:13:32.0142 3292  NetTcpPortSharing - ok
08:13:32.0190 3292  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:13:32.0228 3292  nfrd960 - ok
08:13:32.0289 3292  [ C424117A562F2DE37A42266894C79AEB ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:13:32.0356 3292  NlaSvc - ok
08:13:32.0435 3292  [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:13:32.0523 3292  Npfs - ok
08:13:32.0588 3292  [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi             C:\Windows\system32\nsisvc.dll
08:13:32.0634 3292  nsi - ok
08:13:32.0645 3292  [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:13:32.0733 3292  nsiproxy - ok
08:13:33.0121 3292  [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:13:33.0239 3292  Ntfs - ok
08:13:33.0284 3292  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
08:13:33.0500 3292  ntrigdigi - ok
08:13:33.0527 3292  [ EC5EFB3C60F1B624648344A328BCE596 ] Null            C:\Windows\system32\drivers\Null.sys
08:13:33.0557 3292  Null - ok
08:13:33.0757 3292  [ 13EA23E5B699CAE353FA711495FDFF20 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
08:13:33.0873 3292  nusb3hub - ok
08:13:34.0020 3292  [ FA3240B26A1E150E3770A9E01C7BBA4E ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:13:34.0099 3292  nusb3xhc - ok
08:13:34.0149 3292  [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:13:34.0201 3292  nvraid - ok
08:13:34.0246 3292  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:13:34.0317 3292  nvstor - ok
08:13:34.0374 3292  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:13:34.0419 3292  nv_agp - ok
08:13:34.0423 3292  NwlnkFlt - ok
08:13:34.0427 3292  NwlnkFwd - ok
08:13:34.0484 3292  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:13:34.0561 3292  ohci1394 - ok
08:13:34.0678 3292  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:13:34.0795 3292  ose - ok
08:13:35.0053 3292  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
08:13:35.0147 3292  p2pimsvc - ok
08:13:35.0301 3292  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc          C:\Windows\system32\p2psvc.dll
08:13:35.0346 3292  p2psvc - ok
08:13:35.0451 3292  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:13:35.0498 3292  Parport - ok
08:13:35.0507 3292  [ 555A5B2C8022983BC7467BC925B222EE ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:13:35.0517 3292  partmgr - ok
08:13:35.0582 3292  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
08:13:35.0654 3292  Parvdm - ok
08:13:35.0682 3292  [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:13:35.0723 3292  PcaSvc - ok
08:13:35.0900 3292  [ 1085D75657807E0E8B32F9E19A1647C3 ] pci             C:\Windows\system32\drivers\pci.sys
08:13:35.0921 3292  pci - ok
08:13:36.0056 3292  [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide          C:\Windows\system32\drivers\pciide.sys
08:13:36.0066 3292  pciide - ok
08:13:36.0281 3292  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:13:36.0450 3292  pcmcia - ok
08:13:36.0828 3292  [ 3E9CD8646EBF1C15438F9135796C02B7 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
08:13:36.0849 3292  PCToolsSSDMonitorSvc - ok
08:13:37.0099 3292  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:13:37.0248 3292  PEAUTH - ok
08:13:38.0004 3292  [ CD05A38D166BEADE18030BAFC0C0A939 ] pla             C:\Windows\system32\pla.dll
08:13:38.0276 3292  pla - ok
08:13:38.0481 3292  [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:13:38.0518 3292  PlugPlay - ok
08:13:38.0812 3292  [ 0E01D7EEBADA0B324DB0CA1EE73440BA ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
08:13:38.0835 3292  PnkBstrA - ok
08:13:39.0044 3292  [ 1428E6CC1458A36CBFC1F2E304C7C42D ] PnkBstrB        C:\Windows\system32\PnkBstrB.exe
08:13:39.0051 3292  PnkBstrB - ok
08:13:39.0376 3292  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
08:13:39.0435 3292  PNRPAutoReg - ok
08:13:40.0158 3292  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
08:13:40.0285 3292  PNRPsvc - ok
08:13:40.0484 3292  [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:13:40.0639 3292  PolicyAgent - ok
08:13:40.0772 3292  [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:13:40.0837 3292  PptpMiniport - ok
08:13:40.0906 3292  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:13:40.0975 3292  Processor - ok
08:13:41.0312 3292  [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:13:41.0360 3292  ProfSvc - ok
08:13:41.0507 3292  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:13:41.0584 3292  ProtectedStorage - ok
08:13:41.0814 3292  [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
08:13:41.0835 3292  PSched - ok
08:13:42.0046 3292  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
08:13:42.0055 3292  PxHelp20 - ok
08:13:42.0713 3292  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:13:43.0656 3292  ql2300 - ok
08:13:43.0810 3292  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:13:43.0901 3292  ql40xx - ok
08:13:44.0018 3292  [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE           C:\Windows\system32\qwave.dll
08:13:44.0061 3292  QWAVE - ok
08:13:44.0168 3292  [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:13:44.0180 3292  QWAVEdrv - ok
08:13:45.0359 3292  [ 3AF684252780CF87DC2809F85B8F7591 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys
08:13:45.0369 3292  RapportCerberus_43926 - ok
08:13:46.0249 3292  [ E59302E32009F38A24AB573B039D8F21 ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
08:13:48.0732 3292  RapportEI - ok
08:13:49.0641 3292  [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso     c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
08:13:49.0917 3292  RapportIaso - ok
08:13:49.0993 3292  [ 25BFCB71DE17B2DE56800219F8E80959 ] RapportKELL     C:\Windows\system32\Drivers\RapportKELL.sys
08:13:50.0048 3292  RapportKELL - ok
08:13:50.0366 3292  [ 0DE51300C256DE1206EE892521764C76 ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
08:13:50.0390 3292  RapportPG - ok
08:13:50.0468 3292  [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:13:50.0514 3292  RasAcd - ok
08:13:50.0627 3292  [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto         C:\Windows\System32\rasauto.dll
08:13:50.0675 3292  RasAuto - ok
08:13:50.0781 3292  [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:13:50.0828 3292  Rasl2tp - ok
08:13:50.0954 3292  [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan          C:\Windows\System32\rasmans.dll
08:13:54.0036 3292  RasMan - ok
08:13:54.0094 3292  [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:13:54.0169 3292  RasPppoe - ok
08:13:54.0337 3292  [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:13:54.0383 3292  rdbss - ok
08:13:54.0458 3292  [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:13:54.0504 3292  RDPCDD - ok
08:13:54.0706 3292  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
08:13:55.0088 3292  rdpdr - ok
08:13:55.0122 3292  [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:13:55.0279 3292  RDPENCDD - ok
08:13:55.0360 3292  [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:13:55.0668 3292  RDPWD - ok
08:13:55.0975 3292  [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:13:56.0083 3292  RemoteAccess - ok
08:13:56.0196 3292  [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:13:56.0294 3292  RemoteRegistry - ok
08:13:56.0559 3292  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
08:13:56.0623 3292  RpcLocator - ok
08:13:56.0971 3292  [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs           C:\Windows\system32\rpcss.dll
08:13:57.0087 3292  RpcSs - ok
08:13:57.0351 3292  [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:13:57.0418 3292  rspndr - ok
08:13:57.0690 3292  RTHDMIAzAudService - ok
08:13:58.0590 3292  [ 811C4A6EA5C3B8C07352D4503409EF26 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
08:13:58.0690 3292  RTL8169 - ok
08:13:59.0026 3292  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs           C:\Windows\system32\lsass.exe
08:13:59.0057 3292  SamSs - ok
08:13:59.0402 3292  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:13:59.0421 3292  SASDIFSV - ok
08:13:59.0663 3292  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:13:59.0673 3292  SASKUTIL - ok
08:13:59.0827 3292  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:14:00.0036 3292  sbp2port - ok
08:14:00.0990 3292  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
08:14:01.0130 3292  SBSDWSCService - ok
08:14:01.0271 3292  [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:14:01.0381 3292  SCardSvr - ok
08:14:01.0718 3292  [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule        C:\Windows\system32\schedsvc.dll
08:14:01.0811 3292  Schedule - ok
08:14:01.0858 3292  [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:14:01.0949 3292  SCPolicySvc - ok
08:14:02.0133 3292  [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:14:02.0236 3292  SDRSVC - ok
08:14:02.0330 3292  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:14:02.0410 3292  secdrv - ok
08:14:02.0546 3292  [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon        C:\Windows\system32\seclogon.dll
08:14:02.0582 3292  seclogon - ok
08:14:02.0771 3292  [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS            C:\Windows\System32\sens.dll
08:14:02.0869 3292  SENS - ok
08:14:02.0979 3292  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:14:03.0037 3292  Serenum - ok
08:14:03.0122 3292  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:14:03.0241 3292  Serial - ok
08:14:03.0364 3292  [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:14:03.0434 3292  sermouse - ok
08:14:03.0660 3292  [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:14:03.0699 3292  SessionEnv - ok
08:14:03.0736 3292  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:14:03.0844 3292  sffdisk - ok
08:14:03.0970 3292  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:14:04.0080 3292  sffp_mmc - ok
08:14:04.0252 3292  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:14:04.0306 3292  sffp_sd - ok
08:14:04.0412 3292  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:14:04.0558 3292  sfloppy - ok
08:14:04.0950 3292  [ 9A82BF4C90B00A63150A606A1E2FD82B ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:14:04.0985 3292  SharedAccess - ok
08:14:05.0224 3292  [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:14:05.0439 3292  ShellHWDetection - ok
08:14:05.0505 3292  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
08:14:05.0570 3292  sisagp - ok
08:14:05.0821 3292  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
08:14:05.0853 3292  SiSRaid2 - ok
08:14:05.0902 3292  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:14:05.0990 3292  SiSRaid4 - ok
08:14:06.0957 3292  [ A1DCD30534835CB67733AD00175125A6 ] slsvc           C:\Windows\system32\SLsvc.exe
08:14:10.0800 3292  slsvc - ok
08:14:10.0887 3292  [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
08:14:10.0954 3292  SLUINotify - ok
08:14:11.0025 3292  [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:14:11.0108 3292  Smb - ok
08:14:11.0405 3292  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:14:11.0419 3292  SNMPTRAP - ok
08:14:11.0454 3292  [ 426F9B029AA9162CECCF65369457D046 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:14:11.0463 3292  spldr - ok
08:14:11.0531 3292  [ DA612EF2556776DF2630B68BF2D48935 ] Spooler         C:\Windows\System32\spoolsv.exe
08:14:11.0545 3292  Spooler - ok
08:14:11.0617 3292  sptd - ok
08:14:11.0765 3292  [ 038579C35F7CAD4A4BBF735DBF83277D ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:14:11.0813 3292  srv - ok
08:14:11.0881 3292  [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:14:11.0954 3292  srv2 - ok
08:14:11.0995 3292  [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:14:12.0074 3292  srvnet - ok
08:14:12.0191 3292  [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:14:12.0304 3292  SSDPSRV - ok
08:14:12.0507 3292  [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc          C:\Windows\System32\wiaservc.dll
08:14:12.0582 3292  stisvc - ok
08:14:12.0647 3292  [ 1379BDB336F8158C176A465E30759F57 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:14:12.0657 3292  swenum - ok
08:14:12.0807 3292  [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv           C:\Windows\System32\swprv.dll
08:14:12.0917 3292  swprv - ok
08:14:12.0933 3292  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
08:14:12.0972 3292  Symc8xx - ok
08:14:13.0046 3292  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
08:14:13.0105 3292  Sym_hi - ok
08:14:13.0125 3292  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
08:14:13.0155 3292  Sym_u3 - ok
08:14:13.0435 3292  [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain         C:\Windows\system32\sysmain.dll
08:14:13.0506 3292  SysMain - ok
08:14:13.0584 3292  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:14:13.0634 3292  TabletInputService - ok
08:14:13.0726 3292  [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:14:13.0776 3292  TapiSrv - ok
08:14:13.0882 3292  [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS             C:\Windows\System32\tbssvc.dll
08:14:13.0928 3292  TBS - ok
08:14:14.0270 3292  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:14:14.0382 3292  Tcpip - ok
08:14:14.0562 3292  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
08:14:14.0637 3292  Tcpip6 - ok
08:14:14.0708 3292  [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:14:14.0787 3292  tcpipreg - ok
08:14:14.0842 3292  [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:14:14.0912 3292  TDPIPE - ok
08:14:14.0973 3292  [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:14:15.0064 3292  TDTCP - ok
08:14:15.0105 3292  [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:14:15.0151 3292  tdx - ok
08:14:15.0206 3292  [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:14:15.0216 3292  TermDD - ok
08:14:15.0447 3292  [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService     C:\Windows\System32\termsrv.dll
08:14:15.0555 3292  TermService - ok
08:14:15.0654 3292  [ B264DFA21677728613267FE63802B332 ] Themes          C:\Windows\system32\shsvcs.dll
08:14:15.0672 3292  Themes - ok
08:14:15.0730 3292  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER     C:\Windows\system32\mmcss.dll
08:14:15.0776 3292  THREADORDER - ok
08:14:15.0853 3292  [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks          C:\Windows\System32\trkwks.dll
08:14:15.0900 3292  TrkWks - ok
08:14:16.0026 3292  [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:14:16.0066 3292  TrustedInstaller - ok
08:14:16.0101 3292  [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:14:16.0228 3292  tssecsrv - ok
08:14:16.0305 3292  [ 65E953BC0084D44498B51F59784D2A82 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
08:14:16.0318 3292  tunmp - ok
08:14:16.0357 3292  [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:14:16.0369 3292  tunnel - ok
08:14:16.0457 3292  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:14:16.0511 3292  uagp35 - ok
08:14:16.0643 3292  [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:14:16.0872 3292  udfs - ok
08:14:16.0962 3292  [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:14:17.0003 3292  UI0Detect - ok
08:14:17.0045 3292  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:14:17.0078 3292  uliagpkx - ok
08:14:17.0229 3292  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
08:14:17.0343 3292  uliahci - ok
08:14:17.0386 3292  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
08:14:17.0455 3292  UlSata - ok
08:14:17.0523 3292  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
08:14:17.0582 3292  ulsata2 - ok
08:14:17.0662 3292  [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:14:17.0746 3292  umbus - ok
08:14:17.0933 3292  [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost        C:\Windows\System32\upnphost.dll
08:14:17.0996 3292  upnphost - ok
08:14:18.0122 3292  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
08:14:18.0222 3292  USBAAPL - ok
08:14:18.0279 3292  [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:14:18.0379 3292  usbccgp - ok
08:14:18.0411 3292  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:14:18.0453 3292  usbcir - ok
08:14:18.0511 3292  [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:14:18.0521 3292  usbehci - ok
08:14:18.0593 3292  [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:14:18.0634 3292  usbhub - ok
08:14:18.0658 3292  [ 9333E482A173938788CBDE8F81EC52FB ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
08:14:18.0668 3292  usbohci - ok
08:14:18.0720 3292  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:14:18.0756 3292  usbprint - ok
08:14:18.0804 3292  [ B1F95285C08DDFE00C0B955462637EC7 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:14:18.0873 3292  usbscan - ok
08:14:18.0932 3292  [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:14:19.0008 3292  USBSTOR - ok
08:14:19.0040 3292  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
08:14:19.0105 3292  usbuhci - ok
08:14:19.0158 3292  [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms           C:\Windows\System32\uxsms.dll
08:14:19.0229 3292  UxSms - ok
08:14:19.0324 3292  [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds             C:\Windows\System32\vds.exe
08:14:19.0371 3292  vds - ok
08:14:19.0399 3292  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:14:19.0467 3292  vga - ok
08:14:19.0490 3292  [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:14:19.0561 3292  VgaSave - ok
08:14:19.0598 3292  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
08:14:19.0621 3292  viaagp - ok
08:14:19.0646 3292  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
08:14:19.0711 3292  ViaC7 - ok
08:14:19.0747 3292  [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide          C:\Windows\system32\drivers\viaide.sys
08:14:19.0768 3292  viaide - ok
08:14:19.0815 3292  [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:14:19.0825 3292  volmgr - ok
08:14:19.0890 3292  [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:14:19.0903 3292  volmgrx - ok
08:14:19.0963 3292  [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:14:19.0976 3292  volsnap - ok
08:14:20.0018 3292  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:14:20.0055 3292  vsmraid - ok
08:14:20.0315 3292  [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS             C:\Windows\system32\vssvc.exe
08:14:20.0347 3292  VSS - ok
08:14:20.0432 3292  [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time         C:\Windows\system32\w32time.dll
08:14:20.0482 3292  W32Time - ok
08:14:20.0504 3292  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:14:20.0584 3292  WacomPen - ok
08:14:20.0631 3292  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
08:14:20.0643 3292  Wanarp - ok
08:14:20.0651 3292  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:14:20.0663 3292  Wanarpv6 - ok
08:14:20.0695 3292  [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:14:20.0729 3292  wcncsvc - ok
08:14:20.0747 3292  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:14:20.0820 3292  WcsPlugInService - ok
08:14:20.0875 3292  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
08:14:20.0913 3292  Wd - ok
08:14:21.0064 3292  [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:14:21.0091 3292  Wdf01000 - ok
08:14:21.0129 3292  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:14:21.0170 3292  WdiServiceHost - ok
08:14:21.0176 3292  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:14:21.0192 3292  WdiSystemHost - ok
08:14:21.0279 3292  [ 01E41C264EEDCB827820A1909162579F ] WebClient       C:\Windows\System32\webclnt.dll
08:14:21.0321 3292  WebClient - ok
08:14:21.0373 3292  [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:14:21.0431 3292  Wecsvc - ok
08:14:21.0451 3292  [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:14:21.0495 3292  wercplsupport - ok
08:14:21.0526 3292  [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:14:21.0557 3292  WerSvc - ok
08:14:21.0619 3292  [ 8563FCED6483CA76FC130F1FF6F20278 ] WFMC_VAD        C:\Windows\system32\DRIVERS\wfmcvad.sys
08:14:21.0652 3292  WFMC_VAD - ok
08:14:21.0805 3292  [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:14:21.0976 3292  WinDefend - ok
08:14:21.0980 3292  WinHttpAutoProxySvc - ok
08:14:22.0301 3292  [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:14:22.0370 3292  Winmgmt - ok
08:14:22.0537 3292  [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:14:22.0597 3292  WinRM - ok
08:14:22.0758 3292  [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:14:22.0837 3292  Wlansvc - ok
08:14:22.0888 3292  [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
08:14:23.0000 3292  WmiAcpi - ok
08:14:23.0029 3292  [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:14:23.0042 3292  wmiApSrv - ok
08:14:23.0318 3292  [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:14:23.0395 3292  WMPNetworkSvc - ok
08:14:23.0476 3292  [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:14:26.0423 3292  WPCSvc - ok
08:14:26.0509 3292  [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:14:26.0556 3292  WPDBusEnum - ok
08:14:26.0573 3292  [ 2D27171B16A577EF14C1273668753485 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
08:14:26.0643 3292  WpdUsb - ok
08:14:27.0060 3292  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:14:27.0127 3292  WPFFontCache_v0400 - ok
08:14:27.0177 3292  [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:14:27.0296 3292  ws2ifsl - ok
08:14:27.0466 3292  [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc          C:\Windows\system32\wscsvc.dll
08:14:27.0477 3292  wscsvc - ok
08:14:27.0479 3292  WSearch - ok
08:14:27.0952 3292  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:14:28.0149 3292  wuauserv - ok
08:14:28.0192 3292  [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:14:28.0237 3292  WUDFRd - ok
08:14:28.0335 3292  [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:14:28.0381 3292  wudfsvc - ok
08:14:28.0425 3292  ================ Scan global ===============================
08:14:28.0759 3292  [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
08:14:28.0838 3292  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
08:14:28.0907 3292  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
08:14:29.0001 3292  [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
08:14:29.0004 3292  [Global] - ok
08:14:29.0004 3292  ================ Scan MBR ==================================
08:14:29.0017 3292  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:14:29.0888 3292  \Device\Harddisk0\DR0 - ok
08:14:29.0888 3292  ================ Scan VBR ==================================
08:14:29.0895 3292  [ 9CCB401B0698E31951AC5DF1BFF76DF2 ] \Device\Harddisk0\DR0\Partition1
08:14:29.0911 3292  \Device\Harddisk0\DR0\Partition1 - ok
08:14:29.0911 3292  ============================================================
08:14:29.0911 3292  Scan finished
08:14:29.0911 3292  ============================================================
08:14:29.0924 1300  Detected object count: 4
08:14:29.0924 1300  Actual detected object count: 4
08:14:35.0317 1300  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
08:14:35.0318 1300  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:14:35.0321 1300  AODDriver ( UnsignedFile.Multi.Generic ) - skipped by user
08:14:35.0321 1300  AODDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:14:35.0324 1300  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
08:14:35.0324 1300  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:14:35.0327 1300  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:14:35.0327 1300  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:14:38.0305 3352  Deinitialize success
 

RK log:

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : ??????? [Admin rights]
Mode : Scan -- Date : 05/30/2013 08:18:50
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] f4a5ef7552967f9737ad8b175940add2
[BSP] a71e8366fb9d0a0112f64bd347fe2453 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_05302013_02d0818.txt >>
RKreport[1]_S_05302013_02d0818.txt
 
 
 

 

 

 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 AM

Posted 30 May 2013 - 08:12 AM

Please run the RogueKiller toop and delete these items.

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

===

Using the Add/Remove progams applet remove these old versions of the programs.
Java™ 6 Update 45
Adobe Flash Player 10


===

Next, this is something you should do when your computer is running as expected..

Important security issue

http://support.microsoft.com/lifecycle/search/?sort=PN&alpha=WINDOWS+vista
Support for Windows Vista without any service packs has ended on April 13, 2010.
Windows Vista Service Pack 1 support ended on 12/07/2011

For continued security support from Microsoft get the Service Pack 2.
http://support.microsoft.com/kb/935791

As indicated on the Microsoft page SP1 must be installed before proceeding to install SP2.
You will find the necessary link on the page.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===


What issues are still pending on this computer?

#10 monkeybo

monkeybo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 30 May 2013 - 08:57 AM

Ran RogueKiller but none of the above items listed where found, is this a problem?

 

Have deleted suggested programs....



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 AM

Posted 30 May 2013 - 01:49 PM

Nothing in THE REGISTRY SECTION?

#12 monkeybo

monkeybo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 31 May 2013 - 03:49 AM

No nothing at all, rkiller tabs are all unpopulated apart from hosts, drivers and mbr.

 

TDSS Killer needed a reboot following first scan listed in post submitted yesterday - 08:37am and RKiller has not shown any reg details since then. 

 

When browsing yesterday I noticed that the ghosting of a deleted tab was still present.

 

As I am asking for your assistance and not that knowledgeable regarding the tools you have run (basically I'm not questioning your judgement) can you kindly explain why the other 4 entries suspicious objects discovered in original TDSS Killer scan are not related and why combofix would not run?

 

 

I have attached latest rkiller log, see below:

 

Operating System : Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : G???????  [Admin rights]
Mode : Scan -- Date : 05/31/2013 09:31:33
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] f4a5ef7552967f9737ad8b175940add2
[BSP] a71e8366fb9d0a0112f64bd347fe2453 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_05312013_02d0931.txt >>
RKreport[1]_S_05312013_02d0931.txt


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 AM

Posted 31 May 2013 - 09:13 AM

when I use my browser ghosts of tabs I have deleted remain so I have to select another tab and return then the page I deleted disappears, the system is hanging quite regularly.


If you used Firefox or Chrome and the tabs are spawned, please remove the browser using the Add/Remove programs applet, restart the computer and reinstall a fresh copy.
===

If the RogueKiller is no longer reporting any conflict let it go. It's clean.

===

Try to run ComboFix one more time.
You may be asked to update it, please do.

If no log is generated or it hangs close the application after 30 minutes.

Run this tool.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.

Please let me know what problem persists.

#14 monkeybo

monkeybo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 31 May 2013 - 04:58 PM

Ran combofix, but it froze in same place.

 

Ran OTL as directed, but did not have 'include 64bit Scans' field on version downloaded and only one log OTL.txt was generated when finished, see log below:

 

OTL logfile created on: 31/05/2013 22:27:13 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\???????\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
 
 
3.25 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 60.91% Memory free
6.69 Gb Paging File | 5.33 Gb Available in Paging File | 79.67% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 272.52 Gb Free Space | 29.26% Space Free | Partition Type: NTFS
 
Computer Name: ??????? | User Name: ??????? | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/31 22:07:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\???????\Desktop\OTL.exe
PRC - [2013/03/19 17:31:26 | 000,375,144 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/01/26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\???????\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/14 19:37:30 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 05:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 14:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 14:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 14:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/28 16:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012/04/06 03:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/04/06 03:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/03/03 15:49:14 | 002,148,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2011/01/12 20:40:28 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/14 12:00:26 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EPU\EPU.exe
PRC - [2010/06/11 16:15:08 | 009,933,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/06/09 16:32:40 | 001,098,880 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/06/02 11:58:38 | 000,578,560 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.04\AsSysCtrlService.exe
PRC - [2010/03/30 09:40:20 | 000,113,296 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/27 13:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2010/03/25 12:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\AI Suite\QFan4\FanHelp.exe
PRC - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2007/05/08 17:13:08 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 8300 Series\ezprint.exe
PRC - [2007/05/08 17:09:00 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
PRC - [2007/02/08 06:52:50 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcjcoms.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/06 16:44:25 | 000,758,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b095af4c06f82361e8be3ec0e6347cc3\System.Runtime.Remoting.ni.dll
MOD - [2013/01/06 16:44:18 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
MOD - [2013/01/06 16:06:01 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll
MOD - [2013/01/06 16:05:55 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll
MOD - [2013/01/06 16:05:47 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b4e58d1a3e0ee75b6b107585c92c68e8\PresentationFramework.Aero.ni.dll
MOD - [2013/01/06 16:05:46 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8357ade60159c25ee88db0aab8686e6d\PresentationFramework.ni.dll
MOD - [2013/01/06 16:05:33 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll
MOD - [2013/01/06 16:05:26 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll
MOD - [2013/01/06 16:05:19 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll
MOD - [2013/01/06 16:05:16 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac2cd19f2159d48684e17cbdecfaa3b7\System.Configuration.ni.dll
MOD - [2013/01/06 16:05:13 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll
MOD - [2013/01/06 16:05:08 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll
MOD - [2013/01/06 16:05:03 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll
MOD - [2012/11/29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012/09/28 16:42:42 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2012/04/06 02:09:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/06/01 11:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll
MOD - [2010/06/01 11:38:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\flashobj.dll
MOD - [2010/03/12 06:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files\ASUS\GPU Boost Driver\platform.dll
MOD - [2010/03/12 06:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files\ASUS\GPU Boost Driver\device.dll
MOD - [2010/02/08 18:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010/01/08 18:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU\pngio.dll
MOD - [2010/01/08 18:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009/09/30 04:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll
MOD - [2009/04/22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\EPU\AsusService.dll
MOD - [2005/12/20 15:25:56 | 000,118,784 | ---- | M] () -- C:\Program Files\Lexmark 8300 Series\lxcjdrec.dll
MOD - [2005/06/14 18:08:28 | 000,196,608 | ---- | M] () -- C:\Program Files\Lexmark 8300 Series\iptk.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/05/11 23:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/19 17:31:30 | 000,137,576 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/03/19 17:31:26 | 000,375,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/12/14 19:37:30 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/11/29 11:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/28 16:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012/04/06 03:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/23 23:12:25 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/03 15:49:14 | 002,148,176 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2011/01/12 20:51:34 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/02 11:58:38 | 000,578,560 | R--- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.04\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/02/08 06:52:50 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcjcoms.exe -- (lxcj_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HtcVComV32.sys -- (HtcVCom32)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2013/05/31 21:20:19 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\???????\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/03/19 17:31:46 | 000,084,352 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/11/29 11:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/11/29 11:56:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/11/16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/11/07 17:29:50 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/11/07 17:29:48 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/11/07 17:29:48 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/10/22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/20 12:32:55 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 04:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 04:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 04:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 04:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 04:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/05/28 21:33:48 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/04/09 11:13:58 | 000,048,256 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.2)
DRV - [2012/04/09 11:13:58 | 000,048,256 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2012/04/06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/06 02:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/23 18:57:59 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/02/23 13:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/09/13 15:14:00 | 000,164,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011/09/13 15:13:58 | 000,073,344 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2011/09/08 16:40:24 | 000,363,112 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/09 02:32:16 | 000,686,872 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2011/02/14 03:04:30 | 000,038,608 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2010/03/12 06:35:48 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\GPU Boost Driver\i386\aoddriver.sys -- (AODDriver)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010/02/08 05:45:04 | 000,019,456 | ---- | M] (WiFi Media Connect) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wfmcvad.sys -- (WFMC_VAD)
DRV - [2009/08/23 23:55:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/08/04 03:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/16 11:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fuk.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
IE - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\..\SearchScopes\{4AAA6F22-2C30-4df3-AB22-77D5493F37FE}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/10/31 20:19:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/21 21:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/21 21:49:25 | 000,000,000 | ---D | M]
 
[2010/12/28 14:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\???????\AppData\Roaming\Mozilla\Extensions
[2013/05/24 18:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\???????\AppData\Roaming\Mozilla\Firefox\Profiles\oyx1bb9q.default\extensions
[2013/05/24 18:42:54 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\???????\AppData\Roaming\Mozilla\Firefox\Profiles\oyx1bb9q.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/05/30 14:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/31 20:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/31 20:56:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/11 23:30:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/06/20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\???????\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\???????\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Raindrops = C:\Users\???????\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\
CHR - Extension: YouTube = C:\Users\???????\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\???????\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\???????\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/05/22 19:20:36 | 000,447,762 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15378 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCJCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcjmon.exe] C:\Program Files\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000..\Run: [Akamai NetSession Interface] C:\Users\???????\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000..\Run: [ApplePhotoStreams] C:\ApplePhotoStreams.exe (Apple Inc.)
O7 - HKU\S-1-5-21-1753556726-2305963275-3513911332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D360202-E3E7-4545-8A59-26D530F98805}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\???????\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\???????\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/05/21 16:04:40 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{6e86fd15-3ec3-11e0-8d3c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6e86fd15-3ec3-11e0-8d3c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{9585b9b5-0fcc-11e0-b1c3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9585b9b5-0fcc-11e0-b1c3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Enterprise_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/31 22:07:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\???????\Desktop\OTL.exe
[2013/05/31 22:02:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/31 21:19:07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/31 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/05/31 20:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/31 20:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/05/30 15:22:27 | 000,000,000 | ---D | C] -- C:\Users\???????\AppData\Roaming\Media Player Classic
[2013/05/30 08:17:21 | 000,000,000 | ---D | C] -- C:\Users\???????\Desktop\RK_Quarantine
[2013/05/30 08:09:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/29 16:51:25 | 000,000,000 | ---D | C] -- C:\Users\???????\Desktop\Bleeping tools
[2013/05/29 16:50:45 | 000,000,000 | ---D | C] -- C:\Users\???????\Desktop\Bleeping logs
[2013/05/29 15:14:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\???????\Desktop\tdsskiller.exe
[2013/05/28 11:01:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/28 11:01:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/28 11:01:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/28 11:01:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013/05/28 11:01:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 11:01:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/24 19:43:43 | 000,000,000 | ---D | C] -- C:\Users\???????\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/05/24 19:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/05/23 23:38:30 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\???????\Desktop\fsbl.exe
[2013/05/23 15:43:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/22 14:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/05/21 21:43:36 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/05/21 21:43:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/05/21 21:43:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/05/21 21:43:22 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/05/21 20:56:26 | 000,000,000 | ---D | C] -- C:\Users\???????\AppData\Local\WindowsUpdate
[2013/05/21 20:55:17 | 000,000,000 | ---D | C] -- C:\Users\???????\AppData\Local\Secunia PSI
[2013/05/21 20:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013/05/21 19:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/05/21 19:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/21 19:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/05/21 16:04:04 | 000,000,000 | ---D | C] -- C:\Autoruns
[2013/05/19 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\???????\AppData\Local\AirVideoServer
[2013/05/19 14:18:25 | 000,000,000 | -H-D | C] -- C:\jexepackres
[2013/05/19 14:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Video Server
[2013/05/19 14:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\AirVideoServer
[2013/05/18 13:44:28 | 000,000,000 | ---D | C] -- C:\Users\???????\AppData\Local\LogMeIn
[2013/05/18 13:44:12 | 000,031,592 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2013/05/18 13:44:11 | 000,084,352 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2013/05/18 13:44:10 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2013/05/18 13:44:03 | 000,092,520 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2013/05/18 13:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2013/05/18 13:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2013/05/18 12:33:19 | 000,000,000 | -HSD | C] -- C:\Users\???????\AppData\Local\ms-drivers
[2013/05/18 12:33:15 | 000,000,000 | ---D | C] -- C:\Users\???????\AppData\Local\MetaGeek,_LLC
[2013/05/18 12:01:02 | 000,000,000 | ---D | C] -- C:\Users\???????\AppData\Roaming\Hobbyist Software
[2013/05/18 12:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Streamer
[2013/05/18 12:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hobbyist Software
[2013/05/08 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\???????\AppData\Local\Microsoft Corporation
[2013/05/08 16:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/31 22:23:15 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/31 22:22:37 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 22:22:37 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 22:22:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/31 22:22:33 | 3488,731,136 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/31 22:07:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\???????\Desktop\OTL.exe
[2013/05/31 21:00:34 | 000,001,995 | ---- | M] () -- C:\Users\???????\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/31 20:57:34 | 000,000,604 | ---- | M] () -- C:\Users\???????\Desktop\ComboFix - Shortcut.lnk
[2013/05/31 20:57:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/31 20:56:55 | 000,000,870 | ---- | M] () -- C:\Users\???????\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/31 20:56:55 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/31 20:53:11 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/31 20:43:43 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9E4F269-D7C1-4D9F-8790-911FCE099844}.job
[2013/05/31 10:22:30 | 000,000,689 | ---- | M] () -- C:\Users\???????\Desktop\cmd - Shortcut.lnk
[2013/05/30 08:04:55 | 000,816,128 | ---- | M] () -- C:\Users\???????\Desktop\RogueKiller.exe
[2013/05/29 15:14:47 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\???????\Desktop\tdsskiller.exe
[2013/05/28 10:37:57 | 000,631,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/28 10:37:57 | 000,110,942 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/23 23:38:37 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\???????\Desktop\fsbl.exe
[2013/05/23 16:49:10 | 000,312,902 | ---- | M] () -- C:\Users\???????\Desktop\unistall_programs.reg
[2013/05/22 21:36:05 | 000,000,223 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/22 19:20:36 | 000,447,762 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/22 14:31:04 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic.lnk
[2013/05/21 22:37:34 | 000,326,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/21 21:45:05 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013/05/21 21:43:04 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/05/21 21:43:03 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/05/21 21:43:03 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/05/21 21:43:03 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/05/21 21:43:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/05/21 21:43:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/05/21 19:01:36 | 000,001,055 | ---- | M] () -- C:\Users\???????\Desktop\Spybot - Search & Destroy.lnk
[2013/05/20 20:29:52 | 000,001,356 | ---- | M] () -- C:\Users\???????\AppData\Local\d3d9caps.dat
[2013/05/19 14:18:22 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Air Video Server.lnk
[2013/05/19 14:01:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/19 14:01:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/18 13:46:00 | 000,000,865 | ---- | M] () -- C:\Users\???????\Desktop\LogMeIn.lnk
[2013/05/18 13:43:59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/05/18 12:34:40 | 000,001,130 | ---- | M] () -- C:\Users\???????\Desktop\VLC Streamer Helper.lnk
[2013/05/18 12:33:19 | 000,000,037 | -HS- | M] () -- C:\Users\???????\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/05/17 17:48:48 | 000,161,792 | ---- | M] () -- C:\Users\???????\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/15 12:18:50 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/05/08 16:36:55 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
 
========== Files Created - No Company Name ==========
 
[2013/05/31 20:57:34 | 000,000,604 | ---- | C] () -- C:\Users\???????\Desktop\ComboFix - Shortcut.lnk
[2013/05/31 20:56:55 | 000,000,870 | ---- | C] () -- C:\Users\???????\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/31 20:56:55 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/31 20:56:55 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/31 20:53:11 | 000,001,995 | ---- | C] () -- C:\Users\???????\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/31 20:53:11 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/31 20:52:11 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/31 20:52:10 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/31 10:22:06 | 000,000,689 | ---- | C] () -- C:\Users\???????\Desktop\cmd - Shortcut.lnk
[2013/05/30 08:04:53 | 000,816,128 | ---- | C] () -- C:\Users\???????\Desktop\RogueKiller.exe
[2013/05/28 11:01:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/28 11:01:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/28 11:01:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/28 11:01:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/28 11:01:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/23 16:49:10 | 000,312,902 | ---- | C] () -- C:\Users\???????\Desktop\unistall_programs.reg
[2013/05/22 21:36:05 | 000,000,223 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/22 14:31:04 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic.lnk
[2013/05/21 19:01:36 | 000,001,055 | ---- | C] () -- C:\Users\???????\Desktop\Spybot - Search & Destroy.lnk
[2013/05/21 18:25:57 | 3488,731,136 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/19 14:18:22 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Air Video Server.lnk
[2013/05/18 13:46:00 | 000,000,865 | ---- | C] () -- C:\Users\???????\Desktop\LogMeIn.lnk
[2013/05/18 13:43:58 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013/05/18 13:43:43 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2013/05/18 12:34:40 | 000,001,130 | ---- | C] () -- C:\Users\???????\Desktop\VLC Streamer Helper.lnk
[2013/05/18 12:33:19 | 000,000,037 | -HS- | C] () -- C:\Users\???????\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/05/08 16:36:55 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/05/08 16:36:54 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/09/28 16:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/07/13 00:15:45 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/07/13 00:13:35 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2012/07/13 00:11:22 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/15 18:00:13 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2012/02/15 18:00:13 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2012/01/10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/24 00:13:51 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcjusb1.dll
[2011/12/24 00:13:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcjinpa.dll
[2011/12/24 00:13:51 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcjiesc.dll
[2011/12/24 00:13:51 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcjhcp.dll
[2011/12/24 00:13:51 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcjinst.dll
[2011/12/24 00:13:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcjserv.dll
[2011/12/24 00:13:50 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcjhbn3.dll
[2011/12/24 00:13:50 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcjcomc.dll
[2011/12/24 00:13:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcjpmui.dll
[2011/12/24 00:13:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcjlmpm.dll
[2011/12/24 00:13:50 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcjcoms.exe
[2011/12/24 00:13:50 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcjcomm.dll
[2011/12/24 00:13:50 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcjih.exe
[2011/12/24 00:13:50 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcjcfg.exe
[2011/12/24 00:13:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcjprox.dll
[2011/12/24 00:13:50 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcjpplc.dll
[2011/12/23 23:07:20 | 000,000,372 | ---- | C] () -- C:\Users\???????\Documents - Shortcut.lnk
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/04/28 12:16:32 | 000,022,328 | ---- | C] () -- C:\Users\???????\AppData\Roaming\PnkBstrK.sys
[2011/01/12 01:47:27 | 000,161,792 | ---- | C] () -- C:\Users\???????\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 14:12:08 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/24 19:37:53 | 000,001,356 | ---- | C] () -- C:\Users\???????\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/12 20:42:38 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011/01/12 20:34:42 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/01/12 19:46:56 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/12 19:46:56 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/12/14 19:12:14 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\AVG2013
[2013/03/23 12:34:12 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/12/12 21:39:45 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\Canneverbe Limited
[2013/05/15 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\DAEMON Tools Lite
[2012/07/13 01:03:44 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\DRPSu
[2013/05/15 12:43:22 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\FileZilla
[2013/05/18 12:01:02 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\Hobbyist Software
[2013/04/17 20:00:39 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\ImgBurn
[2011/09/05 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\Outlook
[2011/04/23 20:30:05 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\Registry Mechanic
[2011/08/25 15:30:00 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\Spotify
[2012/12/14 19:08:17 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\TuneUp Software
[2013/05/15 12:43:22 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\uTorrent
[2013/04/07 11:24:05 | 000,000,000 | ---D | M] -- C:\Users\???????\AppData\Roaming\Xilisoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2006/11/02 10:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006/11/02 10:46:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2006/11/02 10:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2011/01/12 02:14:07 | 000,750,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2006/11/02 10:46:02 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/01/12 20:39:38 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2011/04/11 23:30:31 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2006/11/02 10:46:02 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2006/11/02 10:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2011/01/12 20:34:48 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2011/01/12 02:59:09 | 000,204,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/01/12 02:53:50 | 000,083,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2006/11/02 10:46:04 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2006/11/02 10:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2011/01/12 20:59:42 | 000,286,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2011/01/12 21:00:24 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2006/11/02 10:46:13 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2006/11/02 10:46:05 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2006/11/02 10:46:11 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2006/11/02 10:46:11 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2006/11/02 10:46:11 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2006/11/02 10:46:12 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/01/12 20:36:29 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2006/11/02 10:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/01/12 20:39:38 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2006/11/02 13:34:35 | 000,560,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2006/11/02 10:46:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2006/11/02 10:46:12 | 000,234,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2011/01/12 20:34:48 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2006/11/02 10:46:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/01/12 20:39:38 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2006/11/02 13:35:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2006/11/02 10:46:13 | 000,121,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2006/11/02 10:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2011/01/12 03:02:25 | 002,605,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2011/01/12 20:36:27 | 000,595,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2006/11/02 10:46:13 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2006/11/02 10:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2006/11/02 10:46:12 | 000,152,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2006/11/02 10:45:51 | 000,924,160 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2006/11/02 10:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2006/11/02 10:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2006/11/02 13:36:16 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2011/01/12 20:51:34 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 10:46:13 | 000,989,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2011/01/12 20:45:19 | 000,396,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2006/11/02 13:34:41 | 000,451,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2006/11/02 10:45:26 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2006/11/02 10:46:14 | 000,161,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2010/12/28 21:54:25 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2006/11/02 10:46:04 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2011/01/12 20:55:01 | 000,502,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2011/01/12 20:47:56 | 000,156,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
[2013/04/05 13:00:52 | 002,981,704 | ---- | M] (Apple Inc.) -- C:\AppleOutlookDAVConfig.exe
[2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\ApplePhotoStreams.exe
[2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\ApplePhotoStreamsDownloader.exe
[2013/04/05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\BookmarkDAV_client.exe
[2013/04/05 12:58:16 | 000,145,736 | ---- | M] (Apple Inc.) -- C:\EReporter.exe
[2009/03/03 00:47:38 | 000,049,233 | ---- | M] () -- C:\fat32format.exe
[2013/04/05 12:58:16 | 000,145,736 | ---- | M] (Apple Inc.) -- C:\iCloud.exe
[2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\iCloudServices.exe
[2013/04/05 12:59:08 | 000,015,176 | ---- | M] (Apple Inc.) -- C:\iCloudWeb.exe
[2013/04/05 12:58:30 | 000,031,048 | ---- | M] (Apple Inc.) -- C:\PhotoStream.exe
 
< MD5 for: EXPLORER.EXE  >
[2011/01/12 20:40:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2011/01/12 20:40:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/01/12 20:40:28 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/01/12 20:40:28 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/01/12 20:55:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011/01/12 20:55:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2011/01/12 20:40:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
 
< MD5 for: SERVICES  >
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.CNF  >
[2004/06/08 14:27:58 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 1\exercise files\PC Exercises\FP 2003 Master Files\chap_02\laeyeworks\_vti_pvt\services.cnf
[2004/06/08 09:56:38 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 1\exercise files\PC Exercises\FP 2003 Master Files\chap_02\orbit\_vti_pvt\services.cnf
[2004/06/08 21:19:26 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 1\exercise files\PC Exercises\FP 2003 Master Files\chap_02\paths\_vti_pvt\services.cnf
[2004/06/09 11:06:58 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 1\exercise files\PC Exercises\FP 2003 Master Files\chap_04\_vti_pvt\services.cnf
[2004/06/14 16:07:50 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 1\exercise files\PC Exercises\FP 2003 Master Files\chap_05\_vti_pvt\services.cnf
[2004/06/10 13:13:32 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 1\exercise files\PC Exercises\FP 2003 Master Files\chap_06\_vti_pvt\services.cnf
[2004/06/14 10:58:34 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 1\exercise files\PC Exercises\FP 2003 Master Files\chap_07\_vti_pvt\services.cnf
[2004/06/15 07:22:20 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_08\_vti_pvt\services.cnf
[2004/06/14 17:07:12 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_09\_vti_pvt\services.cnf
[2004/06/15 20:23:48 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_10\_vti_pvt\services.cnf
[2004/06/16 10:20:56 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_11\_vti_pvt\services.cnf
[2004/06/24 10:16:02 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_13\_vti_pvt\services.cnf
[2004/06/15 15:58:26 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_14\_vti_pvt\services.cnf
[2004/06/25 16:51:10 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_15\_vti_pvt\services.cnf
[2004/06/25 20:33:44 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_16\_vti_pvt\services.cnf
[2004/06/24 15:11:20 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_17\_vti_pvt\services.cnf
[2004/06/25 10:56:30 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_18\_vti_pvt\services.cnf
[2004/06/25 20:10:00 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\???????\Documents\Lynda.com - Microsoft FrontPage 2003\Uz\Lynda.com - Microsoft FrontPage 2003\CD 2\exercise files\FP 2003 Master Files\chap_19\_vti_pvt\services.cnf
 
< MD5 for: SERVICES.EXE  >
[2006/11/02 10:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\System32\services.exe
[2006/11/02 10:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Users\???????\AppData\Local\Temp\services.exe.mui
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2006/11/02 13:53:55 | 000,001,688 | ---- | M] () MD5=CD37AF3AB3916666198BFFC8C0C611EB -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2006/11/02 13:53:55 | 000,001,688 | ---- | M] () MD5=CD37AF3AB3916666198BFFC8C0C611EB -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 09:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
 
< MD5 for: SVCHOST.EXE  >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2006/11/02 08:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 08:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 
< End of report >


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 AM

Posted 01 June 2013 - 07:37 AM

If you used Firefox or Chrome and the tabs are spawned, please remove the browser using the Add/Remove programs applet, restart the computer and reinstall a fresh copy.

Has this been fixed?

===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Disable Spybot and Destroy and try to run ComboFix.

Any luck?

What issues remains with this computer?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users