Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with W32/ZAccInf-A,MAL/ZAccConf-A,MAL/Generic-L and MAL/Sirefef-AA


  • This topic is locked This topic is locked
52 replies to this topic

#1 Renaa

Renaa

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:06 AM

Posted 14 June 2013 - 01:11 PM

Hello, 

I seem to be infected with various malware that I can't remove with AV programs. I use Preventon (free version) and it's constantly giving me a message that I am infected with the W32/ZAccInf-A on the services.exe and it seems that the program is unable to quarantine the virus since it's giving me the message over and over again. I tried cleaning it up with malwarebytes. Malwarebytes found two rootkits and cleaned them. But the message appeared again. So I tried the Sophos anti-virus-removal tool and it's saying that I am infected with the Malware I mentioned the topic title. The virus removal tool can't clean or repair the infected files so I am absolutely desperate now :( My english isn't the best and I have absolutely no knowledge on the topic of viruses and malware but I still hope that you can help me. 

 

The logfile of the Sophos virus removal tool:

 

2013-06-14 17:18:17 Sophos Virus Removal Tool version 2.3
2013-06-14 17:18:17 Copyright © 2009-2012 Sophos Limited. All rights reserved.
 
2013-06-14 17:18:17 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2013-06-14 17:18:17 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-06-14 17:18:17 Checking for updates...
2013-06-14 17:18:24 Update progress: proxy server not available
2013-06-14 17:18:34 Option all = no
2013-06-14 17:18:34 Option recurse = yes
2013-06-14 17:18:34 Option archive = no
2013-06-14 17:18:34 Option service = yes
2013-06-14 17:18:34 Option confirm = yes
2013-06-14 17:18:34 Option sxl = yes
2013-06-14 17:18:34 Option max-data-age = 35
2013-06-14 17:18:34 Component SVRTcli.exe version 2.3
2013-06-14 17:18:34 Component control.dll version 2.3
2013-06-14 17:18:34 Component SVRTservice.exe version 2.3
2013-06-14 17:18:34 Component engine\osdp.dll version 1.44.0.2091
2013-06-14 17:18:34 Component engine\veex.dll version 3.44.1.2091
2013-06-14 17:18:34 Component engine\savi.dll version 7.5.12.2091
2013-06-14 17:18:34 Component rkdisk.dll version 1.5.30.0
2013-06-14 17:18:34 Version info: Product version 2.3
2013-06-14 17:18:34 Version info: Detection engine 3.44.1
2013-06-14 17:18:34 Version info: Detection data 4.90
2013-06-14 17:18:34 Version info: Build date 13.06.2013
2013-06-14 17:18:34 Version info: Data files added 286
2013-06-14 17:18:34 Version info: Last successful update (not yet updated)
2013-06-14 17:19:12 Downloading updates...
2013-06-14 17:19:12 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2013-06-14 17:19:12 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-06-14 17:19:12 Update progress: [I49502] Found supplement IDE491 LATEST 
2013-06-14 17:19:12 Update progress: [I49502] Found supplement IDE492 LATEST 
2013-06-14 17:19:12 Update progress: [I49502] Found supplement IDE493 LATEST 
2013-06-14 17:19:12 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-06-14 17:19:12 Update progress: [I19463] Syncing product SAVIW32 29
2013-06-14 17:19:26 Update progress: [I19463] Syncing product IDE491 181
2013-06-14 17:19:27 Installing updates...
2013-06-14 17:19:27 Update progress: [I19463] Syncing product IDE492 109
2013-06-14 17:19:27 Update progress: [I19463] Syncing product IDE493 1
2013-06-14 17:19:30 Update successful
2013-06-14 17:19:35 Option all = no
2013-06-14 17:19:35 Option recurse = yes
2013-06-14 17:19:35 Option archive = no
2013-06-14 17:19:35 Option service = yes
2013-06-14 17:19:35 Option confirm = yes
2013-06-14 17:19:35 Option sxl = yes
2013-06-14 17:19:35 Option max-data-age = 35
2013-06-14 17:19:35 Component SVRTcli.exe version 2.3
2013-06-14 17:19:35 Component control.dll version 2.3
2013-06-14 17:19:35 Component SVRTservice.exe version 2.3
2013-06-14 17:19:35 Component engine\osdp.dll version 1.44.0.2091
2013-06-14 17:19:35 Component engine\veex.dll version 3.44.1.2091
2013-06-14 17:19:35 Component engine\savi.dll version 7.5.12.2091
2013-06-14 17:19:35 Component rkdisk.dll version 1.5.30.0
2013-06-14 17:19:35 Version info: Product version 2.3
2013-06-14 17:19:35 Version info: Detection engine 3.44.1
2013-06-14 17:19:35 Version info: Detection data 4.90G
2013-06-14 17:19:35 Version info: Build date 13.06.2013
2013-06-14 17:19:35 Version info: Data files added 286
2013-06-14 17:19:35 Version info: Last successful update 14.06.2013 17:19:30
 
2013-06-14 17:33:53 >>> Virus 'W32/ZAccInf-A' found in file C:\Windows\System32\services.exe
2013-06-14 18:01:24 Could not open C:\hiberfil.sys
2013-06-14 18:01:24 Could not open C:\pagefile.sys
2013-06-14 18:24:00 Could not open C:\ProgramData\Preventon\Antivirus\bbdata
2013-06-14 18:24:00 Could not open C:\ProgramData\Preventon\Antivirus\data
2013-06-14 18:24:00 Could not open C:\ProgramData\Preventon\Antivirus\Defs\ide\index.zip
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Defs\ide_digest
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Defs\vdb\backup\OSDP.DLL
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Defs\vdb\backup\SAVI.DLL
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Defs\vdb\backup\VEEX.DLL
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Defs\vdb\index.zip
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Defs\vdb\OSDP.DLL
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Defs\vdb\SAVI.DLL
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Defs\vdb\VEEX.DLL
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Defs\vdb_digest
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Quarantine\224169ee
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Quarantine\4ce645da
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Quarantine\a3742cc2
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Quarantine\bbe870e0
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Quarantine\d4b90c8c
2013-06-14 18:24:01 Could not open C:\ProgramData\Preventon\Antivirus\Quarantine\f2012140
2013-06-14 18:24:14 Could not open C:\System Volume Information\{081c8a71-d44b-11e2-be16-60d819e3a8db}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-14 18:24:14 Could not open C:\System Volume Information\{081c8baf-d44b-11e2-be16-60d819e3a8db}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-14 18:24:14 Could not open C:\System Volume Information\{081c8bce-d44b-11e2-be16-60d819e3a8db}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-14 18:24:14 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-14 18:24:14 Could not open C:\System Volume Information\{3b633f29-d445-11e2-b45f-60d819e3a8db}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-14 18:24:14 Could not open C:\System Volume Information\{61d6fa4d-cf78-11e2-8455-60d819e3a8db}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-14 18:24:14 Could not open C:\System Volume Information\{7a0ac51c-d29e-11e2-93ae-60d819e3a8db}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-14 18:24:14 Could not open C:\System Volume Information\{946f74c8-d39b-11e2-9365-60d819e3a8db}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-14 18:24:14 Could not open C:\System Volume Information\{e54cad63-d500-11e2-94b7-60d819e3a8db}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-14 18:31:10 >>> Virus 'Mal/Sirefef-AA' found in file C:\Windows\assembly\GAC_32\Desktop.ini
2013-06-14 18:31:19 >>> Virus 'Mal/Generic-L' found in file C:\Windows\assembly\GAC_64\Desktop.ini
2013-06-14 18:33:51 >>> Virus 'Mal/ZAccConf-A' found in file C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\@
2013-06-14 18:35:57 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-06-14 18:35:57 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2013-06-14 18:59:47 The following items will be cleaned up:
2013-06-14 18:59:47 Mal/Sirefef-AA
2013-06-14 18:59:47 Mal/Generic-L
2013-06-14 18:59:47 Mal/ZAccConf-A
2013-06-14 18:59:47 W32/ZAccInf-A
2013-06-14 19:18:02 Threat 'Mal/Sirefef-AA' needs a reboot to complete cleanup.
2013-06-14 19:18:02 File "C:\Windows\assembly\GAC_32\Desktop.ini" belongs to malware 'Mal/Sirefef-AA'.
2013-06-14 19:18:02 File "C:\Windows\assembly\GAC_32\Desktop.ini" needs a reboot to complete cleanup.
2013-06-14 19:18:02 Threat will be removed on reboot.
2013-06-14 19:18:02 Threat 'Mal/Generic-L' needs a reboot to complete cleanup.
2013-06-14 19:18:02 File "C:\Windows\assembly\GAC_64\Desktop.ini" belongs to malware 'Mal/Generic-L'.
2013-06-14 19:18:02 File "C:\Windows\assembly\GAC_64\Desktop.ini" needs a reboot to complete cleanup.
2013-06-14 19:18:02 Threat will be removed on reboot.
2013-06-14 19:18:02 Threat 'Mal/ZAccConf-A' needs a reboot to complete cleanup.
2013-06-14 19:18:02 File "C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\@" belongs to malware 'Mal/ZAccConf-A'.
2013-06-14 19:18:02 File "C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\@" needs a reboot to complete cleanup.
2013-06-14 19:18:02 Threat will be removed on reboot.
2013-06-14 19:18:03 Installed boot task components.
 
2013-06-14 19:18:03 Installed boot task components.
 
2013-06-14 19:18:03 The computer must be restarted in order to complete the cleanup.
2013-06-14 19:18:03 Cleanup on restart pending for Mal/Generic-L: DeleteFile "\\?\C:\Windows\assembly\GAC_64\Desktop.ini"
2013-06-14 19:18:03 Cleanup on restart pending for Mal/Sirefef-AA: DeleteFile "\\?\C:\Windows\assembly\GAC_32\Desktop.ini"
2013-06-14 19:18:03 Cleanup on restart pending for Mal/ZAccConf-A: DeleteFile "\\?\C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\@"
2013-06-14 19:18:03 Cleanup on restart pending for W32/ZAccInf-A: RenameFile "\\?\C:\Windows\System32\services.exe"
2013-06-14 19:18:03 Cleanup on restart pending for W32/ZAccInf-A: DriverDeleteDriverKey "\\?\C:\Windows\System32\services.exe"
2013-06-14 19:18:03 Cleanup on restart pending for W32/ZAccInf-A: DeleteFile "\\?\C:\Windows\System32\services.exe.SHS"
2013-06-14 19:18:03 Cleanup on restart pending for W32/ZAccInf-A: DeleteFile "\\?\C:\Windows\System32\services.exe"
 

If you need any further information please tell me! 

I am very thankfull for any help I can get.



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:06 AM

Posted 14 June 2013 - 02:49 PM

Hi Renaa,

 

Welcome to the forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 



#3 Renaa

Renaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:06 AM

Posted 15 June 2013 - 06:45 AM

Hello, and thank you for your assistance!

 

Here is the FRST.txt :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Rena (administrator) on 15-06-2013 13:36:47
Running from C:\Users\Rena\Downloads\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Preventon Technologies Limited) C:\Program Files (x86)\Preventon Antivirus\AVAssistant.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Preventon Antivirus\AVScanningService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Wacom Technology, Corp.) C:\windows\system32\Wacom_Tablet.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
() C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Preventon Antivirus\AVTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-05] (Lenovo)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-05] (Lenovo(beijing) Limited)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKCU\...\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [VoiceMaster]  [x]
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-11-05] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVTray] C:\Program Files (x86)\Preventon Antivirus\AVTray.exe [1270880 2013-04-18] (Preventon Technologies Limited)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pid=343&r=2013/05/15&hid=3385124161&lg=EN&cc=DE&unqvl=14
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SearchNewTab - {2D3EC05E-C33F-1E17-37DC-C220C5B7A002} - C:\ProgramData\SearchNewTab\5193b8adcd77e.dll ()
BHO-x32: Vaudix - {42CFDB7C-7EBC-EFCF-7BAC-D518A5FDF8D8} - C:\ProgramData\Vaudix\5193b89a518b4.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default
FF Homepage: hxxp://websearch.lookforithere.info/?pid=343&r=2013/05/15&hid=3385124161&lg=EN&cc=DE&unqvl=14
FF SelectedSearchEngine: WebSearch
FF Keyword.URL: hxxp://websearch.lookforithere.info/?pid=343&r=2013/05/15&hid=3385124161&lg=EN&cc=DE&unqvl=14&l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SearchNewTab - C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\Extensions\eiyvg@eoudsjj.edu
FF Extension: Vaudix - C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\Extensions\spsasaz@mx-.org
FF Extension: No Name - C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\Extensions\staged
FF Extension: Yahoo! Toolbar - C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
Chrome: 
=======
CHR HomePage: hxxp://websearch.lookforithere.info/?pid=343&r=2013/05/15&hid=3385124161&lg=EN&cc=DE&unqvl=14
CHR RestoreOnStartup: "urls_to_restore_on_startup": [
CHR Extension: () - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0
CHR Extension: (ProxMate - unblock the Internet!) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.1.5_0
CHR Extension: (chrometheme) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijbcbkfimhkfmjmidhgifobolpmnggc\1_0
CHR Extension: (ScrewAds - Block, Skip, Remove YouTube Ads) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc\2.1.5_0
CHR Extension: (SearchNewTab) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafdpeijghppjfofihkfgfcbhldhggeb\1
CHR Extension: (Vaudix) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmonaofjodcclkddmppkcllnkefomha\1
 
==================== Services (Whitelisted) =================
 
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 TabletServiceWacom; C:\windows\system32\Wacom_Tablet.exe [6245744 2010-03-09] (Wacom Technology, Corp.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] ()
R2 AV Assistant Service; C:/Program Files (x86)/Preventon Antivirus/AVAssistant.exe [x]
R2 AV Scanning Service; C:/Program Files (x86)/Preventon Antivirus/AVScanningService.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 a2injectiondriver; C:\Program Files (x86)\Preventon Antivirus\a2dix64.sys [48216 2012-09-13] (Emsi Software GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Preventon Antivirus\a2dix64.sys [48216 2012-09-13] (Emsi Software GmbH)
R1 a2util; C:\Program Files (x86)\Preventon Antivirus\a2util64.sys [14720 2012-09-13] (Emsi Software GmbH)
R1 a2util; C:\Program Files (x86)\Preventon Antivirus\a2util64.sys [14720 2012-09-13] (Emsi Software GmbH)
R3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2012-09-07] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-18] (DT Soft Ltd)
S1 hxhrcall; C:\windows\system32\drivers\hxhrcall.sys [49872 2013-06-13] (Microsoft Corporation)
S3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [184960 2010-11-21] (Microsoft Corporation)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x]
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
Error(0) reading file: "C:\Windows\System32\ "
2013-06-15 13:35 - 2013-06-15 13:35 - 00000000 ____D C:\FRST
2013-06-15 12:59 - 2013-06-15 12:59 - 00266320 ____A C:\Windows\Minidump\061513-153988-01.dmp
2013-06-15 07:20 - 2013-06-15 07:20 - 00000000 __SHD C:\$$PendingFiles
2013-06-14 17:18 - 2013-06-14 17:18 - 00000000 ____D C:\ProgramData\Sophos
2013-06-14 17:18 - 2013-06-14 17:18 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-06-14 16:57 - 2013-06-14 16:57 - 00000034 ____A C:\Users\Rena\AppData\Roaming\mbam.context.scan
2013-06-13 22:56 - 2013-06-15 13:00 - 00007594 ____A C:\FaceProv.log
2013-06-13 22:46 - 2013-06-15 07:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-13 22:46 - 2013-06-13 22:46 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Malwarebytes
2013-06-13 22:46 - 2013-06-13 22:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-13 22:44 - 2013-06-13 22:46 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Rena\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-13 22:11 - 2013-06-13 22:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-13 20:30 - 2013-06-13 20:30 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hxhrcall.sys
2013-06-13 20:19 - 2013-06-13 20:19 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-13 19:30 - 2013-06-15 07:07 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-13 19:23 - 2013-06-13 19:23 - 00000000 ____D C:\ProgramData\ALM
2013-06-13 19:23 - 2007-02-20 16:04 - 02463976 ____A C:\Windows\SysWOW64\NPSWF32.dll
2013-06-13 19:23 - 2007-02-20 16:04 - 00190696 ____A (Adobe Systems, Inc.) C:\Windows\SysWOW64\NPSWF32_FlashUtil.exe
2013-06-13 19:20 - 2013-06-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-06-13 19:20 - 2013-06-13 19:20 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-13 19:11 - 2013-06-15 07:08 - 00000000 ____D C:\Windows\SysWOW64\syncdb
2013-06-13 01:31 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 01:31 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 01:31 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:31 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:31 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 01:31 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 01:31 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 01:31 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 01:31 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 01:31 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 01:31 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:31 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:31 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 01:31 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 01:31 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 01:31 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 01:31 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 01:31 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 01:31 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 01:31 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 01:31 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 01:31 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-13 01:31 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-13 01:31 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 01:31 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 01:31 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-13 01:31 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-13 01:31 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 01:31 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 01:31 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-13 01:31 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 01:31 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 22:16 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 22:16 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 22:16 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 22:16 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 22:16 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 22:16 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 22:16 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 22:16 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 22:16 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 22:16 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 22:16 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 22:16 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 22:16 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 22:16 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:16 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 22:16 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 22:16 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 22:16 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 22:16 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-26 09:36 - 2013-05-26 09:36 - 00000000 ____D C:\Users\Rena\AppData\Local\{08CB2B9A-0579-41D8-B1A8-3AED4F67192E}
2013-05-23 22:14 - 2013-05-23 22:14 - 00011031 ____A C:\Users\Rena\AppData\Local\recently-used.xbel
2013-05-22 17:23 - 2013-06-15 07:06 - 00000000 ____D C:\Program Files (x86)\TERA
2013-05-22 17:23 - 2013-05-22 17:23 - 00001662 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk
2013-05-22 17:20 - 2013-05-22 17:22 - 29232136 ____A (En Masse Entertainment) C:\Users\Rena\Downloads\TERA-Setup.exe
2013-05-21 20:18 - 2013-06-15 07:07 - 00000000 ____D C:\Users\Rena\AppData\Roaming\dvdcss
2013-05-21 17:24 - 2013-05-21 17:24 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Nero
2013-05-21 16:51 - 2013-05-21 16:51 - 00000000 ____D C:\Users\Rena\Documents\ConvertXtoDVD
2013-05-21 16:47 - 2013-06-15 07:06 - 00000000 ____D C:\Program Files (x86)\VSO
2013-05-21 16:47 - 2013-06-15 06:49 - 00000000 ____D C:\ProgramData\VSO
2013-05-21 16:47 - 2013-06-13 21:28 - 00000055 ____A C:\Users\Rena\AppData\Roaming\pcouffin.log
2013-05-21 16:47 - 2013-05-21 16:47 - 00099384 ____A C:\Users\Rena\AppData\Roaming\inst.exe
2013-05-21 16:47 - 2013-05-21 16:47 - 00082816 ____A (VSO Software) C:\Users\Rena\AppData\Roaming\pcouffin.sys
2013-05-21 16:47 - 2013-05-21 16:47 - 00007859 ____A C:\Users\Rena\AppData\Roaming\pcouffin.cat
2013-05-21 16:47 - 2013-05-21 16:47 - 00000000 ____D C:\Users\Rena\Documents\PcSetup
2013-05-21 16:40 - 2013-05-21 16:43 - 27940440 ____A (VSO-Software                                                ) C:\Users\Rena\Downloads\vsoConvertXtoDVD5_setup.exe
2013-05-21 13:50 - 2013-05-21 13:50 - 00000000 ____D C:\Users\Rena\AppData\Roaming\.spotflux
2013-05-21 13:49 - 2013-05-21 13:50 - 05233712 ____A C:\Users\Rena\Downloads\spotflux-latestPC.exe
2013-05-20 21:55 - 2013-06-15 07:06 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-05-20 21:55 - 2013-05-20 21:55 - 00000000 ____D C:\Program Files (x86)\Haali
2013-05-20 21:55 - 2012-04-09 00:40 - 00079360 ____A C:\Windows\SysWOW64\ff_vfw.dll
2013-05-20 21:53 - 2013-06-15 07:06 - 00000000 ____D C:\Program Files (x86)\AVStoDVD
2013-05-20 21:53 - 2013-06-15 07:06 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-05-20 21:53 - 2013-05-20 21:53 - 00001017 ____A C:\Users\Rena\Desktop\AVStoDVD.lnk
2013-05-20 21:46 - 2013-05-20 21:51 - 42587327 ____A C:\Users\Rena\Downloads\AVStoDVD_260_Install.exe
2013-05-20 21:16 - 2013-05-20 21:16 - 00000000 ____D C:\Users\Rena\Documents\GFDOutDir
2013-05-20 21:15 - 2013-06-15 07:06 - 00000000 ____D C:\Program Files (x86)\GUI for dvdauthor
2013-05-20 21:14 - 2013-06-15 07:07 - 00000000 ____D C:\Users\Rena\Downloads\GUI_DVDauthor_Full107
2013-05-20 20:50 - 2013-05-20 20:50 - 00002621 ____A C:\Users\Public\Desktop\Nero Burning ROM 12.lnk
2013-05-20 20:49 - 2013-05-20 20:53 - 00000000 ____D C:\ProgramData\Nero
2013-05-20 20:49 - 2013-05-20 20:51 - 00000000 ____D C:\Program Files (x86)\Nero
2013-05-20 20:42 - 2013-05-20 21:12 - 00000000 ____D C:\Program Files (x86)\DVD Flick
2013-05-20 20:42 - 2007-08-31 18:36 - 00036864 ____A (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
2013-05-20 20:42 - 2003-01-26 13:41 - 00040960 ____A (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
2013-05-20 20:40 - 2013-05-20 20:41 - 12951423 ____A (Dennis Meuwissen                                            ) C:\Users\Rena\Downloads\dvdflick_setup_1.3.0.7.exe
2013-05-20 20:10 - 2013-05-20 20:10 - 00000000 ____D C:\Users\Rena\.thumb
2013-05-20 20:00 - 2013-05-20 20:02 - 22448882 ____A (                                                            ) C:\Users\Rena\Downloads\DVDStyler-2.4.3-win32.exe
2013-05-20 16:22 - 2013-06-15 07:07 - 00000000 ____D C:\Users\Rena\AppData\Roaming\XMedia Recode
2013-05-20 16:22 - 2013-06-15 07:07 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
2013-05-20 16:22 - 2013-05-20 16:23 - 05742368 ____A (XMedia Recode                                               ) C:\Users\Rena\Downloads\XMediaRecode3160_setup.exe
2013-05-20 16:21 - 2013-05-20 16:21 - 05717960 ____A (XMedia Recode                                               ) C:\Users\Rena\Downloads\XMediaRecode3158_setup.exe
2013-05-20 16:00 - 2013-05-20 16:00 - 00000000 ____D C:\Users\Rena\AppData\Roaming\TERA
2013-05-16 17:15 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 17:15 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 17:15 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 17:15 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 17:15 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 17:15 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 17:15 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 17:15 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 17:15 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 17:15 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 17:15 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-16 17:14 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 17:14 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 17:14 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
 
==================== One Month Modified Files and Folders =======
 
2013-06-15 13:35 - 2013-06-15 13:35 - 00000000 ____D C:\FRST
2013-06-15 13:30 - 2012-11-30 16:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 13:25 - 2011-11-05 20:33 - 00001198 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-15 13:06 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-15 13:06 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-15 13:04 - 2009-07-14 07:13 - 00005156 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-15 13:03 - 2011-11-05 19:58 - 01345029 ____A C:\Windows\WindowsUpdate.log
2013-06-15 13:00 - 2013-06-13 22:56 - 00007594 ____A C:\FaceProv.log
2013-06-15 13:00 - 2013-05-15 18:32 - 00000414 ___AH C:\Windows\Tasks\schedule!3036567561.job
2013-06-15 13:00 - 2012-06-18 07:22 - 00000000 ____D C:\users\Rena
2013-06-15 13:00 - 2011-11-05 20:46 - 00839991 ____A C:\Windows\System32\fastboot.set
2013-06-15 13:00 - 2011-11-05 20:39 - 00000000 ____D C:\ProgramData\VeriFace
2013-06-15 13:00 - 2011-11-05 20:33 - 00001194 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-15 12:59 - 2013-06-15 12:59 - 00266320 ____A C:\Windows\Minidump\061513-153988-01.dmp
2013-06-15 12:59 - 2012-06-30 21:53 - 00000000 ____D C:\Windows\Minidump
2013-06-15 12:59 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-15 12:59 - 2009-07-14 06:51 - 00093628 ____A C:\Windows\setupact.log
2013-06-15 12:59 - 2009-07-14 06:45 - 02381728 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 12:58 - 2012-06-30 21:53 - 340059202 ____A C:\Windows\MEMORY.DMP
2013-06-15 07:20 - 2013-06-15 07:20 - 00000000 __SHD C:\$$PendingFiles
2013-06-15 07:09 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-15 07:09 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-06-15 07:09 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2013-06-15 07:09 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-06-15 07:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\TAPI
2013-06-15 07:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\ias
2013-06-15 07:08 - 2013-06-13 19:11 - 00000000 ____D C:\Windows\SysWOW64\syncdb
2013-06-15 07:08 - 2011-11-05 20:51 - 00000000 ____D C:\Windows\OKR70
2013-06-15 07:08 - 2011-11-05 20:19 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2013-06-15 07:08 - 2011-11-05 11:54 - 00000000 ___AD C:\Windows\sysprep32
2013-06-15 07:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-06-15 07:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-06-15 07:07 - 2013-06-13 19:30 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-15 07:07 - 2013-05-21 20:18 - 00000000 ____D C:\Users\Rena\AppData\Roaming\dvdcss
2013-06-15 07:07 - 2013-05-20 21:14 - 00000000 ____D C:\Users\Rena\Downloads\GUI_DVDauthor_Full107
2013-06-15 07:07 - 2013-05-20 16:22 - 00000000 ____D C:\Users\Rena\AppData\Roaming\XMedia Recode
2013-06-15 07:07 - 2013-05-20 16:22 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
2013-06-15 07:07 - 2013-05-15 18:31 - 00000000 ____D C:\ProgramData\Vaudix
2013-06-15 07:07 - 2013-05-15 18:31 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-06-15 07:07 - 2013-03-15 18:41 - 00000000 ____D C:\Users\Rena\AppData\Local\MagicCamera
2013-06-15 07:07 - 2013-03-15 18:15 - 00000000 ____D C:\Program Files\VoiceMaster
2013-06-15 07:07 - 2013-03-14 22:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-15 07:07 - 2013-01-19 00:32 - 00000000 ____D C:\ProgramData\clp
2013-06-15 07:07 - 2013-01-13 21:54 - 00000000 ____D C:\Windows\FltMgr
2013-06-15 07:07 - 2012-12-09 16:23 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-15 07:07 - 2012-12-07 22:01 - 00000000 ____D C:\Users\Rena\AppData\Roaming\AVG2013
2013-06-15 07:07 - 2012-12-07 21:48 - 00000000 ____D C:\ProgramData\MFAData
2013-06-15 07:07 - 2012-12-01 12:25 - 00000000 ____D C:\Users\Rena\AppData\Local\TERA
2013-06-15 07:07 - 2012-11-30 16:21 - 00000000 ____D C:\ProgramData\HappyCloud
2013-06-15 07:07 - 2012-09-22 13:29 - 00000000 ____D C:\ProgramData\Energy Management
2013-06-15 07:07 - 2012-08-21 13:49 - 00000000 ____D C:\Users\Rena\AppData\Roaming\.minecraft
2013-06-15 07:07 - 2012-08-01 17:04 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-15 07:07 - 2012-06-19 18:51 - 00000000 ____D C:\Users\Rena\AppData\Roaming\vlc
2013-06-15 07:07 - 2012-06-19 13:01 - 00000000 ____D C:\ProgramData\Origin
2013-06-15 07:07 - 2012-06-18 23:54 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Audacity
2013-06-15 07:07 - 2012-06-18 22:20 - 00000000 ____D C:\Users\Rena\AppData\Roaming\DAEMON Tools Lite
2013-06-15 07:07 - 2012-06-18 22:18 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-06-15 07:07 - 2012-06-18 21:21 - 00000000 ____D C:\Users\Rena\AppData\Roaming\uTorrent
2013-06-15 07:07 - 2012-06-18 21:13 - 00000000 ____D C:\Users\Rena\AppData\Roaming\DAEMON Tools Pro
2013-06-15 07:07 - 2012-06-18 20:29 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Skype
2013-06-15 07:07 - 2011-11-05 20:45 - 00000000 ____D C:\Windows\en
2013-06-15 07:07 - 2011-11-05 20:45 - 00000000 ____D C:\ProgramData\OneKey Recovery
2013-06-15 07:07 - 2011-11-05 20:44 - 00000000 ____D C:\Windows\el
2013-06-15 07:06 - 2013-05-22 17:23 - 00000000 ____D C:\Program Files (x86)\TERA
2013-06-15 07:06 - 2013-05-21 16:47 - 00000000 ____D C:\Program Files (x86)\VSO
2013-06-15 07:06 - 2013-05-20 21:55 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-06-15 07:06 - 2013-05-20 21:53 - 00000000 ____D C:\Program Files (x86)\AVStoDVD
2013-06-15 07:06 - 2013-05-20 21:53 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-06-15 07:06 - 2013-05-20 21:15 - 00000000 ____D C:\Program Files (x86)\GUI for dvdauthor
2013-06-15 07:06 - 2013-05-15 18:31 - 00000000 ____D C:\Program Files (x86)\WebSearch
2013-06-15 07:06 - 2013-05-15 18:31 - 00000000 ____D C:\Program Files (x86)\VaudiX
2013-06-15 07:06 - 2013-04-18 21:50 - 00000000 ____D C:\Program Files (x86)\UTAU
2013-06-15 07:06 - 2013-03-30 22:26 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-06-15 07:06 - 2013-03-14 22:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-15 07:06 - 2013-02-16 18:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-15 07:06 - 2013-01-19 00:30 - 00000000 ____D C:\Program Files (x86)\Preventon Antivirus
2013-06-15 07:06 - 2012-10-29 14:20 - 00000000 ____D C:\Program Files (x86)\DirectX
2013-06-15 07:06 - 2012-10-29 14:20 - 00000000 ____D C:\Program Files (x86)\data
2013-06-15 07:06 - 2012-08-08 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-15 07:06 - 2012-08-02 21:13 - 00000000 ____D C:\Fraps
2013-06-15 07:06 - 2012-06-23 19:56 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-15 07:06 - 2012-06-21 12:46 - 00000000 ____D C:\b492cda198e8fa9699cccdcc8d
2013-06-15 07:06 - 2012-06-20 13:20 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-06-15 07:06 - 2012-06-20 13:19 - 00000000 ____D C:\Program Files (x86)\Tablet
2013-06-15 07:06 - 2012-06-19 14:52 - 00000000 ____D C:\Program Files (x86)\PMDEditor_0063(SlimDX_Update)
2013-06-15 07:06 - 2012-06-19 14:06 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer
2013-06-15 07:06 - 2012-06-19 13:56 - 00000000 ____D C:\Program Files (x86)\Portal-Unleashed
2013-06-15 07:06 - 2012-06-18 23:53 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-06-15 07:06 - 2012-06-18 22:20 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-06-15 07:06 - 2012-06-18 22:00 - 00000000 ____D C:\Program Files (x86)\Free RAR Extract Frog
2013-06-15 07:06 - 2012-06-18 21:24 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-06-15 07:06 - 2012-06-18 20:20 - 00000000 ____D C:\Program Files (x86)\Portable SAI
2013-06-15 07:06 - 2011-11-05 20:30 - 00000000 ____D C:\Program Files (x86)\BisonCam
2013-06-15 07:05 - 2013-06-13 22:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-15 07:04 - 2011-02-22 13:42 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-06-15 07:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-15 06:49 - 2013-05-21 16:47 - 00000000 ____D C:\ProgramData\VSO
2013-06-14 17:18 - 2013-06-14 17:18 - 00000000 ____D C:\ProgramData\Sophos
2013-06-14 17:18 - 2013-06-14 17:18 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-06-14 16:57 - 2013-06-14 16:57 - 00000034 ____A C:\Users\Rena\AppData\Roaming\mbam.context.scan
2013-06-13 22:46 - 2013-06-13 22:46 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Malwarebytes
2013-06-13 22:46 - 2013-06-13 22:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-13 22:46 - 2013-06-13 22:44 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Rena\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-13 22:11 - 2013-06-13 22:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-13 21:28 - 2013-05-21 16:47 - 00000055 ____A C:\Users\Rena\AppData\Roaming\pcouffin.log
2013-06-13 21:23 - 2012-11-30 16:24 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 21:23 - 2012-11-30 16:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-13 20:39 - 2012-06-18 22:43 - 00000000 ____D C:\Users\Rena\AppData\Local\Adobe
2013-06-13 20:39 - 2012-06-18 22:26 - 00000000 ____D C:\ProgramData\Adobe
2013-06-13 20:39 - 2012-06-18 20:20 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Adobe
2013-06-13 20:30 - 2013-06-13 20:30 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hxhrcall.sys
2013-06-13 20:19 - 2013-06-13 20:19 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-13 20:13 - 2012-09-24 23:04 - 00000436 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-13 19:45 - 2012-06-18 07:23 - 00117616 ____A C:\Users\Rena\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-13 19:26 - 2012-06-18 22:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-13 19:23 - 2013-06-13 19:23 - 00000000 ____D C:\ProgramData\ALM
2013-06-13 19:20 - 2013-06-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-06-13 19:20 - 2013-06-13 19:20 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-13 18:38 - 2012-06-20 13:20 - 00000000 ____D C:\Users\Rena\AppData\Roaming\WTablet
2013-06-13 01:29 - 2012-09-20 22:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 22:06 - 2010-11-21 05:47 - 00916266 ____A C:\Windows\PFRO.log
2013-06-09 20:01 - 2012-06-19 21:19 - 00000000 ____D C:\Users\Rena\.gimp-2.8
2013-06-06 22:28 - 2011-11-05 20:33 - 00002183 ____A C:\Users\Public\Desktop\Internet Browser.lnk
2013-06-02 18:02 - 2012-10-24 17:36 - 00000000 ____D C:\Users\Rena\AppData\Local\CrashDumps
2013-05-26 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-26 09:36 - 2013-05-26 09:36 - 00000000 ____D C:\Users\Rena\AppData\Local\{08CB2B9A-0579-41D8-B1A8-3AED4F67192E}
2013-05-23 22:14 - 2013-05-23 22:14 - 00011031 ____A C:\Users\Rena\AppData\Local\recently-used.xbel
2013-05-22 21:00 - 2012-06-18 20:05 - 00000000 ____D C:\Users\Rena\Documents\Youcam
2013-05-22 17:23 - 2013-05-22 17:23 - 00001662 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk
2013-05-22 17:22 - 2013-05-22 17:20 - 29232136 ____A (En Masse Entertainment) C:\Users\Rena\Downloads\TERA-Setup.exe
2013-05-21 17:24 - 2013-05-21 17:24 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Nero
2013-05-21 16:51 - 2013-05-21 16:51 - 00000000 ____D C:\Users\Rena\Documents\ConvertXtoDVD
2013-05-21 16:47 - 2013-05-21 16:47 - 00099384 ____A C:\Users\Rena\AppData\Roaming\inst.exe
2013-05-21 16:47 - 2013-05-21 16:47 - 00082816 ____A (VSO Software) C:\Users\Rena\AppData\Roaming\pcouffin.sys
2013-05-21 16:47 - 2013-05-21 16:47 - 00007859 ____A C:\Users\Rena\AppData\Roaming\pcouffin.cat
2013-05-21 16:47 - 2013-05-21 16:47 - 00000000 ____D C:\Users\Rena\Documents\PcSetup
2013-05-21 16:43 - 2013-05-21 16:40 - 27940440 ____A (VSO-Software                                                ) C:\Users\Rena\Downloads\vsoConvertXtoDVD5_setup.exe
2013-05-21 13:50 - 2013-05-21 13:50 - 00000000 ____D C:\Users\Rena\AppData\Roaming\.spotflux
2013-05-21 13:50 - 2013-05-21 13:49 - 05233712 ____A C:\Users\Rena\Downloads\spotflux-latestPC.exe
2013-05-20 21:55 - 2013-05-20 21:55 - 00000000 ____D C:\Program Files (x86)\Haali
2013-05-20 21:53 - 2013-05-20 21:53 - 00001017 ____A C:\Users\Rena\Desktop\AVStoDVD.lnk
2013-05-20 21:51 - 2013-05-20 21:46 - 42587327 ____A C:\Users\Rena\Downloads\AVStoDVD_260_Install.exe
2013-05-20 21:16 - 2013-05-20 21:16 - 00000000 ____D C:\Users\Rena\Documents\GFDOutDir
2013-05-20 21:12 - 2013-05-20 20:42 - 00000000 ____D C:\Program Files (x86)\DVD Flick
2013-05-20 20:53 - 2013-05-20 20:49 - 00000000 ____D C:\ProgramData\Nero
2013-05-20 20:51 - 2013-05-20 20:49 - 00000000 ____D C:\Program Files (x86)\Nero
2013-05-20 20:50 - 2013-05-20 20:50 - 00002621 ____A C:\Users\Public\Desktop\Nero Burning ROM 12.lnk
2013-05-20 20:41 - 2013-05-20 20:40 - 12951423 ____A (Dennis Meuwissen                                            ) C:\Users\Rena\Downloads\dvdflick_setup_1.3.0.7.exe
2013-05-20 20:10 - 2013-05-20 20:10 - 00000000 ____D C:\Users\Rena\.thumb
2013-05-20 20:02 - 2013-05-20 20:00 - 22448882 ____A (                                                            ) C:\Users\Rena\Downloads\DVDStyler-2.4.3-win32.exe
2013-05-20 16:23 - 2013-05-20 16:22 - 05742368 ____A (XMedia Recode                                               ) C:\Users\Rena\Downloads\XMediaRecode3160_setup.exe
2013-05-20 16:21 - 2013-05-20 16:21 - 05717960 ____A (XMedia Recode                                               ) C:\Users\Rena\Downloads\XMediaRecode3158_setup.exe
2013-05-20 16:18 - 2012-08-01 17:04 - 00000000 ____D C:\Users\Rena\AppData\Local\PMB Files
2013-05-20 16:00 - 2013-05-20 16:00 - 00000000 ____D C:\Users\Rena\AppData\Roaming\TERA
2013-05-20 15:51 - 2012-07-02 18:45 - 00000000 ____D C:\Program Files (x86)\NCSoft
2013-05-20 15:51 - 2011-11-05 20:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-20 15:44 - 2012-06-18 20:29 - 00000000 ____D C:\ProgramData\Skype
2013-05-17 21:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-17 06:05 - 2013-06-13 01:31 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 05:27 - 2013-06-13 01:31 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-17 05:09 - 2013-06-13 01:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 05:02 - 2013-06-13 01:31 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 05:02 - 2013-06-13 01:31 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 05:01 - 2013-06-13 01:31 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-17 05:00 - 2013-06-13 01:31 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-17 04:58 - 2013-06-13 01:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-17 04:56 - 2013-06-13 01:31 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-17 04:56 - 2013-06-13 01:31 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-17 04:55 - 2013-06-13 01:31 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 04:54 - 2013-06-13 01:31 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 04:53 - 2013-06-13 01:31 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 04:51 - 2013-06-13 01:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-17 04:51 - 2013-06-13 01:31 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-17 04:46 - 2013-06-13 01:31 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-17 01:08 - 2013-06-13 01:31 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-17 00:49 - 2013-06-13 01:31 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-17 00:39 - 2013-06-13 01:31 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-17 00:28 - 2013-06-13 01:31 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-17 00:28 - 2013-06-13 01:31 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-17 00:27 - 2013-06-13 01:31 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-17 00:26 - 2013-06-13 01:31 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-17 00:23 - 2013-06-13 01:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-17 00:21 - 2013-06-13 01:31 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-17 00:21 - 2013-06-13 01:31 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-17 00:20 - 2013-06-13 01:31 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-17 00:19 - 2013-06-13 01:31 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-17 00:17 - 2013-06-13 01:31 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-17 00:17 - 2013-06-13 01:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-17 00:16 - 2013-06-13 01:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-17 00:12 - 2013-06-13 01:31 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
 
ZeroAccess:
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\@
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\L
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\U
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\L\00000004.@
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\L\201d3dde
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\L\6715e287
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\L\76603ac3
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\U\00000004.@
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\U\00000008.@
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\U\000000cb.@
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\U\80000000.@
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63}\U\80000064.@
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2013-06-03 20:30
 
==================== End Of Log ============================

 

and here the Addition.txt :

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013
Ran by Rena at 2013-06-15 13:41:13 Run:
Running from C:\Users\Rena\Downloads\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
µTorrent (Version: 3.1.3)
Adobe AIR (Version: 1.5.3.9130)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Recommended Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Extra Settings (Version: 1.0)
Adobe Community Help (Version: 3.2.1)
Adobe Community Help (Version: 3.2.1.650)
Adobe Creative Suite 3 Design Premium (Version: 1.0)
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Flash Player 9 ActiveX (Version: 9.0.45.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
Alice Madness Returns (Version: 1.0.0.0)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.808.0)
ATI Uninstaller (Version: 8.813.3.2-110324a-116588C-Lenovo)
Audacity 2.0
AviSynth 2.5
AVStoDVD 2.6.0 (Version: 2.6.0)
Camtasia Studio 8 (Version: 8.0.4.1060)
Catalyst Control Center Graphics Previews Common (Version: 2011.0324.2228.38483)
Catalyst Control Center InstallProxy (Version: 2011.0324.2228.38483)
Catalyst Control Center Localization All (Version: 2011.0324.2228.38483)
Catalyst Control Center Profiles Mobile (Version: 2011.0324.2228.38483)
CCC Help Chinese Standard (Version: 2011.0324.2227.38483)
CCC Help Chinese Traditional (Version: 2011.0324.2227.38483)
CCC Help Czech (Version: 2011.0324.2227.38483)
CCC Help Danish (Version: 2011.0324.2227.38483)
CCC Help Dutch (Version: 2011.0324.2227.38483)
CCC Help English (Version: 2011.0324.2227.38483)
CCC Help Finnish (Version: 2011.0324.2227.38483)
CCC Help French (Version: 2011.0324.2227.38483)
CCC Help German (Version: 2011.0324.2227.38483)
CCC Help Greek (Version: 2011.0324.2227.38483)
CCC Help Hungarian (Version: 2011.0324.2227.38483)
CCC Help Italian (Version: 2011.0324.2227.38483)
CCC Help Japanese (Version: 2011.0324.2227.38483)
CCC Help Korean (Version: 2011.0324.2227.38483)
CCC Help Norwegian (Version: 2011.0324.2227.38483)
CCC Help Polish (Version: 2011.0324.2227.38483)
CCC Help Portuguese (Version: 2011.0324.2227.38483)
CCC Help Russian (Version: 2011.0324.2227.38483)
CCC Help Spanish (Version: 2011.0324.2227.38483)
CCC Help Swedish (Version: 2011.0324.2227.38483)
CCC Help Thai (Version: 2011.0324.2227.38483)
CCC Help Turkish (Version: 2011.0324.2227.38483)
ccc-core-static (Version: 2011.0324.2228.38483)
ccc-utility64 (Version: 2011.0324.2228.38483)
Conexant HD Audio (Version: 8.54.1.0)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Energy Management (Version: 6.0.2.0)
Express Burn
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
Fraps (remove only)
Free RAR Extract Frog (Version: 4.30)
GIMP 2.8.0 (Version: 2.8.0)
Google Chrome (Version: 27.0.1453.110)
Google Earth Plug-in (Version: 7.0.3.8542)
Google SketchUp 8 (Version: 3.0.14358)
Google Update Helper (Version: 1.3.21.145)
GUI for dvdauthor 1.07 (Version: 1.07)
Haali Media Splitter
Happy Cloud Client (Version: 1.338)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Display Audio Driver (Version: 6.14.00.3074)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Rapid Storage Technology (Version: 10.1.5.1001)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.7400)
Lenovo EasyCamera (Version: 1.10.1209.1)
Lenovo EE Boot Optimizer (Version: 0.0.1.6)
Lenovo OneKey Recovery (Version: 7.0.1628)
Lenovo YouCam (Version: 3.1.3728)
LIMBO
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 13.0 (x86 de) (Version: 13.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Nero Burning ROM (Version: 12.5.5001)
Nero Burning ROM Help (CHM) (Version: 12.0.3000)
Nero BurningROM 12 (Version: 12.5.00900)
Nero ControlCenter (Version: 11.0.15600)
Nero ControlCenter Help (CHM) (Version: 12.0.12000)
Nero Core Components (Version: 11.0.20200)
Nero SharedVideoCodecs (Version: 1.0.12100.2.0)
Nero Update (Version: 11.0.11800.31.0)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
OptimizerPro (Version: 1.0)
Origin (Version: 8.4.1.210)
Pando Media Booster (Version: 2.6.0.8)
PDF Settings (Version: 1.0)
Power2Go (Version: 5.6.0.7303)
Prerequisite installer (Version: 12.0.0003)
Preventon Antivirus (Version: 5.2.24)
PX Profile Update (Version: 1.00.1.)
Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10003)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Search Assistant WebSearch 1.74
SearchNewTab (Version: )
Skype™ 6.3 (Version: 6.3.107)
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? (Version: 15.4.5722.2)
Synaptics Pointing Device Driver (Version: 15.3.0.0)
TERA (Version: 1.5)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
UserGuide (Version: 1.0.0.6)
UTAU ??????? (Version: 1.1.17)
Vaudix (Version: )
VaudiX 1.74
VeriFace (Version: 4.0.0.1224)
VideoPad Video Editor
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.1 (Version: 2.0.1)
VobSub v2.23 (Remove Only)
VoiceMaster 2.0.0.83
VSO ConvertXToDVD (Version: 5.0.0.45)
Wacom Tablet
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
XMedia Recode Version 3.1.6.0 (Version: 3.1.6.0)
 
==================== Restore Points  =========================
 
07-06-2013 13:49:43 Windows Update
11-06-2013 15:11:39 Windows Update
12-06-2013 23:27:44 Windows Update
13-06-2013 17:01:29 Removed Adobe Photoshop Elements 9.
13-06-2013 17:06:16 Removed Adobe Photoshop Elements 9.
13-06-2013 18:29:08 Windows Defender Checkpoint
13-06-2013 19:24:10 Removed Adobe Flash Player 9 ActiveX.
14-06-2013 15:17:23 Installed Sophos Virus Removal Tool.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/15/2013 01:04:02 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/15/2013 01:04:02 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/15/2013 01:00:09 PM) (Source: TabletServiceWacom) (User: )
Description: TabletService Error: 
Could not init tablet driver
 
Error: (06/15/2013 01:00:09 PM) (Source: TabletServiceWacom) (User: )
Description: Prefs: Failed to open pref stream C:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
 
Error: (06/15/2013 01:00:09 PM) (Source: TabletServiceWacom) (User: )
Description: Prefs: Failed to open pref stream C:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
 
Error: (06/15/2013 00:59:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2013 07:44:33 PM) (Source: OptimizerProUpdater) (User: )
 
Error: (06/14/2013 07:43:38 PM) (Source: OptimizerProUpdater) (User: )
 
Error: (06/14/2013 04:50:20 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/14/2013 04:50:20 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
Error: (06/15/2013 01:03:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.151.2213.0).
 
Error: (06/15/2013 01:01:53 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (06/15/2013 00:59:24 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa800814c060, 0xfffffa800814c340, 0xfffff8000377f350)C:\windows\MEMORY.DMP061513-153988-01
 
Error: (06/14/2013 04:49:42 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147009791
 
Error: (06/14/2013 04:49:39 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (06/14/2013 04:49:27 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
 
Error: (06/14/2013 04:48:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error: (06/14/2013 04:39:20 PM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (06/14/2013 04:37:33 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (06/14/2013 04:37:33 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
Microsoft Office Sessions:
=========================
Error: (06/15/2013 01:04:02 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (06/15/2013 01:04:02 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (06/15/2013 01:00:09 PM) (Source: TabletServiceWacom)(User: )
Description: Could not init tablet driver
 
Error: (06/15/2013 01:00:09 PM) (Source: TabletServiceWacom)(User: )
Description: Prefs: Failed to open pref stream C:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
 
Error: (06/15/2013 01:00:09 PM) (Source: TabletServiceWacom)(User: )
Description: Prefs: Failed to open pref stream C:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
 
Error: (06/15/2013 00:59:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/14/2013 07:44:33 PM) (Source: OptimizerProUpdater)(User: )
 
Error: (06/14/2013 07:43:38 PM) (Source: OptimizerProUpdater)(User: )
 
Error: (06/14/2013 04:50:20 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (06/14/2013 04:50:20 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 4039.86 MB
Available physical RAM: 1954.29 MB
Total Pagefile: 8077.9 MB
Available Pagefile: 5890.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:654.69 GB) (Free:526.39 GB) NTFS (Disk=0 Partition=2)
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.11 GB) NTFS (Disk=0 Partition=4)
Drive f: (Jun 15 2013) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: BA3C67D8)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=655 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
 
==================== End Of Log ============================


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:06 AM

Posted 15 June 2013 - 07:25 AM

  1. Please go to Start => Control Panel => Programs and Feature and uninstall the following adware programs.

    Vaudix (Version: )
    VaudiX 1.74
    Search Assistant WebSearch 1.74
    SearchNewTab

     
  2. Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warned you about the outdated version please download and run the updated version.

Attached Files



#5 Renaa

Renaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:06 AM

Posted 15 June 2013 - 08:11 AM

Okey, here is the Fixlog.txt :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013
Ran by Rena at 2013-06-15 15:10:01 Run:1
Running from C:\Users\Rena\Downloads\Desktop
Boot Mode: Normal
==============================================
 
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D3EC05E-C33F-1E17-37DC-C220C5B7A002} => Key not found.
HKCR\Wow6432Node\CLSID\{2D3EC05E-C33F-1E17-37DC-C220C5B7A002} => Key not found.
C:\ProgramData\SearchNewTab => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42CFDB7C-7EBC-EFCF-7BAC-D518A5FDF8D8} => Key not found.
HKCR\Wow6432Node\CLSID\{42CFDB7C-7EBC-EFCF-7BAC-D518A5FDF8D8} => Key not found.
C:\ProgramData\Vaudix => Moved successfully.
C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\Extensions\eiyvg@eoudsjj.edu => Moved successfully.
C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafdpeijghppjfofihkfgfcbhldhggeb => Moved successfully.
C:\Windows\Installer\{40dc62af-3bf4-ba4b-faa5-560d8ed78f63} => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Windows\Tasks\schedule!3036567561.job => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
 
=========  dir /a/s "C:\Windows\System32\ " =========
 
 Volume in drive C has no label.
 Volume Serial Number is 0AFE-B691
File Not Found
 
========= End of CMD: =========
 
 
==== End of Fixlog ====


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:06 AM

Posted 15 June 2013 - 08:39 AM

Looks good.

 

Please download AdwCleaner and save it to your desktop.

  • Close all open programs.

  • Double click on AdwCleaner.exe to run it.

  • Click on Delete and confirm the prompt.

  • After it is finished the computer will be restarted. A text file will open after the restart.

  • Please post the content of that log to your reply.

  • A copy of the log will be saved at C:\AdwCleaner[S1].txt

.

 



#7 Renaa

Renaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:06 AM

Posted 15 June 2013 - 08:55 AM

After I click on Delete and Ok the AdwCleaner closes without having done anything.

I suppose that shouldn't happen..?



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:06 AM

Posted 15 June 2013 - 09:20 AM

No it shoudn't.

 

Let's first make sure.

 

Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

 



#9 Renaa

Renaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:06 AM

Posted 15 June 2013 - 09:32 AM

The Scan of the TDSSKiller didn't found any malicious objects and no reboot was needed. No textfile opened but I found the Log on the operating System (C:)

 

Here is the Log:

 

16:25:13.0164 5300  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:25:13.0366 5300  ============================================================
16:25:13.0366 5300  Current date / time: 2013/06/15 16:25:13.0366
16:25:13.0367 5300  SystemInfo:
16:25:13.0367 5300  
16:25:13.0367 5300  OS Version: 6.1.7601 ServicePack: 1.0
16:25:13.0367 5300  Product type: Workstation
16:25:13.0367 5300  ComputerName: RENA-PC
16:25:13.0367 5300  UserName: Rena
16:25:13.0367 5300  Windows directory: C:\windows
16:25:13.0367 5300  System windows directory: C:\windows
16:25:13.0367 5300  Running under WOW64
16:25:13.0368 5300  Processor architecture: Intel x64
16:25:13.0368 5300  Number of processors: 4
16:25:13.0368 5300  Page size: 0x1000
16:25:13.0368 5300  Boot type: Normal boot
16:25:13.0368 5300  ============================================================
16:25:13.0941 5300  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:25:13.0953 5300  ============================================================
16:25:13.0953 5300  \Device\Harddisk0\DR0:
16:25:13.0953 5300  MBR partitions:
16:25:13.0953 5300  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
16:25:13.0953 5300  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D61000
16:25:13.0980 5300  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51DC6000, BlocksNum 0x39FE000
16:25:13.0980 5300  ============================================================
16:25:14.0050 5300  C: <-> \Device\Harddisk0\DR0\Partition2
16:25:14.0091 5300  D: <-> \Device\Harddisk0\DR0\Partition3
16:25:14.0092 5300  ============================================================
16:25:14.0092 5300  Initialize success
16:25:14.0092 5300  ============================================================
16:25:25.0176 2388  ============================================================
16:25:25.0176 2388  Scan started
16:25:25.0176 2388  Mode: Manual; 
16:25:25.0176 2388  ============================================================
16:25:25.0745 2388  ================ Scan system memory ========================
16:25:25.0745 2388  System memory - ok
16:25:25.0746 2388  ================ Scan services =============================
16:25:25.0973 2388  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:25:25.0980 2388  1394ohci - ok
16:25:26.0084 2388  [ F75DDC4047AA1AC85164445CBA7601EF ] a2injectiondriver C:\Program Files (x86)\Preventon Antivirus\a2dix64.sys
16:25:26.0087 2388  a2injectiondriver - ok
16:25:26.0131 2388  [ E41D79682A209F72F4F578CFD4A53952 ] a2util          C:\Program Files (x86)\Preventon Antivirus\a2util64.sys
16:25:26.0133 2388  a2util - ok
16:25:26.0164 2388  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:25:26.0171 2388  ACPI - ok
16:25:26.0213 2388  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:25:26.0215 2388  AcpiPmi - ok
16:25:26.0269 2388  [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys
16:25:26.0271 2388  ACPIVPC - ok
16:25:26.0383 2388  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:25:26.0385 2388  AdobeARMservice - ok
16:25:26.0619 2388  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:25:26.0624 2388  AdobeFlashPlayerUpdateSvc - ok
16:25:26.0692 2388  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
16:25:26.0721 2388  adp94xx - ok
16:25:26.0753 2388  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
16:25:26.0757 2388  adpahci - ok
16:25:26.0797 2388  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
16:25:26.0803 2388  adpu320 - ok
16:25:26.0849 2388  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:25:26.0849 2388  AeLookupSvc - ok
16:25:26.0913 2388  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
16:25:26.0922 2388  AFD - ok
16:25:26.0978 2388  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
16:25:26.0982 2388  agp440 - ok
16:25:27.0008 2388  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
16:25:27.0012 2388  ALG - ok
16:25:27.0038 2388  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
16:25:27.0047 2388  aliide - ok
16:25:27.0091 2388  [ A9141F9FE92E67A92B3948635E96CF77 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
16:25:27.0093 2388  AMD External Events Utility - ok
16:25:27.0134 2388  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
16:25:27.0135 2388  amdide - ok
16:25:27.0154 2388  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
16:25:27.0157 2388  AmdK8 - ok
16:25:27.0348 2388  [ 99A33223B2D67A5A8839E373490F8EBC ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
16:25:27.0517 2388  amdkmdag - ok
16:25:27.0572 2388  [ 73A3D07343773A4F0881A458D485BE11 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
16:25:27.0578 2388  amdkmdap - ok
16:25:27.0636 2388  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
16:25:27.0640 2388  AmdPPM - ok
16:25:27.0676 2388  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:25:27.0681 2388  amdsata - ok
16:25:27.0723 2388  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
16:25:27.0728 2388  amdsbs - ok
16:25:27.0747 2388  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:25:27.0748 2388  amdxata - ok
16:25:27.0787 2388  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
16:25:27.0790 2388  AppID - ok
16:25:27.0809 2388  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:25:27.0810 2388  AppIDSvc - ok
16:25:27.0847 2388  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
16:25:27.0848 2388  Appinfo - ok
16:25:27.0874 2388  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
16:25:27.0876 2388  arc - ok
16:25:27.0890 2388  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
16:25:27.0893 2388  arcsas - ok
16:25:27.0923 2388  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:25:27.0925 2388  AsyncMac - ok
16:25:27.0973 2388  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
16:25:27.0976 2388  atapi - ok
16:25:28.0094 2388  [ 782D36BAD8DDBF008D02E055DBE70F82 ] athr            C:\windows\system32\DRIVERS\athrx.sys
16:25:28.0157 2388  athr - ok
16:25:28.0249 2388  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:25:28.0261 2388  AudioEndpointBuilder - ok
16:25:28.0316 2388  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
16:25:28.0328 2388  AudioSrv - ok
16:25:28.0404 2388  [ 959E2F1BC61D9C7BC13BA80825472C42 ] AV Assistant Service C:/Program Files (x86)/Preventon Antivirus/AVAssistant.exe
16:25:28.0416 2388  AV Assistant Service - ok
16:25:28.0506 2388  [ 8B0ED8DA7E733D4932A93D9332946E28 ] AV Scanning Service C:/Program Files (x86)/Preventon Antivirus/AVScanningService.exe
16:25:28.0526 2388  AV Scanning Service - ok
16:25:28.0600 2388  [ 7C9EB330A6EB7B6ABFA7B0593899E2DE ] AVFSFilter      C:\windows\system32\DRIVERS\avfsfilter.sys
16:25:28.0603 2388  AVFSFilter - ok
16:25:28.0673 2388  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:25:28.0677 2388  AxInstSV - ok
16:25:28.0744 2388  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
16:25:28.0753 2388  b06bdrv - ok
16:25:28.0836 2388  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
16:25:28.0844 2388  b57nd60a - ok
16:25:28.0922 2388  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
16:25:28.0927 2388  BDESVC - ok
16:25:28.0948 2388  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
16:25:28.0951 2388  Beep - ok
16:25:29.0001 2388  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
16:25:29.0007 2388  BFE - ok
16:25:29.0048 2388  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
16:25:29.0064 2388  BITS - ok
16:25:29.0096 2388  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:25:29.0098 2388  blbdrive - ok
16:25:29.0169 2388  [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:25:29.0176 2388  Bonjour Service - ok
16:25:29.0203 2388  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:25:29.0206 2388  bowser - ok
16:25:29.0259 2388  [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv         C:\windows\system32\drivers\BPntDrv.sys
16:25:29.0262 2388  BPntDrv - ok
16:25:29.0293 2388  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
16:25:29.0295 2388  BrFiltLo - ok
16:25:29.0315 2388  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
16:25:29.0318 2388  BrFiltUp - ok
16:25:29.0357 2388  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
16:25:29.0361 2388  Browser - ok
16:25:29.0383 2388  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:25:29.0391 2388  Brserid - ok
16:25:29.0401 2388  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:25:29.0404 2388  BrSerWdm - ok
16:25:29.0410 2388  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:25:29.0411 2388  BrUsbMdm - ok
16:25:29.0417 2388  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:25:29.0418 2388  BrUsbSer - ok
16:25:29.0466 2388  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
16:25:29.0470 2388  BthEnum - ok
16:25:29.0511 2388  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
16:25:29.0515 2388  BTHMODEM - ok
16:25:29.0540 2388  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
16:25:29.0544 2388  BthPan - ok
16:25:29.0601 2388  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
16:25:29.0609 2388  BTHPORT - ok
16:25:29.0671 2388  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
16:25:29.0674 2388  bthserv - ok
16:25:29.0699 2388  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
16:25:29.0703 2388  BTHUSB - ok
16:25:29.0770 2388  [ 9DE56FA4533E485AE5409D3C11747143 ] BTWAMPFL        C:\windows\system32\DRIVERS\btwampfl.sys
16:25:29.0779 2388  BTWAMPFL - ok
16:25:29.0842 2388  [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
16:25:29.0846 2388  btwaudio - ok
16:25:29.0891 2388  [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
16:25:29.0897 2388  btwavdt - ok
16:25:30.0017 2388  [ 7987FFFDA812ABC69047D1B029D446A2 ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
16:25:30.0033 2388  btwdins - ok
16:25:30.0059 2388  [ E8D2BCD080EA91E74775B9F5EA051F97 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
16:25:30.0061 2388  btwl2cap - ok
16:25:30.0089 2388  [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
16:25:30.0090 2388  btwrchid - ok
16:25:30.0130 2388  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:25:30.0132 2388  cdfs - ok
16:25:30.0184 2388  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
16:25:30.0190 2388  cdrom - ok
16:25:30.0237 2388  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
16:25:30.0240 2388  CertPropSvc - ok
16:25:30.0255 2388  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
16:25:30.0259 2388  circlass - ok
16:25:30.0285 2388  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
16:25:30.0291 2388  CLFS - ok
16:25:30.0438 2388  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:25:30.0441 2388  clr_optimization_v2.0.50727_32 - ok
16:25:30.0477 2388  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:25:30.0481 2388  clr_optimization_v2.0.50727_64 - ok
16:25:30.0574 2388  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:25:30.0600 2388  clr_optimization_v4.0.30319_32 - ok
16:25:30.0672 2388  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:25:30.0695 2388  clr_optimization_v4.0.30319_64 - ok
16:25:30.0758 2388  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
16:25:30.0761 2388  clwvd - ok
16:25:30.0807 2388  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:25:30.0810 2388  CmBatt - ok
16:25:30.0835 2388  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:25:30.0838 2388  cmdide - ok
16:25:30.0891 2388  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
16:25:30.0898 2388  CNG - ok
16:25:30.0995 2388  [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
16:25:31.0032 2388  CnxtHdAudService - ok
16:25:31.0079 2388  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
16:25:31.0081 2388  Compbatt - ok
16:25:31.0107 2388  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
16:25:31.0109 2388  CompositeBus - ok
16:25:31.0122 2388  COMSysApp - ok
16:25:31.0146 2388  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
16:25:31.0148 2388  crcdisk - ok
16:25:31.0195 2388  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:25:31.0197 2388  CryptSvc - ok
16:25:31.0236 2388  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
16:25:31.0247 2388  DcomLaunch - ok
16:25:31.0298 2388  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
16:25:31.0307 2388  defragsvc - ok
16:25:31.0339 2388  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:25:31.0343 2388  DfsC - ok
16:25:31.0390 2388  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
16:25:31.0397 2388  Dhcp - ok
16:25:31.0427 2388  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
16:25:31.0430 2388  discache - ok
16:25:31.0479 2388  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
16:25:31.0482 2388  Disk - ok
16:25:31.0519 2388  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:25:31.0525 2388  Dnscache - ok
16:25:31.0549 2388  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
16:25:31.0556 2388  dot3svc - ok
16:25:31.0576 2388  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
16:25:31.0578 2388  DPS - ok
16:25:31.0629 2388  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:25:31.0632 2388  drmkaud - ok
16:25:31.0693 2388  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\windows\system32\DRIVERS\dtsoftbus01.sys
16:25:31.0700 2388  dtsoftbus01 - ok
16:25:31.0760 2388  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:25:31.0793 2388  DXGKrnl - ok
16:25:31.0821 2388  EagleX64 - ok
16:25:31.0874 2388  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
16:25:31.0878 2388  EapHost - ok
16:25:31.0977 2388  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
16:25:32.0054 2388  ebdrv - ok
16:25:32.0104 2388  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
16:25:32.0106 2388  EFS - ok
16:25:32.0197 2388  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:25:32.0230 2388  ehRecvr - ok
16:25:32.0250 2388  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
16:25:32.0254 2388  ehSched - ok
16:25:32.0304 2388  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
16:25:32.0312 2388  elxstor - ok
16:25:32.0333 2388  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:25:32.0334 2388  ErrDev - ok
16:25:32.0394 2388  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
16:25:32.0398 2388  EventSystem - ok
16:25:32.0443 2388  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
16:25:32.0449 2388  exfat - ok
16:25:32.0472 2388  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:25:32.0478 2388  fastfat - ok
16:25:32.0502 2388  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
16:25:32.0514 2388  Fax - ok
16:25:32.0527 2388  [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon          C:\windows\system32\drivers\fbfmon.sys
16:25:32.0530 2388  fbfmon - ok
16:25:32.0547 2388  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
16:25:32.0549 2388  fdc - ok
16:25:32.0567 2388  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
16:25:32.0568 2388  fdPHost - ok
16:25:32.0583 2388  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
16:25:32.0585 2388  FDResPub - ok
16:25:32.0623 2388  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:25:32.0626 2388  FileInfo - ok
16:25:32.0638 2388  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:25:32.0641 2388  Filetrace - ok
16:25:32.0771 2388  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:25:32.0791 2388  FLEXnet Licensing Service - ok
16:25:32.0818 2388  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
16:25:32.0821 2388  flpydisk - ok
16:25:32.0843 2388  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:25:32.0850 2388  FltMgr - ok
16:25:32.0900 2388  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
16:25:32.0918 2388  FontCache - ok
16:25:32.0978 2388  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:25:32.0982 2388  FontCache3.0.0.0 - ok
16:25:33.0004 2388  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:25:33.0007 2388  FsDepends - ok
16:25:33.0027 2388  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:25:33.0029 2388  Fs_Rec - ok
16:25:33.0085 2388  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:25:33.0091 2388  fvevol - ok
16:25:33.0120 2388  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
16:25:33.0124 2388  gagp30kx - ok
16:25:33.0167 2388  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
16:25:33.0178 2388  gpsvc - ok
16:25:33.0290 2388  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:25:33.0294 2388  gupdate - ok
16:25:33.0327 2388  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:25:33.0330 2388  gupdatem - ok
16:25:33.0355 2388  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:25:33.0358 2388  hcw85cir - ok
16:25:33.0399 2388  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:25:33.0408 2388  HdAudAddService - ok
16:25:33.0446 2388  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
16:25:33.0451 2388  HDAudBus - ok
16:25:33.0474 2388  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
16:25:33.0478 2388  HidBatt - ok
16:25:33.0514 2388  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
16:25:33.0519 2388  HidBth - ok
16:25:33.0540 2388  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
16:25:33.0543 2388  HidIr - ok
16:25:33.0578 2388  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
16:25:33.0582 2388  hidserv - ok
16:25:33.0596 2388  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:25:33.0600 2388  HidUsb - ok
16:25:33.0618 2388  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:25:33.0622 2388  hkmsvc - ok
16:25:33.0642 2388  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:25:33.0645 2388  HomeGroupListener - ok
16:25:33.0668 2388  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:25:33.0671 2388  HomeGroupProvider - ok
16:25:33.0705 2388  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:25:33.0708 2388  HpSAMD - ok
16:25:33.0763 2388  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:25:33.0786 2388  HTTP - ok
16:25:33.0797 2388  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:25:33.0799 2388  hwpolicy - ok
16:25:33.0824 2388  [ 5E75CA03513BF7563F9A6AFCBDC47AC2 ] hxhrcall        C:\windows\system32\drivers\hxhrcall.sys
16:25:33.0826 2388  hxhrcall - ok
16:25:33.0863 2388  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
16:25:33.0866 2388  i8042prt - ok
16:25:33.0922 2388  [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
16:25:33.0926 2388  iaStor - ok
16:25:34.0011 2388  [ F5C0317AF600F8C0D7E4202EB04232B1 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:25:34.0014 2388  IAStorDataMgrSvc - ok
16:25:34.0055 2388  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:25:34.0064 2388  iaStorV - ok
16:25:34.0163 2388  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:25:34.0200 2388  idsvc - ok
16:25:34.0469 2388  [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
16:25:34.0691 2388  igfx - ok
16:25:34.0734 2388  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
16:25:34.0735 2388  iirsp - ok
16:25:34.0770 2388  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
16:25:34.0787 2388  IKEEXT - ok
16:25:34.0837 2388  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
16:25:34.0845 2388  IntcDAud - ok
16:25:34.0853 2388  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
16:25:34.0856 2388  intelide - ok
16:25:35.0089 2388  [ 795C99DC4F574C97C03D0BB39CF099EE ] intelkmd        C:\windows\system32\DRIVERS\igdpmd64.sys
16:25:35.0306 2388  intelkmd - ok
16:25:35.0340 2388  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:25:35.0341 2388  intelppm - ok
16:25:35.0372 2388  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:25:35.0374 2388  IPBusEnum - ok
16:25:35.0382 2388  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:25:35.0386 2388  IpFilterDriver - ok
16:25:35.0452 2388  [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc        C:\windows\System32\iphlpsvc.dll
16:25:35.0463 2388  IpHlpSvc - ok
16:25:35.0470 2388  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:25:35.0472 2388  IPMIDRV - ok
16:25:35.0485 2388  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:25:35.0487 2388  IPNAT - ok
16:25:35.0513 2388  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:25:35.0514 2388  IRENUM - ok
16:25:35.0531 2388  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:25:35.0533 2388  isapnp - ok
16:25:35.0546 2388  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:25:35.0551 2388  iScsiPrt - ok
16:25:35.0587 2388  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:25:35.0590 2388  kbdclass - ok
16:25:35.0623 2388  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
16:25:35.0626 2388  kbdhid - ok
16:25:35.0660 2388  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
16:25:35.0664 2388  KeyIso - ok
16:25:35.0700 2388  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:25:35.0703 2388  KSecDD - ok
16:25:35.0722 2388  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:25:35.0728 2388  KSecPkg - ok
16:25:35.0747 2388  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
16:25:35.0749 2388  ksthunk - ok
16:25:35.0778 2388  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
16:25:35.0784 2388  KtmRm - ok
16:25:35.0853 2388  [ 95CA93FC12BE372BB952669F37FFF9C5 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
16:25:35.0857 2388  L1C - ok
16:25:35.0913 2388  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
16:25:35.0920 2388  LanmanServer - ok
16:25:35.0958 2388  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:25:35.0965 2388  LanmanWorkstation - ok
16:25:36.0024 2388  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
16:25:36.0027 2388  LHDmgr - ok
16:25:36.0076 2388  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:25:36.0080 2388  lltdio - ok
16:25:36.0108 2388  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:25:36.0117 2388  lltdsvc - ok
16:25:36.0155 2388  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
16:25:36.0159 2388  lmhosts - ok
16:25:36.0237 2388  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:25:36.0244 2388  LMS - ok
16:25:36.0290 2388  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
16:25:36.0295 2388  LSI_FC - ok
16:25:36.0309 2388  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
16:25:36.0314 2388  LSI_SAS - ok
16:25:36.0323 2388  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
16:25:36.0328 2388  LSI_SAS2 - ok
16:25:36.0338 2388  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
16:25:36.0340 2388  LSI_SCSI - ok
16:25:36.0385 2388  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
16:25:36.0388 2388  luafv - ok
16:25:36.0467 2388  [ 3CD0D8FC5FE6F7AE85AC8B818F9029B4 ] mcdevice        C:\windows\system32\DRIVERS\mcdevice.sys
16:25:36.0476 2388  mcdevice - ok
16:25:36.0500 2388  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:25:36.0505 2388  Mcx2Svc - ok
16:25:36.0513 2388  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
16:25:36.0515 2388  megasas - ok
16:25:36.0539 2388  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
16:25:36.0546 2388  MegaSR - ok
16:25:36.0598 2388  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
16:25:36.0601 2388  MEIx64 - ok
16:25:36.0624 2388  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
16:25:36.0626 2388  MMCSS - ok
16:25:36.0634 2388  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
16:25:36.0635 2388  Modem - ok
16:25:36.0672 2388  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:25:36.0673 2388  monitor - ok
16:25:36.0716 2388  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:25:36.0720 2388  mouclass - ok
16:25:36.0740 2388  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:25:36.0742 2388  mouhid - ok
16:25:36.0769 2388  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:25:36.0772 2388  mountmgr - ok
16:25:36.0796 2388  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
16:25:36.0800 2388  mpio - ok
16:25:36.0813 2388  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:25:36.0816 2388  mpsdrv - ok
16:25:36.0851 2388  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:25:36.0860 2388  MpsSvc - ok
16:25:36.0883 2388  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:25:36.0887 2388  MRxDAV - ok
16:25:36.0913 2388  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:25:36.0917 2388  mrxsmb - ok
16:25:36.0950 2388  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:25:36.0955 2388  mrxsmb10 - ok
16:25:36.0973 2388  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:25:36.0976 2388  mrxsmb20 - ok
16:25:37.0004 2388  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
16:25:37.0006 2388  msahci - ok
16:25:37.0026 2388  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:25:37.0030 2388  msdsm - ok
16:25:37.0060 2388  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
16:25:37.0065 2388  MSDTC - ok
16:25:37.0091 2388  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:25:37.0093 2388  Msfs - ok
16:25:37.0103 2388  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:25:37.0105 2388  mshidkmdf - ok
16:25:37.0119 2388  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:25:37.0120 2388  msisadrv - ok
16:25:37.0170 2388  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:25:37.0174 2388  MSiSCSI - ok
16:25:37.0182 2388  msiserver - ok
16:25:37.0219 2388  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:25:37.0221 2388  MSKSSRV - ok
16:25:37.0258 2388  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:25:37.0260 2388  MSPCLOCK - ok
16:25:37.0289 2388  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:25:37.0290 2388  MSPQM - ok
16:25:37.0311 2388  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:25:37.0317 2388  MsRPC - ok
16:25:37.0331 2388  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
16:25:37.0333 2388  mssmbios - ok
16:25:37.0350 2388  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:25:37.0352 2388  MSTEE - ok
16:25:37.0356 2388  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
16:25:37.0358 2388  MTConfig - ok
16:25:37.0370 2388  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
16:25:37.0373 2388  Mup - ok
16:25:37.0402 2388  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
16:25:37.0407 2388  napagent - ok
16:25:37.0454 2388  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:25:37.0463 2388  NativeWifiP - ok
16:25:37.0615 2388  [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
16:25:37.0627 2388  NAUpdate - ok
16:25:37.0729 2388  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
16:25:37.0765 2388  NDIS - ok
16:25:37.0817 2388  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:25:37.0821 2388  NdisCap - ok
16:25:37.0857 2388  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:25:37.0860 2388  NdisTapi - ok
16:25:37.0903 2388  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:25:37.0907 2388  Ndisuio - ok
16:25:37.0922 2388  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:25:37.0928 2388  NdisWan - ok
16:25:37.0945 2388  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:25:37.0948 2388  NDProxy - ok
16:25:37.0983 2388  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:25:37.0985 2388  NetBIOS - ok
16:25:38.0000 2388  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:25:38.0005 2388  NetBT - ok
16:25:38.0037 2388  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
16:25:38.0040 2388  Netlogon - ok
16:25:38.0064 2388  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
16:25:38.0071 2388  Netman - ok
16:25:38.0083 2388  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
16:25:38.0089 2388  netprofm - ok
16:25:38.0125 2388  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:25:38.0128 2388  NetTcpPortSharing - ok
16:25:38.0157 2388  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
16:25:38.0161 2388  nfrd960 - ok
16:25:38.0213 2388  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
16:25:38.0220 2388  NlaSvc - ok
16:25:38.0237 2388  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:25:38.0240 2388  Npfs - ok
16:25:38.0252 2388  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
16:25:38.0255 2388  nsi - ok
16:25:38.0270 2388  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:25:38.0272 2388  nsiproxy - ok
16:25:38.0339 2388  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:25:38.0375 2388  Ntfs - ok
16:25:38.0395 2388  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
16:25:38.0397 2388  Null - ok
16:25:38.0424 2388  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\windows\system32\DRIVERS\nusb3hub.sys
16:25:38.0427 2388  nusb3hub - ok
16:25:38.0457 2388  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\windows\system32\DRIVERS\nusb3xhc.sys
16:25:38.0462 2388  nusb3xhc - ok
16:25:38.0505 2388  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:25:38.0510 2388  nvraid - ok
16:25:38.0543 2388  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:25:38.0548 2388  nvstor - ok
16:25:38.0587 2388  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:25:38.0591 2388  nv_agp - ok
16:25:38.0607 2388  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:25:38.0610 2388  ohci1394 - ok
16:25:38.0635 2388  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:25:38.0640 2388  p2pimsvc - ok
16:25:38.0664 2388  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
16:25:38.0671 2388  p2psvc - ok
16:25:38.0678 2388  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
16:25:38.0681 2388  Parport - ok
16:25:38.0715 2388  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:25:38.0718 2388  partmgr - ok
16:25:38.0738 2388  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:25:38.0744 2388  PcaSvc - ok
16:25:38.0786 2388  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
16:25:38.0790 2388  pci - ok
16:25:38.0805 2388  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
16:25:38.0808 2388  pciide - ok
16:25:38.0831 2388  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
16:25:38.0836 2388  pcmcia - ok
16:25:38.0858 2388  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
16:25:38.0860 2388  pcw - ok
16:25:38.0885 2388  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:25:38.0896 2388  PEAUTH - ok
16:25:38.0993 2388  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
16:25:38.0997 2388  PerfHost - ok
16:25:39.0074 2388  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
16:25:39.0126 2388  pla - ok
16:25:39.0195 2388  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:25:39.0205 2388  PlugPlay - ok
16:25:39.0229 2388  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:25:39.0232 2388  PNRPAutoReg - ok
16:25:39.0257 2388  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:25:39.0261 2388  PNRPsvc - ok
16:25:39.0301 2388  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:25:39.0307 2388  PolicyAgent - ok
16:25:39.0336 2388  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
16:25:39.0341 2388  Power - ok
16:25:39.0389 2388  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:25:39.0393 2388  PptpMiniport - ok
16:25:39.0423 2388  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
16:25:39.0426 2388  Processor - ok
16:25:39.0455 2388  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
16:25:39.0460 2388  ProfSvc - ok
16:25:39.0495 2388  Prot6Flt - ok
16:25:39.0515 2388  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:25:39.0518 2388  ProtectedStorage - ok
16:25:39.0555 2388  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:25:39.0560 2388  Psched - ok
16:25:39.0631 2388  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
16:25:39.0667 2388  ql2300 - ok
16:25:39.0692 2388  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
16:25:39.0695 2388  ql40xx - ok
16:25:39.0726 2388  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
16:25:39.0732 2388  QWAVE - ok
16:25:39.0745 2388  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:25:39.0748 2388  QWAVEdrv - ok
16:25:39.0765 2388  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:25:39.0767 2388  RasAcd - ok
16:25:39.0800 2388  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:25:39.0802 2388  RasAgileVpn - ok
16:25:39.0814 2388  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
16:25:39.0817 2388  RasAuto - ok
16:25:39.0832 2388  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:25:39.0835 2388  Rasl2tp - ok
16:25:39.0848 2388  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
16:25:39.0854 2388  RasMan - ok
16:25:39.0869 2388  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:25:39.0872 2388  RasPppoe - ok
16:25:39.0905 2388  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:25:39.0909 2388  RasSstp - ok
16:25:39.0930 2388  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:25:39.0938 2388  rdbss - ok
16:25:39.0959 2388  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
16:25:39.0962 2388  rdpbus - ok
16:25:39.0997 2388  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:25:39.0999 2388  RDPCDD - ok
16:25:40.0024 2388  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:25:40.0026 2388  RDPENCDD - ok
16:25:40.0043 2388  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:25:40.0045 2388  RDPREFMP - ok
16:25:40.0075 2388  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:25:40.0080 2388  RDPWD - ok
16:25:40.0117 2388  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:25:40.0124 2388  rdyboost - ok
16:25:40.0173 2388  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
16:25:40.0177 2388  RemoteAccess - ok
16:25:40.0213 2388  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:25:40.0221 2388  RemoteRegistry - ok
16:25:40.0265 2388  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
16:25:40.0270 2388  RFCOMM - ok
16:25:40.0306 2388  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:25:40.0311 2388  RpcEptMapper - ok
16:25:40.0337 2388  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
16:25:40.0340 2388  RpcLocator - ok
16:25:40.0370 2388  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
16:25:40.0380 2388  RpcSs - ok
16:25:40.0418 2388  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:25:40.0422 2388  rspndr - ok
16:25:40.0470 2388  [ 89DFB71B370D82DFE75183F677043CEE ] RSUSBVSTOR      C:\windows\system32\Drivers\RtsUVStor.sys
16:25:40.0476 2388  RSUSBVSTOR - ok
16:25:40.0509 2388  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
16:25:40.0514 2388  RTL8167 - ok
16:25:40.0548 2388  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
16:25:40.0551 2388  SamSs - ok
16:25:40.0559 2388  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:25:40.0563 2388  sbp2port - ok
16:25:40.0615 2388  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:25:40.0622 2388  SCardSvr - ok
16:25:40.0638 2388  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:25:40.0641 2388  scfilter - ok
16:25:40.0685 2388  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
16:25:40.0701 2388  Schedule - ok
16:25:40.0748 2388  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
16:25:40.0751 2388  SCPolicySvc - ok
16:25:40.0768 2388  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:25:40.0775 2388  SDRSVC - ok
16:25:40.0813 2388  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:25:40.0816 2388  secdrv - ok
16:25:40.0830 2388  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
16:25:40.0836 2388  seclogon - ok
16:25:40.0857 2388  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
16:25:40.0862 2388  SENS - ok
16:25:40.0897 2388  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:25:40.0901 2388  SensrSvc - ok
16:25:40.0916 2388  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
16:25:40.0920 2388  Serenum - ok
16:25:40.0961 2388  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
16:25:40.0965 2388  Serial - ok
16:25:40.0982 2388  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
16:25:40.0985 2388  sermouse - ok
16:25:41.0055 2388  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
16:25:41.0062 2388  SessionEnv - ok
16:25:41.0070 2388  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:25:41.0073 2388  sffdisk - ok
16:25:41.0078 2388  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:25:41.0080 2388  sffp_mmc - ok
16:25:41.0085 2388  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:25:41.0087 2388  sffp_sd - ok
16:25:41.0091 2388  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
16:25:41.0093 2388  sfloppy - ok
16:25:41.0120 2388  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:25:41.0125 2388  SharedAccess - ok
16:25:41.0141 2388  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:25:41.0144 2388  ShellHWDetection - ok
16:25:41.0163 2388  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
16:25:41.0164 2388  SiSRaid2 - ok
16:25:41.0168 2388  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
16:25:41.0170 2388  SiSRaid4 - ok
16:25:41.0267 2388  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:25:41.0272 2388  SkypeUpdate - ok
16:25:41.0294 2388  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:25:41.0299 2388  Smb - ok
16:25:41.0349 2388  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:25:41.0354 2388  SNMPTRAP - ok
16:25:41.0384 2388  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
16:25:41.0387 2388  spldr - ok
16:25:41.0436 2388  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
16:25:41.0446 2388  Spooler - ok
16:25:41.0535 2388  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
16:25:41.0564 2388  sppsvc - ok
16:25:41.0584 2388  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:25:41.0586 2388  sppuinotify - ok
16:25:41.0644 2388  [ 454800C2BC7F3927CE030141EE4F4C50 ] SPUVCbv         C:\windows\system32\Drivers\usbvideo.sys
16:25:41.0650 2388  SPUVCbv - ok
16:25:41.0686 2388  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
16:25:41.0698 2388  srv - ok
16:25:41.0740 2388  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:25:41.0751 2388  srv2 - ok
16:25:41.0779 2388  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:25:41.0783 2388  srvnet - ok
16:25:41.0805 2388  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:25:41.0809 2388  SSDPSRV - ok
16:25:41.0819 2388  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:25:41.0822 2388  SstpSvc - ok
16:25:41.0875 2388  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
16:25:41.0877 2388  stexstor - ok
16:25:41.0917 2388  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
16:25:41.0929 2388  stisvc - ok
16:25:41.0944 2388  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
16:25:41.0947 2388  swenum - ok
16:25:41.0964 2388  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
16:25:41.0974 2388  swprv - ok
16:25:42.0041 2388  [ 9643991B5CFD7A9BA68626B7A005F7E6 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
16:25:42.0077 2388  SynTP - ok
16:25:42.0116 2388  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
16:25:42.0149 2388  SysMain - ok
16:25:42.0169 2388  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:25:42.0171 2388  TabletInputService - ok
16:25:42.0346 2388  [ C0255D8E3ABE790694927624603F8F10 ] TabletServiceWacom C:\windows\system32\Wacom_Tablet.exe
16:25:42.0383 2388  TabletServiceWacom - ok
16:25:42.0419 2388  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
16:25:42.0424 2388  TapiSrv - ok
16:25:42.0439 2388  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
16:25:42.0446 2388  TBS - ok
16:25:42.0518 2388  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:25:42.0575 2388  Tcpip - ok
16:25:42.0613 2388  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:25:42.0625 2388  TCPIP6 - ok
16:25:42.0664 2388  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:25:42.0666 2388  tcpipreg - ok
16:25:42.0693 2388  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:25:42.0696 2388  TDPIPE - ok
16:25:42.0718 2388  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:25:42.0721 2388  TDTCP - ok
16:25:42.0739 2388  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:25:42.0743 2388  tdx - ok
16:25:42.0776 2388  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
16:25:42.0779 2388  TermDD - ok
16:25:42.0813 2388  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
16:25:42.0831 2388  TermService - ok
16:25:42.0845 2388  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
16:25:42.0848 2388  Themes - ok
16:25:42.0868 2388  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
16:25:42.0871 2388  THREADORDER - ok
16:25:42.0888 2388  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
16:25:42.0892 2388  TrkWks - ok
16:25:42.0940 2388  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:25:42.0944 2388  TrustedInstaller - ok
16:25:42.0974 2388  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:25:42.0977 2388  tssecsrv - ok
16:25:43.0020 2388  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:25:43.0024 2388  TsUsbFlt - ok
16:25:43.0031 2388  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
16:25:43.0033 2388  TsUsbGD - ok
16:25:43.0080 2388  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:25:43.0084 2388  tunnel - ok
16:25:43.0092 2388  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
16:25:43.0095 2388  uagp35 - ok
16:25:43.0106 2388  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:25:43.0114 2388  udfs - ok
16:25:43.0141 2388  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:25:43.0144 2388  UI0Detect - ok
16:25:43.0157 2388  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:25:43.0159 2388  uliagpkx - ok
16:25:43.0193 2388  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
16:25:43.0195 2388  umbus - ok
16:25:43.0211 2388  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
16:25:43.0212 2388  UmPass - ok
16:25:43.0296 2388  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:25:43.0308 2388  UNS - ok
16:25:43.0331 2388  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
16:25:43.0333 2388  upnphost - ok
16:25:43.0379 2388  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
16:25:43.0381 2388  usbaudio - ok
16:25:43.0421 2388  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:25:43.0426 2388  usbccgp - ok
16:25:43.0446 2388  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:25:43.0449 2388  usbcir - ok
16:25:43.0472 2388  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
16:25:43.0474 2388  usbehci - ok
16:25:43.0517 2388  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:25:43.0524 2388  usbhub - ok
16:25:43.0550 2388  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
16:25:43.0552 2388  usbohci - ok
16:25:43.0567 2388  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
16:25:43.0569 2388  usbprint - ok
16:25:43.0589 2388  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:25:43.0592 2388  USBSTOR - ok
16:25:43.0609 2388  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:25:43.0611 2388  usbuhci - ok
16:25:43.0644 2388  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
16:25:43.0646 2388  usbvideo - ok
16:25:43.0673 2388  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
16:25:43.0676 2388  UxSms - ok
16:25:43.0692 2388  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
16:25:43.0694 2388  VaultSvc - ok
16:25:43.0736 2388  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:25:43.0739 2388  vdrvroot - ok
16:25:43.0767 2388  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
16:25:43.0776 2388  vds - ok
16:25:43.0798 2388  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:25:43.0800 2388  vga - ok
16:25:43.0815 2388  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
16:25:43.0817 2388  VgaSave - ok
16:25:43.0836 2388  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:25:43.0840 2388  vhdmp - ok
16:25:43.0844 2388  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
16:25:43.0846 2388  viaide - ok
16:25:43.0867 2388  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:25:43.0869 2388  volmgr - ok
16:25:43.0887 2388  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:25:43.0892 2388  volmgrx - ok
16:25:43.0912 2388  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:25:43.0918 2388  volsnap - ok
16:25:43.0955 2388  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
16:25:43.0961 2388  vsmraid - ok
16:25:44.0030 2388  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
16:25:44.0076 2388  VSS - ok
16:25:44.0095 2388  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:25:44.0097 2388  vwifibus - ok
16:25:44.0134 2388  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:25:44.0137 2388  vwififlt - ok
16:25:44.0183 2388  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:25:44.0186 2388  vwifimp - ok
16:25:44.0227 2388  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
16:25:44.0237 2388  W32Time - ok
16:25:44.0287 2388  [ 37E4600E2CDAD3C1A3613A25B97D457C ] wacmoumonitor   C:\windows\system32\DRIVERS\wacmoumonitor.sys
16:25:44.0290 2388  wacmoumonitor - ok
16:25:44.0357 2388  [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\windows\system32\DRIVERS\wacommousefilter.sys
16:25:44.0360 2388  wacommousefilter - ok
16:25:44.0382 2388  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
16:25:44.0395 2388  WacomPen - ok
16:25:44.0431 2388  [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid       C:\windows\system32\DRIVERS\wacomvhid.sys
16:25:44.0434 2388  wacomvhid - ok
16:25:44.0476 2388  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:25:44.0480 2388  WANARP - ok
16:25:44.0496 2388  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:25:44.0501 2388  Wanarpv6 - ok
16:25:44.0580 2388  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
16:25:44.0627 2388  WatAdminSvc - ok
16:25:44.0700 2388  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
16:25:44.0743 2388  wbengine - ok
16:25:44.0770 2388  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:25:44.0778 2388  WbioSrvc - ok
16:25:44.0806 2388  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:25:44.0816 2388  wcncsvc - ok
16:25:44.0834 2388  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:25:44.0839 2388  WcsPlugInService - ok
16:25:44.0866 2388  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
16:25:44.0869 2388  Wd - ok
16:25:44.0905 2388  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:25:44.0927 2388  Wdf01000 - ok
16:25:44.0944 2388  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:25:44.0949 2388  WdiServiceHost - ok
16:25:44.0954 2388  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:25:44.0959 2388  WdiSystemHost - ok
16:25:44.0981 2388  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
16:25:44.0989 2388  WebClient - ok
16:25:45.0010 2388  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:25:45.0018 2388  Wecsvc - ok
16:25:45.0037 2388  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:25:45.0043 2388  wercplsupport - ok
16:25:45.0077 2388  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
16:25:45.0081 2388  WerSvc - ok
16:25:45.0107 2388  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:25:45.0110 2388  WfpLwf - ok
16:25:45.0136 2388  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:25:45.0139 2388  WIMMount - ok
16:25:45.0158 2388  WinDefend - ok
16:25:45.0166 2388  WinHttpAutoProxySvc - ok
16:25:45.0237 2388  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:25:45.0240 2388  Winmgmt - ok
16:25:45.0326 2388  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
16:25:45.0418 2388  WinRM - ok
16:25:45.0518 2388  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
16:25:45.0522 2388  WinUsb - ok
16:25:45.0575 2388  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
16:25:45.0591 2388  Wlansvc - ok
16:25:45.0669 2388  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:25:45.0673 2388  wlcrasvc - ok
16:25:45.0773 2388  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:25:45.0798 2388  wlidsvc - ok
16:25:45.0834 2388  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
16:25:45.0837 2388  WmiAcpi - ok
16:25:45.0866 2388  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:25:45.0871 2388  wmiApSrv - ok
16:25:45.0891 2388  WMPNetworkSvc - ok
16:25:45.0917 2388  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:25:45.0920 2388  WPCSvc - ok
16:25:45.0941 2388  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:25:45.0945 2388  WPDBusEnum - ok
16:25:45.0974 2388  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:25:45.0976 2388  ws2ifsl - ok
16:25:45.0988 2388  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
16:25:45.0992 2388  wscsvc - ok
16:25:45.0997 2388  WSearch - ok
16:25:46.0030 2388  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
16:25:46.0033 2388  wsvd - ok
16:25:46.0106 2388  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
16:25:46.0122 2388  wuauserv - ok
16:25:46.0146 2388  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:25:46.0148 2388  WudfPf - ok
16:25:46.0179 2388  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:25:46.0182 2388  WUDFRd - ok
16:25:46.0210 2388  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:25:46.0215 2388  wudfsvc - ok
16:25:46.0259 2388  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
16:25:46.0265 2388  WwanSvc - ok
16:25:46.0323 2388  ================ Scan global ===============================
16:25:46.0360 2388  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:25:46.0404 2388  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:25:46.0426 2388  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:25:46.0459 2388  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:25:46.0492 2388  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:25:46.0500 2388  [Global] - ok
16:25:46.0501 2388  ================ Scan MBR ==================================
16:25:46.0517 2388  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:25:46.0757 2388  \Device\Harddisk0\DR0 - ok
16:25:46.0759 2388  ================ Scan VBR ==================================
16:25:46.0764 2388  [ 5FF891F21043D9F1DE4981DB8E612558 ] \Device\Harddisk0\DR0\Partition1
16:25:46.0767 2388  \Device\Harddisk0\DR0\Partition1 - ok
16:25:46.0777 2388  [ 5D29531A18ED9FCAB01149C6CC515A27 ] \Device\Harddisk0\DR0\Partition2
16:25:46.0780 2388  \Device\Harddisk0\DR0\Partition2 - ok
16:25:46.0819 2388  [ B0C91858D5F1D02C0F38765E2F3294F1 ] \Device\Harddisk0\DR0\Partition3
16:25:46.0822 2388  \Device\Harddisk0\DR0\Partition3 - ok
16:25:46.0824 2388  ============================================================
16:25:46.0824 2388  Scan finished
16:25:46.0824 2388  ============================================================
16:25:46.0851 6132  Detected object count: 0
16:25:46.0851 6132  Actual detected object count: 0
16:26:49.0629 5724  Deinitialize success


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:06 AM

Posted 15 June 2013 - 09:38 AM

That is good.

 

  1. Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    You may download both x32 and x64 versions of Java from http://www.java.com/en/download/manual.jsp

    Uninstall the following older Java:

    Java™ 6 Update 30

    Then install the downloaded Java versions.
     
  2. This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar or any other program uncheck the box next to it.
    • Run CCleaner. Under Application tab all the boxes should be checked except any option to remove saved passwords.
    • Click Run Cleaner.
    • Close CCleaner.
  3. Please download AdwCleaner once more and try it again.


#11 Renaa

Renaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:06 AM

Posted 15 June 2013 - 10:10 AM

I installed the new Java versions.

 

I also downloaded ccleaner and cleaned. While cleaning Preventon gave me message that I am infected with the W32/ZAcc-BM.

 

AdwCleaner closed after I pressed Delete and Ok just as it did before.

 

Edit: It could Also have said W32/ZAcc-BA ,I'm not sure if it was A or M since the message disappeared  very quickly.


Edited by Renaa, 15 June 2013 - 10:13 AM.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:06 AM

Posted 15 June 2013 - 10:27 AM

No worries about that. There might have been some leftovers. We make sure everything is clean.
 
Just to let you know I will not be available for the coming 7 hours.

  1.  Open Chrome => Click on the three small lines at the right top of the page => Select Settings.
    Under Appearance make sure "Show Home button" option is checked.
    Click "Change" and remove or replace the current home page.
     
  2. Please run a fresh FRST scan and post the log it makes. This time it will only makes one log.

Edited by Farbar, 15 June 2013 - 10:30 AM.


#13 Renaa

Renaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:06 AM

Posted 15 June 2013 - 12:09 PM

I completed the first Task.

After that I tried opening FRST but this time it said that the Version is outdated and that I have to download the latest version. I clicked yes and downloaded the update but the message is coming again every time I open FRST. So the next time I clicked NO so I could make the scan. 

 

Here is the result:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Rena (administrator) on 15-06-2013 20:11:15
Running from C:\Users\Rena\Downloads\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Preventon Technologies Limited) C:\Program Files (x86)\Preventon Antivirus\AVAssistant.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Preventon Antivirus\AVScanningService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Wacom Technology, Corp.) C:\windows\system32\Wacom_Tablet.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
() C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Preventon Technologies Limited) C:\Program Files (x86)\Preventon Antivirus\AVTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-05] (Lenovo)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-05] (Lenovo(beijing) Limited)
HKCU\...\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [VoiceMaster]  [x]
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-11-05] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVTray] C:\Program Files (x86)\Preventon Antivirus\AVTray.exe [1270880 2013-04-18] (Preventon Technologies Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default
FF Homepage: hxxp://websearch.lookforithere.info/?pid=343&r=2013/05/15&hid=3385124161&lg=EN&cc=DE&unqvl=14
FF SelectedSearchEngine: WebSearch
FF Keyword.URL: hxxp://websearch.lookforithere.info/?pid=343&r=2013/05/15&hid=3385124161&lg=EN&cc=DE&unqvl=14&l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Vaudix - C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\Extensions\spsasaz@mx-.org
FF Extension: No Name - C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\Extensions\staged
FF Extension: Yahoo! Toolbar - C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
Chrome: 
=======
CHR HomePage: hxxp://websearch.lookforithere.info/?pid=343&r=2013/05/15&hid=3385124161&lg=EN&cc=DE&unqvl=14
CHR RestoreOnStartup: "urls_to_restore_on_startup": [
CHR Extension: () - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0
CHR Extension: (ProxMate - unblock the Internet!) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.1.5_0
CHR Extension: (chrometheme) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijbcbkfimhkfmjmidhgifobolpmnggc\1_0
CHR Extension: (ScrewAds - Block, Skip, Remove YouTube Ads) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc\2.1.5_0
CHR Extension: (Vaudix) - C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmonaofjodcclkddmppkcllnkefomha\1
 
==================== Services (Whitelisted) =================
 
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 TabletServiceWacom; C:\windows\system32\Wacom_Tablet.exe [6245744 2010-03-09] (Wacom Technology, Corp.)
R2 AV Assistant Service; C:/Program Files (x86)/Preventon Antivirus/AVAssistant.exe [x]
R2 AV Scanning Service; C:/Program Files (x86)/Preventon Antivirus/AVScanningService.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 a2injectiondriver; C:\Program Files (x86)\Preventon Antivirus\a2dix64.sys [48216 2012-09-13] (Emsi Software GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Preventon Antivirus\a2dix64.sys [48216 2012-09-13] (Emsi Software GmbH)
R1 a2util; C:\Program Files (x86)\Preventon Antivirus\a2util64.sys [14720 2012-09-13] (Emsi Software GmbH)
R1 a2util; C:\Program Files (x86)\Preventon Antivirus\a2util64.sys [14720 2012-09-13] (Emsi Software GmbH)
R3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2012-09-07] ()
S1 hxhrcall; C:\windows\system32\drivers\hxhrcall.sys [49872 2013-06-13] (Microsoft Corporation)
S3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [184960 2010-11-21] (Microsoft Corporation)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x]
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
Error(0) reading file: "C:\Windows\System32\ "
2013-06-15 17:06 - 2013-06-15 17:06 - 00000325 ____A C:\AdwCleaner[S3].txt
2013-06-15 17:01 - 2013-06-15 17:01 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-15 17:01 - 2013-06-15 17:01 - 00000000 ____D C:\Program Files\CCleaner
2013-06-15 16:59 - 2013-06-15 17:00 - 04378864 ____A (Piriform Ltd) C:\Users\Rena\Downloads\ccsetup402.exe
2013-06-15 16:56 - 2013-06-15 16:55 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-15 16:55 - 2013-06-15 16:55 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-15 16:55 - 2013-06-15 16:55 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-15 16:55 - 2013-06-15 16:55 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-15 16:55 - 2013-06-15 16:55 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-15 16:47 - 2013-06-15 16:49 - 31666592 ____A (Oracle Corporation) C:\Users\Rena\Downloads\jre-7u21-windows-i586.exe
2013-06-15 16:47 - 2013-06-15 16:47 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-15 16:47 - 2013-06-15 16:47 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-15 16:47 - 2013-06-15 16:47 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-15 16:47 - 2013-06-15 16:47 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-15 16:47 - 2013-06-15 16:47 - 00000000 ____D C:\Program Files\Java
2013-06-15 16:41 - 2013-06-15 16:43 - 33119648 ____A (Oracle Corporation) C:\Users\Rena\Downloads\jre-7u21-windows-x64.exe
2013-06-15 15:52 - 2013-06-15 15:52 - 00000325 ____A C:\AdwCleaner[S2].txt
2013-06-15 15:51 - 2013-06-15 15:51 - 00000325 ____A C:\AdwCleaner[S1].txt
2013-06-15 13:35 - 2013-06-15 15:10 - 00000000 ____D C:\FRST
2013-06-15 07:20 - 2013-06-15 07:20 - 00000000 __SHD C:\$$PendingFiles
2013-06-14 17:18 - 2013-06-14 17:18 - 00000000 ____D C:\ProgramData\Sophos
2013-06-14 17:18 - 2013-06-14 17:18 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-06-14 16:57 - 2013-06-14 16:57 - 00000034 ____A C:\Users\Rena\AppData\Roaming\mbam.context.scan
2013-06-13 22:56 - 2013-06-15 15:02 - 00009025 ____A C:\FaceProv.log
2013-06-13 22:46 - 2013-06-15 07:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-13 22:46 - 2013-06-13 22:46 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Malwarebytes
2013-06-13 22:46 - 2013-06-13 22:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-13 22:11 - 2013-06-13 22:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-13 20:30 - 2013-06-13 20:30 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hxhrcall.sys
2013-06-13 20:19 - 2013-06-13 20:19 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-13 19:30 - 2013-06-15 07:07 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-13 19:23 - 2013-06-13 19:23 - 00000000 ____D C:\ProgramData\ALM
2013-06-13 19:23 - 2007-02-20 16:04 - 02463976 ____A C:\Windows\SysWOW64\NPSWF32.dll
2013-06-13 19:23 - 2007-02-20 16:04 - 00190696 ____A (Adobe Systems, Inc.) C:\Windows\SysWOW64\NPSWF32_FlashUtil.exe
2013-06-13 19:20 - 2013-06-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-06-13 19:20 - 2013-06-13 19:20 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-13 19:11 - 2013-06-15 07:08 - 00000000 ____D C:\Windows\SysWOW64\syncdb
2013-06-13 01:31 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 01:31 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 01:31 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:31 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:31 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 01:31 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 01:31 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 01:31 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 01:31 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 01:31 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 01:31 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:31 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:31 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 01:31 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 01:31 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 01:31 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 01:31 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 01:31 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 01:31 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 01:31 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 01:31 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 01:31 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-13 01:31 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-13 01:31 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 01:31 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 01:31 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-13 01:31 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-13 01:31 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 01:31 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 01:31 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-13 01:31 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 01:31 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 22:16 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 22:16 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 22:16 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 22:16 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 22:16 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 22:16 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 22:16 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 22:16 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 22:16 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 22:16 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 22:16 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 22:16 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 22:16 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 22:16 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:16 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 22:16 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 22:16 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 22:16 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 22:16 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-26 09:36 - 2013-05-26 09:36 - 00000000 ____D C:\Users\Rena\AppData\Local\{08CB2B9A-0579-41D8-B1A8-3AED4F67192E}
2013-05-23 22:14 - 2013-05-23 22:14 - 00011031 ____A C:\Users\Rena\AppData\Local\recently-used.xbel
2013-05-22 17:23 - 2013-06-15 07:06 - 00000000 ____D C:\Program Files (x86)\TERA
2013-05-22 17:23 - 2013-05-22 17:23 - 00001662 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk
2013-05-22 17:20 - 2013-05-22 17:22 - 29232136 ____A (En Masse Entertainment) C:\Users\Rena\Downloads\TERA-Setup.exe
2013-05-21 20:18 - 2013-06-15 07:07 - 00000000 ____D C:\Users\Rena\AppData\Roaming\dvdcss
2013-05-21 17:24 - 2013-05-21 17:24 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Nero
2013-05-21 16:51 - 2013-05-21 16:51 - 00000000 ____D C:\Users\Rena\Documents\ConvertXtoDVD
2013-05-21 16:47 - 2013-06-15 17:04 - 00000000 ____D C:\ProgramData\VSO
2013-05-21 16:47 - 2013-06-13 21:28 - 00000055 ____A C:\Users\Rena\AppData\Roaming\pcouffin.log
2013-05-21 16:47 - 2013-05-21 16:47 - 00099384 ____A C:\Users\Rena\AppData\Roaming\inst.exe
2013-05-21 16:47 - 2013-05-21 16:47 - 00082816 ____A (VSO Software) C:\Users\Rena\AppData\Roaming\pcouffin.sys
2013-05-21 16:47 - 2013-05-21 16:47 - 00007859 ____A C:\Users\Rena\AppData\Roaming\pcouffin.cat
2013-05-21 13:50 - 2013-05-21 13:50 - 00000000 ____D C:\Users\Rena\AppData\Roaming\.spotflux
2013-05-21 13:49 - 2013-05-21 13:50 - 05233712 ____A C:\Users\Rena\Downloads\spotflux-latestPC.exe
2013-05-20 21:55 - 2013-05-20 21:55 - 00000000 ____D C:\Program Files (x86)\Haali
2013-05-20 21:55 - 2012-04-09 00:40 - 00079360 ____A C:\Windows\SysWOW64\ff_vfw.dll
2013-05-20 21:53 - 2013-06-15 07:06 - 00000000 ____D C:\Program Files (x86)\AVStoDVD
2013-05-20 21:53 - 2013-06-15 07:06 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-05-20 21:53 - 2013-05-20 21:53 - 00001017 ____A C:\Users\Rena\Desktop\AVStoDVD.lnk
2013-05-20 21:16 - 2013-05-20 21:16 - 00000000 ____D C:\Users\Rena\Documents\GFDOutDir
2013-05-20 21:15 - 2013-06-15 07:06 - 00000000 ____D C:\Program Files (x86)\GUI for dvdauthor
2013-05-20 20:50 - 2013-05-20 20:50 - 00002621 ____A C:\Users\Public\Desktop\Nero Burning ROM 12.lnk
2013-05-20 20:49 - 2013-05-20 20:53 - 00000000 ____D C:\ProgramData\Nero
2013-05-20 20:49 - 2013-05-20 20:51 - 00000000 ____D C:\Program Files (x86)\Nero
2013-05-20 20:42 - 2013-05-20 21:12 - 00000000 ____D C:\Program Files (x86)\DVD Flick
2013-05-20 20:42 - 2007-08-31 18:36 - 00036864 ____A (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
2013-05-20 20:42 - 2003-01-26 13:41 - 00040960 ____A (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
2013-05-20 20:10 - 2013-05-20 20:10 - 00000000 ____D C:\Users\Rena\.thumb
2013-05-20 16:22 - 2013-06-15 07:07 - 00000000 ____D C:\Users\Rena\AppData\Roaming\XMedia Recode
2013-05-20 16:22 - 2013-06-15 07:07 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
2013-05-20 16:00 - 2013-05-20 16:00 - 00000000 ____D C:\Users\Rena\AppData\Roaming\TERA
2013-05-16 17:15 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 17:15 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 17:15 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 17:15 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 17:15 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 17:15 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 17:15 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 17:15 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 17:15 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 17:15 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 17:15 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-16 17:14 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 17:14 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 17:14 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
 
==================== One Month Modified Files and Folders =======
 
2013-06-15 20:03 - 2013-02-21 18:33 - 00000000 ____D C:\Users\Rena\Downloads\Kreditkartenabrechnungen
2013-06-15 19:53 - 2012-06-19 21:19 - 00000000 ____D C:\Users\Rena\.gimp-2.8
2013-06-15 19:25 - 2011-11-05 20:33 - 00001198 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-15 18:50 - 2011-11-05 19:58 - 01360818 ____A C:\Windows\WindowsUpdate.log
2013-06-15 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-15 17:06 - 2013-06-15 17:06 - 00000325 ____A C:\AdwCleaner[S3].txt
2013-06-15 17:04 - 2013-05-21 16:47 - 00000000 ____D C:\ProgramData\VSO
2013-06-15 17:04 - 2012-06-18 21:21 - 00000000 ____D C:\Users\Rena\AppData\Roaming\uTorrent
2013-06-15 17:03 - 2012-10-24 17:36 - 00000000 ____D C:\Users\Rena\AppData\Local\CrashDumps
2013-06-15 17:03 - 2012-06-30 21:53 - 00000000 ____D C:\Windows\Minidump
2013-06-15 17:03 - 2011-02-22 13:19 - 00000000 ____D C:\Windows\Panther
2013-06-15 17:01 - 2013-06-15 17:01 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-15 17:01 - 2013-06-15 17:01 - 00000000 ____D C:\Program Files\CCleaner
2013-06-15 17:00 - 2013-06-15 16:59 - 04378864 ____A (Piriform Ltd) C:\Users\Rena\Downloads\ccsetup402.exe
2013-06-15 16:58 - 2012-11-30 16:24 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-15 16:58 - 2012-11-30 16:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-15 16:58 - 2012-06-18 22:43 - 00000000 ____D C:\Users\Rena\AppData\Local\Adobe
2013-06-15 16:55 - 2013-06-15 16:56 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-15 16:55 - 2013-06-15 16:55 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-15 16:55 - 2013-06-15 16:55 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-15 16:55 - 2013-06-15 16:55 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-15 16:55 - 2013-06-15 16:55 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-15 16:55 - 2012-06-18 22:55 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-15 16:55 - 2012-06-18 22:55 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-15 16:49 - 2013-06-15 16:47 - 31666592 ____A (Oracle Corporation) C:\Users\Rena\Downloads\jre-7u21-windows-i586.exe
2013-06-15 16:47 - 2013-06-15 16:47 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-15 16:47 - 2013-06-15 16:47 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-15 16:47 - 2013-06-15 16:47 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-15 16:47 - 2013-06-15 16:47 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-15 16:47 - 2013-06-15 16:47 - 00000000 ____D C:\Program Files\Java
2013-06-15 16:47 - 2012-06-18 23:18 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-15 16:47 - 2012-06-18 23:18 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-15 16:43 - 2013-06-15 16:41 - 33119648 ____A (Oracle Corporation) C:\Users\Rena\Downloads\jre-7u21-windows-x64.exe
2013-06-15 15:52 - 2013-06-15 15:52 - 00000325 ____A C:\AdwCleaner[S2].txt
2013-06-15 15:51 - 2013-06-15 15:51 - 00000325 ____A C:\AdwCleaner[S1].txt
2013-06-15 15:10 - 2013-06-15 13:35 - 00000000 ____D C:\FRST
2013-06-15 15:07 - 2013-05-15 18:31 - 00000000 ____D C:\Program Files (x86)\WebSearch
2013-06-15 15:06 - 2013-05-15 18:31 - 00000000 ____D C:\Program Files (x86)\VaudiX
2013-06-15 15:03 - 2009-07-14 07:13 - 00005156 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-15 15:02 - 2013-06-13 22:56 - 00009025 ____A C:\FaceProv.log
2013-06-15 15:02 - 2011-11-05 20:39 - 00000000 ____D C:\ProgramData\VeriFace
2013-06-15 13:06 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-15 13:06 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-15 13:00 - 2012-06-18 07:22 - 00000000 ____D C:\users\Rena
2013-06-15 13:00 - 2011-11-05 20:46 - 00839991 ____A C:\Windows\System32\fastboot.set
2013-06-15 13:00 - 2011-11-05 20:33 - 00001194 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-15 12:59 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-15 12:59 - 2009-07-14 06:45 - 02381728 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 07:20 - 2013-06-15 07:20 - 00000000 __SHD C:\$$PendingFiles
2013-06-15 07:09 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-15 07:09 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-06-15 07:09 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2013-06-15 07:09 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-06-15 07:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\TAPI
2013-06-15 07:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-06-15 07:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\ias
2013-06-15 07:08 - 2013-06-13 19:11 - 00000000 ____D C:\Windows\SysWOW64\syncdb
2013-06-15 07:08 - 2011-11-05 20:51 - 00000000 ____D C:\Windows\OKR70
2013-06-15 07:08 - 2011-11-05 20:19 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2013-06-15 07:08 - 2011-11-05 11:54 - 00000000 ___AD C:\Windows\sysprep32
2013-06-15 07:08 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-06-15 07:07 - 2013-06-13 19:30 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-15 07:07 - 2013-05-21 20:18 - 00000000 ____D C:\Users\Rena\AppData\Roaming\dvdcss
2013-06-15 07:07 - 2013-05-20 16:22 - 00000000 ____D C:\Users\Rena\AppData\Roaming\XMedia Recode
2013-06-15 07:07 - 2013-05-20 16:22 - 00000000 ____D C:\Program Files (x86)\XMedia Recode
2013-06-15 07:07 - 2013-03-15 18:41 - 00000000 ____D C:\Users\Rena\AppData\Local\MagicCamera
2013-06-15 07:07 - 2013-03-15 18:15 - 00000000 ____D C:\Program Files\VoiceMaster
2013-06-15 07:07 - 2013-03-14 22:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-15 07:07 - 2013-01-19 00:32 - 00000000 ____D C:\ProgramData\clp
2013-06-15 07:07 - 2013-01-13 21:54 - 00000000 ____D C:\Windows\FltMgr
2013-06-15 07:07 - 2012-12-09 16:23 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-15 07:07 - 2012-12-07 22:01 - 00000000 ____D C:\Users\Rena\AppData\Roaming\AVG2013
2013-06-15 07:07 - 2012-12-07 21:48 - 00000000 ____D C:\ProgramData\MFAData
2013-06-15 07:07 - 2012-12-01 12:25 - 00000000 ____D C:\Users\Rena\AppData\Local\TERA
2013-06-15 07:07 - 2012-11-30 16:21 - 00000000 ____D C:\ProgramData\HappyCloud
2013-06-15 07:07 - 2012-09-22 13:29 - 00000000 ____D C:\ProgramData\Energy Management
2013-06-15 07:07 - 2012-08-21 13:49 - 00000000 ____D C:\Users\Rena\AppData\Roaming\.minecraft
2013-06-15 07:07 - 2012-08-01 17:04 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-15 07:07 - 2012-06-19 18:51 - 00000000 ____D C:\Users\Rena\AppData\Roaming\vlc
2013-06-15 07:07 - 2012-06-19 13:01 - 00000000 ____D C:\ProgramData\Origin
2013-06-15 07:07 - 2012-06-18 23:54 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Audacity
2013-06-15 07:07 - 2012-06-18 22:20 - 00000000 ____D C:\Users\Rena\AppData\Roaming\DAEMON Tools Lite
2013-06-15 07:07 - 2012-06-18 22:18 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-06-15 07:07 - 2012-06-18 21:13 - 00000000 ____D C:\Users\Rena\AppData\Roaming\DAEMON Tools Pro
2013-06-15 07:07 - 2012-06-18 20:29 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Skype
2013-06-15 07:07 - 2011-11-05 20:45 - 00000000 ____D C:\Windows\en
2013-06-15 07:07 - 2011-11-05 20:45 - 00000000 ____D C:\ProgramData\OneKey Recovery
2013-06-15 07:07 - 2011-11-05 20:44 - 00000000 ____D C:\Windows\el
2013-06-15 07:06 - 2013-05-22 17:23 - 00000000 ____D C:\Program Files (x86)\TERA
2013-06-15 07:06 - 2013-05-20 21:53 - 00000000 ____D C:\Program Files (x86)\AVStoDVD
2013-06-15 07:06 - 2013-05-20 21:53 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-06-15 07:06 - 2013-05-20 21:15 - 00000000 ____D C:\Program Files (x86)\GUI for dvdauthor
2013-06-15 07:06 - 2013-04-18 21:50 - 00000000 ____D C:\Program Files (x86)\UTAU
2013-06-15 07:06 - 2013-03-30 22:26 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-06-15 07:06 - 2013-03-14 22:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-15 07:06 - 2013-02-16 18:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-15 07:06 - 2013-01-19 00:30 - 00000000 ____D C:\Program Files (x86)\Preventon Antivirus
2013-06-15 07:06 - 2012-08-08 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-15 07:06 - 2012-08-02 21:13 - 00000000 ____D C:\Fraps
2013-06-15 07:06 - 2012-06-23 19:56 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-15 07:06 - 2012-06-21 12:46 - 00000000 ____D C:\b492cda198e8fa9699cccdcc8d
2013-06-15 07:06 - 2012-06-20 13:20 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-06-15 07:06 - 2012-06-20 13:19 - 00000000 ____D C:\Program Files (x86)\Tablet
2013-06-15 07:06 - 2012-06-19 14:52 - 00000000 ____D C:\Program Files (x86)\PMDEditor_0063(SlimDX_Update)
2013-06-15 07:06 - 2012-06-19 14:06 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer
2013-06-15 07:06 - 2012-06-19 13:56 - 00000000 ____D C:\Program Files (x86)\Portal-Unleashed
2013-06-15 07:06 - 2012-06-18 23:53 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-06-15 07:06 - 2012-06-18 22:00 - 00000000 ____D C:\Program Files (x86)\Free RAR Extract Frog
2013-06-15 07:06 - 2012-06-18 21:24 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-06-15 07:06 - 2012-06-18 20:20 - 00000000 ____D C:\Program Files (x86)\Portable SAI
2013-06-15 07:06 - 2011-11-05 20:30 - 00000000 ____D C:\Program Files (x86)\BisonCam
2013-06-15 07:05 - 2013-06-13 22:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-15 07:04 - 2011-02-22 13:42 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-06-15 07:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-14 17:18 - 2013-06-14 17:18 - 00000000 ____D C:\ProgramData\Sophos
2013-06-14 17:18 - 2013-06-14 17:18 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-06-14 16:57 - 2013-06-14 16:57 - 00000034 ____A C:\Users\Rena\AppData\Roaming\mbam.context.scan
2013-06-13 22:46 - 2013-06-13 22:46 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Malwarebytes
2013-06-13 22:46 - 2013-06-13 22:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-13 22:11 - 2013-06-13 22:11 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-13 21:28 - 2013-05-21 16:47 - 00000055 ____A C:\Users\Rena\AppData\Roaming\pcouffin.log
2013-06-13 20:39 - 2012-06-18 22:26 - 00000000 ____D C:\ProgramData\Adobe
2013-06-13 20:39 - 2012-06-18 20:20 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Adobe
2013-06-13 20:30 - 2013-06-13 20:30 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hxhrcall.sys
2013-06-13 20:19 - 2013-06-13 20:19 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-13 20:13 - 2012-09-24 23:04 - 00000436 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-13 19:45 - 2012-06-18 07:23 - 00117616 ____A C:\Users\Rena\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-13 19:26 - 2012-06-18 22:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-13 19:23 - 2013-06-13 19:23 - 00000000 ____D C:\ProgramData\ALM
2013-06-13 19:20 - 2013-06-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-06-13 19:20 - 2013-06-13 19:20 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-13 18:38 - 2012-06-20 13:20 - 00000000 ____D C:\Users\Rena\AppData\Roaming\WTablet
2013-06-13 01:29 - 2012-09-20 22:12 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-06 22:28 - 2011-11-05 20:33 - 00002183 ____A C:\Users\Public\Desktop\Internet Browser.lnk
2013-05-26 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-26 09:36 - 2013-05-26 09:36 - 00000000 ____D C:\Users\Rena\AppData\Local\{08CB2B9A-0579-41D8-B1A8-3AED4F67192E}
2013-05-23 22:14 - 2013-05-23 22:14 - 00011031 ____A C:\Users\Rena\AppData\Local\recently-used.xbel
2013-05-22 21:00 - 2012-06-18 20:05 - 00000000 ____D C:\Users\Rena\Documents\Youcam
2013-05-22 17:23 - 2013-05-22 17:23 - 00001662 ____A C:\Users\Public\Desktop\TERA-Launcher.lnk
2013-05-22 17:22 - 2013-05-22 17:20 - 29232136 ____A (En Masse Entertainment) C:\Users\Rena\Downloads\TERA-Setup.exe
2013-05-21 17:24 - 2013-05-21 17:24 - 00000000 ____D C:\Users\Rena\AppData\Roaming\Nero
2013-05-21 16:51 - 2013-05-21 16:51 - 00000000 ____D C:\Users\Rena\Documents\ConvertXtoDVD
2013-05-21 16:47 - 2013-05-21 16:47 - 00099384 ____A C:\Users\Rena\AppData\Roaming\inst.exe
2013-05-21 16:47 - 2013-05-21 16:47 - 00082816 ____A (VSO Software) C:\Users\Rena\AppData\Roaming\pcouffin.sys
2013-05-21 16:47 - 2013-05-21 16:47 - 00007859 ____A C:\Users\Rena\AppData\Roaming\pcouffin.cat
2013-05-21 13:50 - 2013-05-21 13:50 - 00000000 ____D C:\Users\Rena\AppData\Roaming\.spotflux
2013-05-21 13:50 - 2013-05-21 13:49 - 05233712 ____A C:\Users\Rena\Downloads\spotflux-latestPC.exe
2013-05-20 21:55 - 2013-05-20 21:55 - 00000000 ____D C:\Program Files (x86)\Haali
2013-05-20 21:53 - 2013-05-20 21:53 - 00001017 ____A C:\Users\Rena\Desktop\AVStoDVD.lnk
2013-05-20 21:16 - 2013-05-20 21:16 - 00000000 ____D C:\Users\Rena\Documents\GFDOutDir
2013-05-20 21:12 - 2013-05-20 20:42 - 00000000 ____D C:\Program Files (x86)\DVD Flick
2013-05-20 20:53 - 2013-05-20 20:49 - 00000000 ____D C:\ProgramData\Nero
2013-05-20 20:51 - 2013-05-20 20:49 - 00000000 ____D C:\Program Files (x86)\Nero
2013-05-20 20:50 - 2013-05-20 20:50 - 00002621 ____A C:\Users\Public\Desktop\Nero Burning ROM 12.lnk
2013-05-20 20:10 - 2013-05-20 20:10 - 00000000 ____D C:\Users\Rena\.thumb
2013-05-20 16:18 - 2012-08-01 17:04 - 00000000 ____D C:\Users\Rena\AppData\Local\PMB Files
2013-05-20 16:00 - 2013-05-20 16:00 - 00000000 ____D C:\Users\Rena\AppData\Roaming\TERA
2013-05-20 15:51 - 2012-07-02 18:45 - 00000000 ____D C:\Program Files (x86)\NCSoft
2013-05-20 15:51 - 2011-11-05 20:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-20 15:44 - 2012-06-18 20:29 - 00000000 ____D C:\ProgramData\Skype
2013-05-17 06:05 - 2013-06-13 01:31 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 05:27 - 2013-06-13 01:31 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-17 05:09 - 2013-06-13 01:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 05:02 - 2013-06-13 01:31 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 05:02 - 2013-06-13 01:31 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 05:01 - 2013-06-13 01:31 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-17 05:00 - 2013-06-13 01:31 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-17 04:58 - 2013-06-13 01:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-17 04:56 - 2013-06-13 01:31 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-17 04:56 - 2013-06-13 01:31 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-17 04:55 - 2013-06-13 01:31 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 04:54 - 2013-06-13 01:31 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 04:53 - 2013-06-13 01:31 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 04:51 - 2013-06-13 01:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-17 04:51 - 2013-06-13 01:31 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-17 04:46 - 2013-06-13 01:31 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-17 01:08 - 2013-06-13 01:31 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-17 00:49 - 2013-06-13 01:31 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-17 00:39 - 2013-06-13 01:31 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-17 00:28 - 2013-06-13 01:31 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-17 00:28 - 2013-06-13 01:31 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-17 00:27 - 2013-06-13 01:31 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-17 00:26 - 2013-06-13 01:31 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-17 00:23 - 2013-06-13 01:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-17 00:21 - 2013-06-13 01:31 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-17 00:21 - 2013-06-13 01:31 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-17 00:20 - 2013-06-13 01:31 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-17 00:19 - 2013-06-13 01:31 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-17 00:17 - 2013-06-13 01:31 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-17 00:17 - 2013-06-13 01:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-17 00:16 - 2013-06-13 01:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-17 00:12 - 2013-06-13 01:31 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-06-15 17:45
 
==================== End Of Log ============================

Edited by Renaa, 15 June 2013 - 01:12 PM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:06 AM

Posted 15 June 2013 - 05:50 PM

The Chrome homepage is hijacked.

 

  1. Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warned you about the outdated version please download and run the updated version.
     
  2. Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

Attached Files



#15 Renaa

Renaa
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:06 AM

Posted 15 June 2013 - 06:04 PM

Okey since I couldn't update FRST I deleted it and downloaded it again. The updating message isn't appearing anymore.

 

Here is the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013 
Ran by Rena at 2013-06-16 00:59:31 Run:2
Running from C:\Users\Rena\Downloads\Desktop
Boot Mode: Normal
==============================================
 
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{687578b9-7132-4a7a-80e4-30ee31099e03} => Value deleted successfully.
HKCR\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03} => Key not found.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\3rvmdikx.default\Extensions\spsasaz@mx-.org => Moved successfully.
C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmonaofjodcclkddmppkcllnkefomha => Moved successfully.
C:\FRST\Quarantine => Deleted successfully.
==== End of Fixlog ====

 

and here the FSS.txt :

 

Farbar Service Scanner Version: 13-06-2013
Ran by Rena (administrator) on 16-06-2013 at 01:03:11
Running from "C:\Users\Rena\Downloads\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 22:16] - [2013-05-08 08:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 22:16] - [2013-05-13 07:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C
 
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users