Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix by mistake


  • This topic is locked This topic is locked
49 replies to this topic

#1 jobo1943

jobo1943

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 28 August 2013 - 12:37 PM

I ran ComboFIx and have various Win7 service access problems. I have access to the Internet but have lost services including:

  • Microsoft Security Center
  • All restore points
  • Sound
  • Personalized Desktop
  • Intel RST Service (IMPORTANT for me)

System is Win 7 Ultimate on a four core lynfield processor and a raid 10 setup running 4  enterprise level disks (working fine for over 3 years)

  • All current MS important updates are installed with no problems (no optional updates)
  • I run many of the recommended Bleeping Computer security scans on a regular basis.
  • I have the C:\comboFix.txt file as well as the registry backups in the quarantine folder.
  • I have Comodo firewall installed (Ver. 5.12.256249.2599)

I run the following security software at least weekly:

  • Malwarebytes
  • SuperAntiSpyware
  • Microsoft Security Essentials

I have also run the following security apps in the past few days:

  • TDSS
  • AdwCleaner
  • Rkill
  • TFC.exe
  • Mbar.exe (Malwarebytes rootkit beta)

I also had TrojanHunter Guard enabled when ComboFix ran.

 

This is the dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by jab at 9:44:22 on 2013-08-28
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Price Check by AOL: {D25B97E9-62B2-40CE-BECF-E43A7B879072} - C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe"
mRun: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\jab\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\jab\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001025-0002-0025-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0E0FEEEC-5CD5-4EFC-A431-BAE99CDCC4BD} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - LocalServer32 - <no file>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [combofix] C:\ComboFix\CF4800.3XE /c C:\ComboFix\Combobatch.bat
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jab\AppData\Roaming\Mozilla\Firefox\Profiles\d378qfb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - 
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: JSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-08-26 23:22:11 -------- d-----w- C:\$RECYCLE.BIN
2013-08-26 22:38:33 -------- d-----w- C:\AdwCleaner
2013-08-26 19:10:05 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{81976BB3-42AA-4423-8518-0FF68596DBB6}\mpengine.dll
2013-08-25 18:50:19 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-23 19:25:14 -------- d-----w- C:\Program Files\iPod
2013-08-23 19:25:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 19:25:13 -------- d-----w- C:\Program Files\iTunes
2013-08-23 19:25:13 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-22 19:03:57 -------- d-----w- C:\ProgramData\MindGems
2013-08-22 18:47:56 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E800EB2-33CA-40AB-9443-6EE5A5F2196B}\gapaengine.dll
2013-08-16 15:57:30 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-15 04:40:20 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-15 04:39:59 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-15 04:39:57 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-15 04:39:57 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-15 04:39:57 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-15 04:39:57 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-15 04:39:56 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-15 04:39:56 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-15 04:39:56 1111552 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-08-12 23:40:33 -------- d-----w- C:\Windows\System32\MRT
2013-08-03 17:51:25 -------- d-----w- C:\Program Files (x86)\Convert Pdf to Word
2013-07-31 21:16:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-31 21:16:44 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-15 17:53:46 33958 ----a-w- C:\ProgramData\uninstaller.exe
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-06 22:19:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-06 22:19:16 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-06 22:19:16 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-03 08:32:42 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-06-19 04:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 04:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-13 06:09:14 55496 ----a-w- C:\Windows\SysWow64\offreg.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-17 23:14:40 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH:  9:45:39.69 ===============
 

 

Thank you in advance.

 

Jobo1943

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:49 PM

Posted 02 September 2013 - 12:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505918 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 02 September 2013 - 08:33 PM

Thank you for following up. The attach.zip file is attached. My situation has not changed

 

This is the dds.txt file:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by jab at 18:01:56 on 2013-09-02
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Price Check by AOL: {D25B97E9-62B2-40CE-BECF-E43A7B879072} - C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe"
mRun: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\jab\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\jab\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001025-0002-0025-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0E0FEEEC-5CD5-4EFC-A431-BAE99CDCC4BD} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - LocalServer32 - <no file>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [combofix] C:\ComboFix\CF4800.3XE /c C:\ComboFix\Combobatch.bat
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jab\AppData\Roaming\Mozilla\Firefox\Profiles\d378qfb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - 
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: JSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-09-02 09:17:42 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F53EE733-BE4C-4A18-87D6-7B4EA630C025}\offreg.dll
2013-09-01 22:35:39 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F53EE733-BE4C-4A18-87D6-7B4EA630C025}\mpengine.dll
2013-08-26 23:22:11 -------- d-----w- C:\$RECYCLE.BIN
2013-08-26 22:38:33 -------- d-----w- C:\AdwCleaner
2013-08-26 19:10:05 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-23 19:25:14 -------- d-----w- C:\Program Files\iPod
2013-08-23 19:25:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 19:25:13 -------- d-----w- C:\Program Files\iTunes
2013-08-23 19:25:13 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-22 19:03:57 -------- d-----w- C:\ProgramData\MindGems
2013-08-22 18:47:56 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E800EB2-33CA-40AB-9443-6EE5A5F2196B}\gapaengine.dll
2013-08-16 15:57:30 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-15 04:40:20 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-15 04:39:59 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-15 04:39:57 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-15 04:39:57 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-15 04:39:57 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-15 04:39:57 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-15 04:39:56 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-15 04:39:56 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-15 04:39:56 1111552 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-08-12 23:40:33 -------- d-----w- C:\Windows\System32\MRT
.
==================== Find3M  ====================
.
2013-07-31 21:16:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-31 21:16:44 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-15 17:53:46 33958 ----a-w- C:\ProgramData\uninstaller.exe
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-06 22:19:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-06 22:19:16 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-06 22:19:16 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-03 08:32:42 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-06-19 04:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 04:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-13 06:09:14 55496 ----a-w- C:\Windows\SysWow64\offreg.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-17 23:14:40 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 18:02:15.78 ===============
 

 

Attached Files



#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 PM

Posted 07 September 2013 - 08:43 AM

Hello jobo1943, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center  of the topic you will see a button called Watch Topic. If you click on this, another page will open. Please choose Immediate Notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

I would like to see the Combofix.txt that you previously ran. It should be located @ C:\Combofix.txt, please copy and paste it into your next reply.

 

==========

 

Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

 

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========

Please download aswMBR ( 511KB ) from here: http://public.avast.com/~gmerek/aswMBR.exe to your desktop.

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Things I need to see in your next reply:

 

  • Combofix.txt
  • checkup.txt
  • aswMBR.txt

 

 

 


Best Regards,
oneof4.


#5 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 07 September 2013 - 07:44 PM

Hi oneof4,

 

I have copied the contents of the files you required below. The only problem was when I ran SecurityCheck.exe I first got a popup window with the following message:

X Line -1

Error Variable must be type "Object"

 

When I moved the scroll bar on the DOS window the program ran.

 

File contents for each file as follows:

 

combofix.txt

 

ComboFix 13-08-25.01 - jab 08/26/2013  16:13:33.3.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4094.2170 [GMT -7:00]
Running from: c:\users\jab\Desktop\SECURITY\SEC APPS\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\coontinuUetOsavee
c:\programdata\TEMP
c:\users\jab\AppData\Local\assembly\tmp
.
.
.
c:\windows\system32\sfcfiles.dll . . . is missing!!
.
c:\windows\system32\drivers\null.sys . . . is missing!!
.
c:\windows\system32\drivers\afd.sys . . . is missing!!
.
c:\windows\system32\drivers\ndis.sys . . . is missing!!
.
c:\windows\system32\drivers\ndisuio.sys . . . is missing!!
.
c:\windows\system32\drivers\netbios.sys . . . is missing!!
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
c:\windows\system32\drivers\tcpip.sys . . . is missing!!
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
c:\windows\system32\drivers\asyncmac.sys . . . is missing!!
.
c:\windows\system32\drivers\cdrom.sys . . . is missing!!
.
c:\windows\system32\drivers\Serial.sys . . . is missing!!
.
c:\windows\system32\drivers\ndproxy.sys . . . is missing!!
.
c:\windows\system32\drivers\ws2ifsl.sys . . . is missing!!
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
c:\windows\system32\drivers\psched.sys . . . is missing!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AudioSrv
-------\Service_MSiSCSI
-------\Service_Schedule
-------\Service_SessionEnv
-------\Service_Winmgmt
-------\Service_wuauserv
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-26 to 2013-08-26  )))))))))))))))))))))))))))))))
.
.
2013-08-26 22:38 . 2013-08-26 22:39 -------- d-----w- C:\AdwCleaner
2013-08-26 19:10 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81976BB3-42AA-4423-8518-0FF68596DBB6}\mpengine.dll
2013-08-25 18:50 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-23 19:25 . 2013-08-23 19:25 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 19:25 . 2013-08-23 19:25 -------- d-----w- c:\program files (x86)\iTunes
2013-08-22 19:03 . 2013-08-22 19:03 -------- d-----w- c:\programdata\MindGems
2013-08-22 18:47 . 2013-08-22 18:44 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E800EB2-33CA-40AB-9443-6EE5A5F2196B}\gapaengine.dll
2013-08-15 04:40 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 04:40 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 04:40 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 04:40 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 04:40 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 04:40 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 04:40 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 04:40 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 04:40 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 04:40 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-15 04:39 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 04:39 . 2013-06-15 04:35 1111552 ----a-w- c:\windows\system32\rdpcorets.dll
2013-08-15 04:39 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-12 23:40 . 2013-08-16 15:54 -------- d-----w- c:\windows\system32\MRT
2013-08-04 01:21 . 2013-08-22 18:56 -------- d-----r- c:\users\Public\WMA Files
2013-08-03 17:51 . 2013-08-03 17:58 -------- d-----w- c:\program files (x86)\Convert Pdf to Word
2013-07-29 20:50 . 2013-07-29 20:51 -------- d-----w- c:\users\Public\Pictures from i phone5_12
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-17 09:05 . 2011-04-09 18:47 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-15 22:38 . 2012-07-17 21:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-15 17:53 . 2013-07-15 17:53 33958 ----a-w- c:\programdata\uninstaller.exe
2013-07-09 04:45 . 2013-08-15 04:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-03 08:32 . 2013-07-03 08:32 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2013-06-19 04:50 . 2013-06-19 04:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 04:50 . 2010-10-25 04:25 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-05 03:34 . 2013-07-10 18:15 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 18:16 624128 ----a-w- c:\windows\system32\qedit.dll
2013-05-31 22:29 . 2013-06-03 15:01 5076038 ----a-w- c:\users\Public\ComboFix.exe
2013-05-17 23:14 . 2013-05-17 23:14 14880256 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2008-04-18 15:56 . 2013-08-17 19:06 118784 ----a-w- c:\program files (x86)\mozilla firefox\plugins\MyCamera.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
.
.
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\erdnt\cache86\mfc40u.dll
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] . . c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
.
[7] 2013-07-09 . DD5F17D44E9966E7EA447AE8C4D12D6C . 3968960 . . [6.1.7601.18205] . . c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2013-07-09 . DD5F17D44E9966E7EA447AE8C4D12D6C . 3968960 . . [6.1.7601.18205] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18205_none_6e437f48125c4b05\ntkrnlpa.exe
[7] 2013-07-08 . 16A6C242C9B4DCA5A0B0FB7A95A75D70 . 3973056 . . [6.1.7601.22379] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22379_none_6e856dc72baf13c2\ntkrnlpa.exe
[7] 2013-03-19 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113] . . c:\windows\erdnt\cache86\ntkrnlpa.exe
[7] 2013-03-19 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe
[7] 2013-03-19 . 3DFCBEEE97DF8BBAA749CAACFC9C43E1 . 3972440 . . [6.1.7601.22280] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe
[7] 2013-01-05 . 660100CB90F344040EF57F52FC0681C3 . 3967848 . . [6.1.7601.18044] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe
[7] 2013-01-05 . 8E43161944CE6E3A1F2B2618B992A8CE . 3971928 . . [6.1.7601.22210] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe
[7] 2012-08-30 . 7E1EC00B7D0D33A67DFC563574EEFF93 . 3968880 . . [6.1.7601.17944] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe
[7] 2012-08-30 . 770FEEA2823E463D68E170D7EA6FAEBA . 3972464 . . [6.1.7601.22103] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe
[7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe
[7] 2012-05-04 . AFF886D9D718D3747E5031816C0DA7D2 . 3971952 . . [6.1.7601.21987] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe
[7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[7] 2011-11-19 . 31C59B0CA08B1203E35D2BA19319279E . 3968368 . . [6.1.7601.17727] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe
[7] 2011-11-19 . 2EDA0DCCF5F00CDB91A9ECBE45CB0B3D . 3971440 . . [6.1.7601.21863] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe
[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[7] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe
[7] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe
[7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
.
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\erdnt\cache86\olepro32.dll
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
.
c:\windows\System32\drivers\atapi.sys ... is missing !!
c:\windows\System32\drivers\asyncmac.sys ... is missing !!
c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\drivers\kbdclass.sys ... is missing !!
c:\windows\System32\drivers\ndis.sys ... is missing !!
c:\windows\System32\drivers\ntfs.sys ... is missing !!
c:\windows\System32\drivers\null.sys ... is missing !!
c:\windows\System32\drivers\tcpip.sys ... is missing !!
c:\windows\System32\browser.dll ... is missing !!
c:\windows\System32\lsass.exe ... is missing !!
c:\windows\System32\netman.dll ... is missing !!
c:\windows\System32\qmgr.dll ... is missing !!
c:\windows\System32\rpcss.dll ... is missing !!
c:\windows\System32\services.exe ... is missing !!
c:\windows\System32\spoolsv.exe ... is missing !!
c:\windows\System32\winlogon.exe ... is missing !!
c:\windows\System32\wuauclt.exe ... is missing !!
c:\windows\System32\drivers\ipsec.sys ... is missing !!
c:\windows\System32\eventlog.dll ... is missing !!
c:\windows\System32\sfcfiles.dll ... is missing !!
c:\windows\System32\drivers\ipsec.sys ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
c:\windows\System32\schedsvc.dll ... is missing !!
c:\windows\System32\ssdpsrv.dll ... is missing !!
c:\windows\System32\termsrv.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-15 22:35 220632 ----a-w- c:\users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-15 22:35 220632 ----a-w- c:\users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-15 22:35 220632 ----a-w- c:\users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2012-01-04 08:58 442880 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2013-03-09 911024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"THGuard"="c:\program files (x86)\TrojanHunter 5.5\THGuard.exe" [2012-10-23 1086880]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2013-06-06 302961]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-11-26 267520]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2013-5-17 14880256]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2013-5-17 14880256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [x]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [x]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x]
R3 ALSysIO;ALSysIO;c:\users\jab\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [x]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [x]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [x]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x]
R3 cleanhlp;cleanhlp;c:\users\jab\Desktop\SECURITY\BLEEPINGCOMPUTER\EMSISOFT\RUN\cleanhlp64.sys [x]
R3 cpuz130;cpuz130; [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [x]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [x]
R3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [x]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [x]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [x]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [x]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [x]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [x]
R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [x]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [x]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys [x]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [x]
R3 PSVolAcc;PSVolAcc; [x]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [x]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [x]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [x]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [x]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [x]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [x]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [x]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [x]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [x]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [x]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [x]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [x]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [x]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [x]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [x]
R4 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [x]
R4 SysMain;Superfetch;c:\windows\system32\svchost.exe [x]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [x]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [x]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [x]
S0 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [x]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [x]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [x]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [x]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [x]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [x]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [x]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [x]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [x]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [x]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 CscService;Offline Files;c:\windows\System32\svchost.exe [x]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [x]
S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [x]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [x]
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [x]
S2 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [x]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [x]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [x]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [x]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [x]
S2 netprofm;Network List Service;c:\windows\System32\svchost.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [x]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [x]
S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [x]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [x]
S2 Power;Power;c:\windows\system32\svchost.exe [x]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [x]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [x]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [x]
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [x]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [x]
S3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [x]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [x]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [x]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [x]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [x]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [x]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [x]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [x]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [x]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [x]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [x]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [x]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\DRIVERS\umbus.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ   Power PlugPlay DcomLaunch
wcssvc REG_MULTI_SZ   WcsPlugInService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
AppMgmt
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
eventsystem
iprip
netman
wzcsvc
ip6fwhlp
WmdmPmSN
UxTuneUp
Appinfo
BDESVC
Browser
EapHost
hkmsvc
IKEEXT
MMCSS
ProfSvc
seclogon
Themes
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-07-14 01:14 278528 ----a-w- c:\windows\System32\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
2009-07-14 01:14 44544 ----a-w- c:\windows\SysWOW64\rundll32.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31 21:16]
.
2013-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2348748867-2008991914-1298228761-1001Core.job
- c:\users\jab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 17:52]
.
2013-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2348748867-2008991914-1298228761-1001UA.job
- c:\users\jab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 17:52]
.
2013-08-26 c:\windows\Tasks\Macrium_1156_Full xml.job
- c:\program files\Macrium\Reflect\reflect.exe [2011-10-31 09:47]
.
2013-08-24 c:\windows\Tasks\Macrium_1156_Incremental xml.job
- c:\program files\Macrium\Reflect\reflect.exe [2011-10-31 09:47]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\jab\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\jab\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\jab\AppData\Roaming\Mozilla\Firefox\Profiles\d378qfb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - 
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
.
------- File Associations -------
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-10377807.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-volmgr.sys
SafeBoot-volmgrx.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
HKLM_ActiveSetup-{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - c:\program files (x86)\Windows Mail\WinMail.exe OCInstallUserConfigOE
AddRemove-{0C86901B-026A-5F5D-D859-37929DDB52A7} - c:\progra~3\INSTAL~2\{BDDCD~1\Setup.exe
AddRemove-{1363132B-94DB-43AE-A145-DCF9C88031DD} - c:\progra~3\INSTAL~2\{13631~1\Setup.exe
AddRemove-{5C14E03C-DF8E-08AF-E7F4-E0E2F7AA45E4} - c:\progra~3\INSTAL~2\{61AFF~1\Setup.exe
AddRemove-{76FB3BD8-3338-4D0D-AFE6-7B1AAD18192E} - c:\progra~3\INSTAL~2\{76FB3~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 16:22
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1737369797, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1737301097, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2013-08-26  16:27:04 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-26 23:27
ComboFix2.txt  2013-04-24 17:07
.
Pre-Run: 1,847,544,795,136 bytes free
Post-Run: 1,847,102,410,752 bytes free
.
- - End Of File - - C5EEADC8EF738826AF6B9EC523B017FA
 

 

 

checkup.txt

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.7011)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (23.0.1) 
 Google Chrome 28.0.1500.95  
 Google Chrome 29.0.1547.57  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

 

 

 

aswMBR.txt

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-07 17:21:46
-----------------------------
17:21:46.454    OS Version: Windows x64 6.1.7601 Service Pack 1
17:21:46.454    Number of processors: 4 586 0x1E05
17:21:46.455    ComputerName: OFFICE1156  UserName: jab
17:21:47.819    Initialize success
17:22:44.232    AVAST engine defs: 13090701
17:22:52.504    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:22:52.507    Disk 0 Vendor: Intel___ 1.0. Size: 1907732MB BusType: 8
17:22:52.621    Disk 0 MBR read successfully
17:22:52.625    Disk 0 MBR scan
17:22:52.635    Disk 0 Windows VISTA default MBR code
17:22:52.646    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      1907729 MB offset 63
17:22:52.733    Disk 0 scanning C:\Windows\system32\drivers
17:23:08.932    Service scanning
17:23:41.937    Modules scanning
17:23:41.950    Disk 0 trace - called modules:
17:23:41.961    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
17:23:41.968    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a4f060]
17:23:41.974    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005824050]
17:23:43.441    AVAST engine scan C:\Windows
17:23:54.054    AVAST engine scan C:\Windows\system32
17:28:22.610    AVAST engine scan C:\Windows\system32\drivers
17:28:41.008    AVAST engine scan C:\Users\jab
17:34:03.516    Disk 0 MBR has been saved successfully to "C:\Users\jab\Desktop\MBR.dat"
17:34:03.521    The log file has been saved successfully to "C:\Users\jab\Desktop\aswMBR.txt"
 
 

Thank you for your help.

 

Jobo



#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 PM

Posted 08 September 2013 - 01:24 PM

Hey :)

 

Please perform the following:

  • Navigate to c:\users\jab\Desktop\SECURITY\SEC APPS\ComboFix.exe
  • Right-Click on ComboFix.exe and choose Delete.

Now, let's download a fresh copy and re-run the scan:

 

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

 


Best Regards,
oneof4.


#7 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 08 September 2013 - 11:48 PM

Hi,
 
Did as you said and new Combofix.txt is attached.
 
Best, jobo

Attached Files



#8 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 08 September 2013 - 11:53 PM

New Combofix.txt attached

 

Best regards,

 

Jobo



#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 PM

Posted 09 September 2013 - 06:11 AM

Okay, that looks better.  All those "missing" files seem to be no longer "missing."

 

BTW, please do not "attach" logs unless specifically asked, just copy and paste the log directly into the reply.  It makes for easier reading. :thumbup2:

 

Please perform this scan:

 

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

 


Best Regards,
oneof4.


#10 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 09 September 2013 - 11:57 AM

Hi there,

 

This is the TDSS text file after download and run from desktop:

 

09:54:27.0511 4000  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:54:27.0985 4000  ============================================================
09:54:27.0985 4000  Current date / time: 2013/09/09 09:54:27.0985
09:54:27.0985 4000  SystemInfo:
09:54:27.0985 4000  
09:54:27.0985 4000  OS Version: 6.1.7601 ServicePack: 1.0
09:54:27.0985 4000  Product type: Workstation
09:54:27.0985 4000  ComputerName: OFFICE1156
09:54:27.0986 4000  UserName: jab
09:54:27.0986 4000  Windows directory: C:\Windows
09:54:27.0986 4000  System windows directory: C:\Windows
09:54:27.0986 4000  Running under WOW64
09:54:27.0986 4000  Processor architecture: Intel x64
09:54:27.0986 4000  Number of processors: 4
09:54:27.0986 4000  Page size: 0x1000
09:54:27.0986 4000  Boot type: Normal boot
09:54:27.0986 4000  ============================================================
09:54:28.0419 4000  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1400000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:54:28.0426 4000  ============================================================
09:54:28.0426 4000  \Device\Harddisk0\DR0:
09:54:28.0426 4000  MBR partitions:
09:54:28.0426 4000  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E08AC1
09:54:28.0426 4000  ============================================================
09:54:28.0448 4000  C: <-> \Device\Harddisk0\DR0\Partition1
09:54:28.0449 4000  ============================================================
09:54:28.0449 4000  Initialize success
09:54:28.0449 4000  ============================================================
09:54:39.0351 1856  ============================================================
09:54:39.0351 1856  Scan started
09:54:39.0351 1856  Mode: Manual; 
09:54:39.0351 1856  ============================================================
09:54:39.0448 1856  ================ Scan system memory ========================
09:54:39.0448 1856  System memory - ok
09:54:39.0448 1856  ================ Scan services =============================
09:54:39.0562 1856  [ B7603B1B3A188C79DE7E087F11E324FB ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:54:39.0572 1856  !SASCORE - ok
09:54:39.0742 1856  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:54:39.0750 1856  1394ohci - ok
09:54:39.0799 1856  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:54:39.0807 1856  ACPI - ok
09:54:39.0833 1856  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:54:39.0834 1856  AcpiPmi - ok
09:54:39.0937 1856  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:54:39.0956 1856  AdobeARMservice - ok
09:54:40.0034 1856  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:54:40.0042 1856  AdobeFlashPlayerUpdateSvc - ok
09:54:40.0058 1856  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:54:40.0062 1856  adp94xx - ok
09:54:40.0079 1856  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:54:40.0082 1856  adpahci - ok
09:54:40.0089 1856  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:54:40.0091 1856  adpu320 - ok
09:54:40.0109 1856  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:54:40.0120 1856  AeLookupSvc - ok
09:54:40.0175 1856  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
09:54:40.0191 1856  AFD - ok
09:54:40.0200 1856  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:54:40.0202 1856  agp440 - ok
09:54:40.0227 1856  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
09:54:40.0229 1856  ALG - ok
09:54:40.0239 1856  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:54:40.0240 1856  aliide - ok
09:54:40.0370 1856  ALSysIO - ok
09:54:40.0402 1856  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:54:40.0403 1856  amdide - ok
09:54:40.0413 1856  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:54:40.0415 1856  AmdK8 - ok
09:54:40.0431 1856  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:54:40.0432 1856  AmdPPM - ok
09:54:40.0448 1856  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:54:40.0450 1856  amdsata - ok
09:54:40.0456 1856  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:54:40.0458 1856  amdsbs - ok
09:54:40.0495 1856  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:54:40.0496 1856  amdxata - ok
09:54:40.0573 1856  [ C4D2B444FF83CF348EC6589DE5D09386 ] APC UPS Service C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
09:54:40.0579 1856  APC UPS Service - ok
09:54:40.0602 1856  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
09:54:40.0613 1856  AppID - ok
09:54:40.0634 1856  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:54:40.0642 1856  AppIDSvc - ok
09:54:40.0666 1856  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
09:54:40.0676 1856  Appinfo - ok
09:54:40.0739 1856  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:54:40.0740 1856  Apple Mobile Device - ok
09:54:40.0788 1856  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:54:40.0795 1856  AppMgmt - ok
09:54:40.0801 1856  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:54:40.0803 1856  arc - ok
09:54:40.0811 1856  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:54:40.0812 1856  arcsas - ok
09:54:40.0900 1856  [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
09:54:40.0900 1856  AsIO - ok
09:54:40.0988 1856  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:54:41.0001 1856  aspnet_state - ok
09:54:41.0050 1856  [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
09:54:41.0050 1856  AsUpIO - ok
09:54:41.0079 1856  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:54:41.0080 1856  AsyncMac - ok
09:54:41.0109 1856  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
09:54:41.0109 1856  atapi - ok
09:54:41.0178 1856  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:54:41.0207 1856  AudioEndpointBuilder - ok
09:54:41.0237 1856  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:54:41.0254 1856  AxInstSV - ok
09:54:41.0273 1856  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
09:54:41.0278 1856  b06bdrv - ok
09:54:41.0305 1856  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:54:41.0308 1856  b57nd60a - ok
09:54:41.0339 1856  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:54:41.0352 1856  BDESVC - ok
09:54:41.0371 1856  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:54:41.0384 1856  Beep - ok
09:54:41.0475 1856  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
09:54:41.0487 1856  BFE - ok
09:54:41.0532 1856  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
09:54:41.0541 1856  BITS - ok
09:54:41.0562 1856  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:54:41.0577 1856  blbdrive - ok
09:54:41.0674 1856  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:54:41.0678 1856  Bonjour Service - ok
09:54:41.0724 1856  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:54:41.0752 1856  bowser - ok
09:54:41.0757 1856  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:54:41.0759 1856  BrFiltLo - ok
09:54:41.0763 1856  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:54:41.0764 1856  BrFiltUp - ok
09:54:41.0793 1856  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
09:54:41.0794 1856  BridgeMP - ok
09:54:41.0841 1856  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
09:54:41.0843 1856  Browser - ok
09:54:41.0851 1856  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:54:41.0854 1856  Brserid - ok
09:54:41.0859 1856  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:54:41.0860 1856  BrSerWdm - ok
09:54:41.0864 1856  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:54:41.0865 1856  BrUsbMdm - ok
09:54:41.0870 1856  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:54:41.0870 1856  BrUsbSer - ok
09:54:41.0875 1856  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:54:41.0876 1856  BTHMODEM - ok
09:54:41.0887 1856  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
09:54:41.0890 1856  bthserv - ok
09:54:41.0925 1856  catchme - ok
09:54:41.0939 1856  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:54:41.0955 1856  cdfs - ok
09:54:41.0988 1856  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
09:54:42.0003 1856  cdrom - ok
09:54:42.0041 1856  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:54:42.0063 1856  CertPropSvc - ok
09:54:42.0099 1856  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:54:42.0101 1856  circlass - ok
09:54:42.0326 1856  [ 3C6A8D415FF38AFEB03A6206213D9D96 ] cleanhlp        C:\Users\jab\Desktop\SECURITY\BLEEPINGCOMPUTER\EMSISOFT\RUN\cleanhlp64.sys
09:54:42.0344 1856  cleanhlp - ok
09:54:42.0378 1856  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
09:54:42.0382 1856  CLFS - ok
09:54:42.0425 1856  [ 4529CE2CC7C3E18D0B567D6A26C392D8 ] CLPSLauncher    C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
09:54:42.0427 1856  CLPSLauncher - ok
09:54:42.0485 1856  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:54:42.0497 1856  clr_optimization_v2.0.50727_32 - ok
09:54:42.0524 1856  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:54:42.0535 1856  clr_optimization_v2.0.50727_64 - ok
09:54:42.0628 1856  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:54:42.0630 1856  clr_optimization_v4.0.30319_32 - ok
09:54:42.0646 1856  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:54:42.0648 1856  clr_optimization_v4.0.30319_64 - ok
09:54:42.0689 1856  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:54:42.0690 1856  CmBatt - ok
09:54:42.0796 1856  [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
09:54:42.0811 1856  cmdAgent - ok
09:54:42.0853 1856  [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
09:54:42.0855 1856  cmdGuard - ok
09:54:42.0870 1856  [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
09:54:42.0870 1856  cmdHlp - ok
09:54:42.0880 1856  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:54:42.0881 1856  cmdide - ok
09:54:42.0935 1856  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
09:54:42.0945 1856  CNG - ok
09:54:42.0962 1856  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:54:42.0963 1856  Compbatt - ok
09:54:42.0989 1856  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:54:43.0001 1856  CompositeBus - ok
09:54:43.0014 1856  COMSysApp - ok
09:54:43.0033 1856  cpuz130 - ok
09:54:43.0071 1856  [ 8F5B84350BFC4FE3A65D921B4BD0E737 ] cpuz135         C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys
09:54:43.0079 1856  cpuz135 - ok
09:54:43.0097 1856  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:54:43.0103 1856  crcdisk - ok
09:54:43.0135 1856  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:54:43.0137 1856  CryptSvc - ok
09:54:43.0170 1856  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
09:54:43.0185 1856  CSC - ok
09:54:43.0214 1856  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
09:54:43.0221 1856  CscService - ok
09:54:43.0246 1856  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:54:43.0253 1856  DcomLaunch - ok
09:54:43.0287 1856  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
09:54:43.0299 1856  defragsvc - ok
09:54:43.0330 1856  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:54:43.0341 1856  DfsC - ok
09:54:43.0370 1856  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:54:43.0383 1856  Dhcp - ok
09:54:43.0395 1856  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
09:54:43.0396 1856  discache - ok
09:54:43.0401 1856  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:54:43.0403 1856  Disk - ok
09:54:43.0441 1856  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:54:43.0455 1856  Dnscache - ok
09:54:43.0494 1856  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:54:43.0502 1856  dot3svc - ok
09:54:43.0520 1856  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
09:54:43.0531 1856  DPS - ok
09:54:43.0572 1856  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:54:43.0582 1856  drmkaud - ok
09:54:43.0629 1856  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:54:43.0638 1856  DXGKrnl - ok
09:54:43.0653 1856  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
09:54:43.0664 1856  EapHost - ok
09:54:43.0737 1856  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
09:54:43.0772 1856  ebdrv - ok
09:54:43.0804 1856  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
09:54:43.0805 1856  EFS - ok
09:54:43.0826 1856  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:54:43.0842 1856  elxstor - ok
09:54:43.0849 1856  [ 12C061D9F9621BE916D58191872EC281 ] ENTECH64        C:\Windows\system32\DRIVERS\ENTECH64.sys
09:54:43.0862 1856  ENTECH64 - ok
09:54:43.0871 1856  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:54:43.0872 1856  ErrDev - ok
09:54:43.0918 1856  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
09:54:43.0923 1856  EventSystem - ok
09:54:43.0929 1856  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
09:54:43.0937 1856  exfat - ok
09:54:43.0963 1856  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:54:43.0971 1856  fastfat - ok
09:54:44.0001 1856  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
09:54:44.0014 1856  Fax - ok
09:54:44.0019 1856  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:54:44.0020 1856  fdc - ok
09:54:44.0034 1856  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:54:44.0035 1856  fdPHost - ok
09:54:44.0047 1856  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:54:44.0049 1856  FDResPub - ok
09:54:44.0063 1856  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:54:44.0072 1856  FileInfo - ok
09:54:44.0082 1856  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:54:44.0083 1856  Filetrace - ok
09:54:44.0092 1856  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:54:44.0093 1856  flpydisk - ok
09:54:44.0125 1856  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:54:44.0131 1856  FltMgr - ok
09:54:44.0185 1856  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
09:54:44.0202 1856  FontCache - ok
09:54:44.0249 1856  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:54:44.0261 1856  FontCache3.0.0.0 - ok
09:54:44.0267 1856  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:54:44.0268 1856  FsDepends - ok
09:54:44.0287 1856  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:54:44.0287 1856  Fs_Rec - ok
09:54:44.0320 1856  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:54:44.0328 1856  fvevol - ok
09:54:44.0333 1856  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:54:44.0334 1856  gagp30kx - ok
09:54:44.0386 1856  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:54:44.0387 1856  GEARAspiWDM - ok
09:54:44.0436 1856  [ AE63D0DB96C07CAE5DC4CDB2B2A719A0 ] GeekBuddyRSP    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
09:54:44.0454 1856  GeekBuddyRSP - ok
09:54:44.0483 1856  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
09:54:44.0489 1856  gpsvc - ok
09:54:44.0503 1856  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:54:44.0503 1856  hcw85cir - ok
09:54:44.0563 1856  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:54:44.0574 1856  HdAudAddService - ok
09:54:44.0593 1856  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:54:44.0601 1856  HDAudBus - ok
09:54:44.0606 1856  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:54:44.0606 1856  HidBatt - ok
09:54:44.0621 1856  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:54:44.0623 1856  HidBth - ok
09:54:44.0627 1856  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:54:44.0627 1856  HidIr - ok
09:54:44.0648 1856  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
09:54:44.0657 1856  hidserv - ok
09:54:44.0665 1856  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
09:54:44.0666 1856  HidUsb - ok
09:54:44.0690 1856  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:54:44.0700 1856  hkmsvc - ok
09:54:44.0739 1856  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:54:44.0756 1856  HomeGroupListener - ok
09:54:44.0787 1856  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:54:44.0795 1856  HomeGroupProvider - ok
09:54:44.0830 1856  HOSTS Anti-PUPs - ok
09:54:44.0846 1856  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:54:44.0847 1856  HpSAMD - ok
09:54:44.0885 1856  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:54:44.0899 1856  HTTP - ok
09:54:44.0915 1856  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:54:44.0916 1856  hwpolicy - ok
09:54:44.0954 1856  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:54:44.0964 1856  i8042prt - ok
09:54:45.0007 1856  [ 8180A2392E732E8871589B54FAB6991F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:54:45.0012 1856  iaStor - ok
09:54:45.0051 1856  [ 17125B7D2F56B4B35441561C780C2CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:54:45.0052 1856  IAStorDataMgrSvc - ok
09:54:45.0064 1856  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:54:45.0069 1856  iaStorV - ok
09:54:45.0115 1856  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:54:45.0134 1856  idsvc - ok
09:54:45.0139 1856  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:54:45.0141 1856  iirsp - ok
09:54:45.0192 1856  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
09:54:45.0207 1856  IKEEXT - ok
09:54:45.0235 1856  [ C4E67D3037DC79E39D7136581A947F50 ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
09:54:45.0237 1856  inspect - ok
09:54:45.0246 1856  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
09:54:45.0247 1856  intelide - ok
09:54:45.0272 1856  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:54:45.0273 1856  intelppm - ok
09:54:45.0307 1856  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:54:45.0321 1856  IPBusEnum - ok
09:54:45.0350 1856  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:54:45.0360 1856  IpFilterDriver - ok
09:54:45.0398 1856  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:54:45.0413 1856  iphlpsvc - ok
09:54:45.0429 1856  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:54:45.0430 1856  IPMIDRV - ok
09:54:45.0449 1856  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:54:45.0450 1856  IPNAT - ok
09:54:45.0511 1856  [ 78486992AC657AE5065C4A2135838570 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:54:45.0525 1856  iPod Service - ok
09:54:45.0539 1856  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:54:45.0549 1856  IRENUM - ok
09:54:45.0567 1856  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:54:45.0568 1856  isapnp - ok
09:54:45.0608 1856  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:54:45.0616 1856  iScsiPrt - ok
09:54:45.0645 1856  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
09:54:45.0646 1856  kbdclass - ok
09:54:45.0650 1856  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:54:45.0651 1856  kbdhid - ok
09:54:45.0666 1856  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
09:54:45.0668 1856  KeyIso - ok
09:54:45.0691 1856  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:54:45.0700 1856  KSecDD - ok
09:54:45.0706 1856  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:54:45.0709 1856  KSecPkg - ok
09:54:45.0720 1856  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:54:45.0721 1856  ksthunk - ok
09:54:45.0749 1856  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:54:45.0757 1856  KtmRm - ok
09:54:45.0806 1856  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:54:45.0817 1856  LanmanServer - ok
09:54:45.0847 1856  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:54:45.0864 1856  LanmanWorkstation - ok
09:54:45.0898 1856  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:54:45.0899 1856  lltdio - ok
09:54:45.0934 1856  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:54:45.0947 1856  lltdsvc - ok
09:54:45.0962 1856  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:54:45.0964 1856  lmhosts - ok
09:54:45.0971 1856  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:54:45.0973 1856  LSI_FC - ok
09:54:45.0989 1856  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:54:45.0991 1856  LSI_SAS - ok
09:54:45.0996 1856  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:54:45.0997 1856  LSI_SAS2 - ok
09:54:46.0003 1856  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:54:46.0005 1856  LSI_SCSI - ok
09:54:46.0021 1856  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:54:46.0023 1856  luafv - ok
09:54:46.0027 1856  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:54:46.0028 1856  megasas - ok
09:54:46.0037 1856  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:54:46.0040 1856  MegaSR - ok
09:54:46.0074 1856  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
09:54:46.0085 1856  MMCSS - ok
09:54:46.0090 1856  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
09:54:46.0091 1856  Modem - ok
09:54:46.0142 1856  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:54:46.0143 1856  monitor - ok
09:54:46.0167 1856  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
09:54:46.0168 1856  mouclass - ok
09:54:46.0180 1856  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:54:46.0182 1856  mouhid - ok
09:54:46.0217 1856  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:54:46.0226 1856  mountmgr - ok
09:54:46.0294 1856  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:54:46.0296 1856  MozillaMaintenance - ok
09:54:46.0348 1856  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:54:46.0352 1856  MpFilter - ok
09:54:46.0374 1856  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:54:46.0382 1856  mpio - ok
09:54:46.0402 1856  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:54:46.0412 1856  mpsdrv - ok
09:54:46.0436 1856  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:54:46.0444 1856  MpsSvc - ok
09:54:46.0452 1856  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:54:46.0454 1856  MRxDAV - ok
09:54:46.0485 1856  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:54:46.0493 1856  mrxsmb - ok
09:54:46.0524 1856  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:54:46.0528 1856  mrxsmb10 - ok
09:54:46.0542 1856  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:54:46.0544 1856  mrxsmb20 - ok
09:54:46.0559 1856  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:54:46.0560 1856  msahci - ok
09:54:46.0572 1856  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:54:46.0574 1856  msdsm - ok
09:54:46.0591 1856  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
09:54:46.0601 1856  MSDTC - ok
09:54:46.0620 1856  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:54:46.0632 1856  Msfs - ok
09:54:46.0642 1856  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:54:46.0652 1856  mshidkmdf - ok
09:54:46.0664 1856  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:54:46.0665 1856  msisadrv - ok
09:54:46.0669 1856  msiserver - ok
09:54:46.0692 1856  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:54:46.0700 1856  MSKSSRV - ok
09:54:46.0765 1856  [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:54:46.0766 1856  MsMpSvc - ok
09:54:46.0778 1856  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:54:46.0779 1856  MSPCLOCK - ok
09:54:46.0786 1856  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:54:46.0787 1856  MSPQM - ok
09:54:46.0815 1856  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:54:46.0823 1856  MsRPC - ok
09:54:46.0847 1856  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:54:46.0847 1856  mssmbios - ok
09:54:46.0864 1856  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:54:46.0865 1856  MSTEE - ok
09:54:46.0880 1856  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:54:46.0881 1856  MTConfig - ok
09:54:46.0907 1856  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
09:54:46.0907 1856  MTsensor - ok
09:54:46.0924 1856  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:54:46.0925 1856  Mup - ok
09:54:46.0942 1856  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
09:54:46.0949 1856  napagent - ok
09:54:46.0993 1856  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:54:47.0001 1856  NativeWifiP - ok
09:54:47.0056 1856  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:54:47.0065 1856  NDIS - ok
09:54:47.0088 1856  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:54:47.0101 1856  NdisCap - ok
09:54:47.0106 1856  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:54:47.0107 1856  NdisTapi - ok
09:54:47.0133 1856  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:54:47.0135 1856  Ndisuio - ok
09:54:47.0166 1856  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:54:47.0179 1856  NdisWan - ok
09:54:47.0211 1856  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:54:47.0223 1856  NDProxy - ok
09:54:47.0237 1856  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:54:47.0239 1856  NetBIOS - ok
09:54:47.0261 1856  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:54:47.0270 1856  NetBT - ok
09:54:47.0285 1856  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
09:54:47.0287 1856  Netlogon - ok
09:54:47.0342 1856  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
09:54:47.0347 1856  Netman - ok
09:54:47.0385 1856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:47.0403 1856  NetMsmqActivator - ok
09:54:47.0408 1856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:47.0410 1856  NetPipeActivator - ok
09:54:47.0428 1856  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
09:54:47.0434 1856  netprofm - ok
09:54:47.0471 1856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:47.0473 1856  NetTcpActivator - ok
09:54:47.0477 1856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:47.0479 1856  NetTcpPortSharing - ok
09:54:47.0488 1856  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:54:47.0489 1856  nfrd960 - ok
09:54:47.0516 1856  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:54:47.0518 1856  NisDrv - ok
09:54:47.0581 1856  [ 869A808253726EA11939EC4FE76346A4 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
09:54:47.0589 1856  NisSrv - ok
09:54:47.0627 1856  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:54:47.0635 1856  NlaSvc - ok
09:54:47.0640 1856  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:54:47.0641 1856  Npfs - ok
09:54:47.0653 1856  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
09:54:47.0655 1856  nsi - ok
09:54:47.0660 1856  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:54:47.0660 1856  nsiproxy - ok
09:54:47.0709 1856  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:54:47.0724 1856  Ntfs - ok
09:54:47.0737 1856  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
09:54:47.0738 1856  Null - ok
09:54:47.0765 1856  [ F5BC2345E8C89D4E90FAFD23A2239935 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
09:54:47.0775 1856  nusb3hub - ok
09:54:47.0804 1856  [ 5D42578241BC2A9B4A64837077436D5F ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
09:54:47.0817 1856  nusb3xhc - ok
09:54:47.0846 1856  [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
09:54:47.0848 1856  NVHDA - ok
09:54:48.0012 1856  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:54:48.0052 1856  nvlddmkm - ok
09:54:48.0075 1856  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:54:48.0084 1856  nvraid - ok
09:54:48.0104 1856  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:54:48.0107 1856  nvstor - ok
09:54:48.0169 1856  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:54:48.0178 1856  nvsvc - ok
09:54:48.0270 1856  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:54:48.0302 1856  nvUpdatusService - ok
09:54:48.0326 1856  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:54:48.0346 1856  nv_agp - ok
09:54:48.0367 1856  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:54:48.0369 1856  ohci1394 - ok
09:54:48.0433 1856  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:54:48.0441 1856  ose64 - ok
09:54:48.0536 1856  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:54:48.0577 1856  osppsvc - ok
09:54:48.0607 1856  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:54:48.0610 1856  p2pimsvc - ok
09:54:48.0656 1856  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:54:48.0662 1856  p2psvc - ok
09:54:48.0671 1856  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:54:48.0673 1856  Parport - ok
09:54:48.0691 1856  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:54:48.0698 1856  partmgr - ok
09:54:48.0713 1856  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:54:48.0716 1856  PcaSvc - ok
09:54:48.0740 1856  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
09:54:48.0750 1856  pci - ok
09:54:48.0761 1856  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
09:54:48.0761 1856  pciide - ok
09:54:48.0767 1856  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:54:48.0769 1856  pcmcia - ok
09:54:48.0779 1856  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:54:48.0780 1856  pcw - ok
09:54:48.0799 1856  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:54:48.0803 1856  PEAUTH - ok
09:54:48.0857 1856  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:54:48.0885 1856  PeerDistSvc - ok
09:54:48.0964 1856  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:54:48.0974 1856  PerfHost - ok
09:54:49.0028 1856  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
09:54:49.0047 1856  pla - ok
09:54:49.0099 1856  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:54:49.0106 1856  PlugPlay - ok
09:54:49.0116 1856  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:54:49.0119 1856  PNRPAutoReg - ok
09:54:49.0126 1856  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:54:49.0130 1856  PNRPsvc - ok
09:54:49.0160 1856  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:54:49.0167 1856  PolicyAgent - ok
09:54:49.0193 1856  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
09:54:49.0208 1856  Power - ok
09:54:49.0231 1856  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:54:49.0241 1856  PptpMiniport - ok
09:54:49.0258 1856  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:54:49.0260 1856  Processor - ok
09:54:49.0296 1856  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
09:54:49.0304 1856  ProfSvc - ok
09:54:49.0316 1856  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:54:49.0317 1856  ProtectedStorage - ok
09:54:49.0350 1856  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:54:49.0360 1856  Psched - ok
09:54:49.0408 1856  [ DD3FD48D69F5FBBB21D46D1514C1C2DB ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
09:54:49.0408 1856  PSI - ok
09:54:49.0484 1856  [ 7A25F37C8F3E7D3D86758CB4A44DF1DF ] PSMounter       C:\Windows\system32\drivers\psmounter.sys
09:54:49.0494 1856  PSMounter - ok
09:54:49.0546 1856  [ 69A5D755C182B1C39B4CBBFFDFEF9634 ] PSVolAcc        C:\Windows\system32\drivers\PSVolAcc.sys
09:54:49.0548 1856  PSVolAcc - ok
09:54:49.0576 1856  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:54:49.0587 1856  ql2300 - ok
09:54:49.0592 1856  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:54:49.0594 1856  ql40xx - ok
09:54:49.0621 1856  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
09:54:49.0629 1856  QWAVE - ok
09:54:49.0640 1856  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:54:49.0641 1856  QWAVEdrv - ok
09:54:49.0656 1856  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:54:49.0665 1856  RasAcd - ok
09:54:49.0685 1856  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:54:49.0695 1856  RasAgileVpn - ok
09:54:49.0700 1856  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
09:54:49.0703 1856  RasAuto - ok
09:54:49.0750 1856  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:54:49.0761 1856  Rasl2tp - ok
09:54:49.0811 1856  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
09:54:49.0822 1856  RasMan - ok
09:54:49.0829 1856  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:54:49.0838 1856  RasPppoe - ok
09:54:49.0844 1856  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:54:49.0845 1856  RasSstp - ok
09:54:49.0871 1856  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:54:49.0879 1856  rdbss - ok
09:54:49.0883 1856  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:54:49.0883 1856  rdpbus - ok
09:54:49.0893 1856  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:54:49.0893 1856  RDPCDD - ok
09:54:49.0932 1856  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:54:49.0940 1856  RDPDR - ok
09:54:49.0953 1856  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:54:49.0954 1856  RDPENCDD - ok
09:54:49.0963 1856  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:54:49.0964 1856  RDPREFMP - ok
09:54:50.0030 1856  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:54:50.0031 1856  RdpVideoMiniport - ok
09:54:50.0069 1856  [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:54:50.0082 1856  RDPWD - ok
09:54:50.0115 1856  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:54:50.0123 1856  rdyboost - ok
09:54:50.0190 1856  [ BC1184233839AD2F1C4C741CD95B1617 ] ReflectService  C:\Program Files\Macrium\Reflect\ReflectService.exe
09:54:50.0201 1856  ReflectService - ok
09:54:50.0217 1856  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:54:50.0230 1856  RemoteAccess - ok
09:54:50.0269 1856  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:54:50.0273 1856  RemoteRegistry - ok
09:54:50.0297 1856  RimUsb - ok
09:54:50.0325 1856  [ 0DE22421179D5A8440B68517DDF2B051 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:54:50.0336 1856  RimVSerPort - ok
09:54:50.0364 1856  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
09:54:50.0375 1856  ROOTMODEM - ok
09:54:50.0382 1856  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:54:50.0390 1856  RpcEptMapper - ok
09:54:50.0412 1856  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
09:54:50.0421 1856  RpcLocator - ok
09:54:50.0460 1856  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
09:54:50.0467 1856  RpcSs - ok
09:54:50.0489 1856  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:54:50.0490 1856  rspndr - ok
09:54:50.0548 1856  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
09:54:50.0554 1856  RTL8167 - ok
09:54:50.0583 1856  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:54:50.0591 1856  s3cap - ok
09:54:50.0597 1856  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
09:54:50.0599 1856  SamSs - ok
09:54:50.0692 1856  [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x64\Sandra.sys
09:54:50.0703 1856  SANDRA - ok
09:54:50.0749 1856  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:54:50.0749 1856  SASDIFSV - ok
09:54:50.0771 1856  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:54:50.0771 1856  SASKUTIL - ok
09:54:50.0794 1856  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:54:50.0804 1856  sbp2port - ok
09:54:50.0824 1856  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:54:50.0828 1856  SCardSvr - ok
09:54:50.0852 1856  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:54:50.0861 1856  scfilter - ok
09:54:50.0903 1856  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:54:50.0904 1856  SCPolicySvc - ok
09:54:50.0943 1856  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:54:50.0958 1856  SDRSVC - ok
09:54:50.0973 1856  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:54:50.0974 1856  secdrv - ok
09:54:50.0992 1856  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
09:54:50.0995 1856  seclogon - ok
09:54:51.0089 1856  [ 05E383849FA1FBBBC160612B0080618C ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
09:54:51.0109 1856  Secunia PSI Agent - ok
09:54:51.0137 1856  [ F8173F1454F21C451439CB47EF75830A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
09:54:51.0144 1856  Secunia Update Agent - ok
09:54:51.0163 1856  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
09:54:51.0165 1856  SENS - ok
09:54:51.0169 1856  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:54:51.0177 1856  SensrSvc - ok
09:54:51.0186 1856  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:54:51.0187 1856  Serenum - ok
09:54:51.0209 1856  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:54:51.0210 1856  Serial - ok
09:54:51.0231 1856  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:54:51.0232 1856  sermouse - ok
09:54:51.0244 1856  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:54:51.0244 1856  sffdisk - ok
09:54:51.0254 1856  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:54:51.0254 1856  sffp_mmc - ok
09:54:51.0258 1856  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:54:51.0259 1856  sffp_sd - ok
09:54:51.0263 1856  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:54:51.0264 1856  sfloppy - ok
09:54:51.0320 1856  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:54:51.0332 1856  SharedAccess - ok
09:54:51.0383 1856  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:54:51.0388 1856  ShellHWDetection - ok
09:54:51.0395 1856  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:54:51.0397 1856  SiSRaid2 - ok
09:54:51.0404 1856  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:54:51.0405 1856  SiSRaid4 - ok
09:54:51.0469 1856  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:54:51.0481 1856  SkypeUpdate - ok
09:54:51.0502 1856  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:54:51.0514 1856  Smb - ok
09:54:51.0550 1856  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:54:51.0553 1856  SNMPTRAP - ok
09:54:51.0588 1856  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
09:54:51.0591 1856  speedfan - ok
09:54:51.0597 1856  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:54:51.0598 1856  spldr - ok
09:54:51.0626 1856  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
09:54:51.0633 1856  Spooler - ok
09:54:51.0703 1856  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
09:54:51.0733 1856  sppsvc - ok
09:54:51.0743 1856  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:54:51.0745 1856  sppuinotify - ok
09:54:51.0787 1856  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:54:51.0792 1856  srv - ok
09:54:51.0822 1856  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:54:51.0827 1856  srv2 - ok
09:54:51.0861 1856  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:54:51.0870 1856  srvnet - ok
09:54:51.0903 1856  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:54:51.0907 1856  SSDPSRV - ok
09:54:51.0921 1856  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:54:51.0933 1856  SstpSvc - ok
09:54:52.0032 1856  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:54:52.0040 1856  Stereo Service - ok
09:54:52.0054 1856  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:54:52.0056 1856  stexstor - ok
09:54:52.0074 1856  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
09:54:52.0074 1856  StillCam - ok
09:54:52.0126 1856  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
09:54:52.0139 1856  stisvc - ok
09:54:52.0188 1856  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
09:54:52.0189 1856  storflt - ok
09:54:52.0239 1856  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:54:52.0251 1856  storvsc - ok
09:54:52.0300 1856  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:54:52.0301 1856  swenum - ok
09:54:52.0324 1856  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
09:54:52.0332 1856  swprv - ok
09:54:52.0338 1856  Synth3dVsc - ok
09:54:52.0399 1856  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
09:54:52.0438 1856  SysMain - ok
09:54:52.0466 1856  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:54:52.0477 1856  TabletInputService - ok
09:54:52.0515 1856  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:54:52.0520 1856  TapiSrv - ok
09:54:52.0547 1856  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
09:54:52.0550 1856  TBS - ok
09:54:52.0617 1856  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:54:52.0632 1856  Tcpip - ok
09:54:52.0657 1856  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:54:52.0664 1856  TCPIP6 - ok
09:54:52.0686 1856  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:54:52.0696 1856  tcpipreg - ok
09:54:52.0722 1856  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:54:52.0732 1856  TDPIPE - ok
09:54:52.0749 1856  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:54:52.0755 1856  TDTCP - ok
09:54:52.0793 1856  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:54:52.0795 1856  tdx - ok
09:54:52.0817 1856  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:54:52.0818 1856  TermDD - ok
09:54:52.0862 1856  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
09:54:52.0871 1856  TermService - ok
09:54:52.0888 1856  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
09:54:52.0890 1856  Themes - ok
09:54:52.0914 1856  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
09:54:52.0916 1856  THREADORDER - ok
09:54:52.0928 1856  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
09:54:52.0931 1856  TrkWks - ok
09:54:52.0962 1856  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:54:52.0964 1856  TrustedInstaller - ok
09:54:52.0992 1856  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:54:52.0992 1856  tssecsrv - ok
09:54:53.0008 1856  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:54:53.0020 1856  TsUsbFlt - ok
09:54:53.0026 1856  tsusbhub - ok
09:54:53.0062 1856  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:54:53.0074 1856  tunnel - ok
09:54:53.0081 1856  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:54:53.0088 1856  uagp35 - ok
09:54:53.0131 1856  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:54:53.0143 1856  udfs - ok
09:54:53.0170 1856  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:54:53.0178 1856  UI0Detect - ok
09:54:53.0215 1856  [ 34859D3801F4BD3DACFA131DD928455A ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
09:54:53.0216 1856  UimBus - ok
09:54:53.0246 1856  [ D3CE4776E7FFB25E6935B1C797F4650C ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
09:54:53.0251 1856  Uim_IM - ok
09:54:53.0271 1856  [ 532E4BED5C7803B2EE5681818B2528B7 ] Uim_VIM         C:\Windows\system32\Drivers\uim_vimx64.sys
09:54:53.0275 1856  Uim_VIM - ok
09:54:53.0298 1856  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:54:53.0300 1856  uliagpkx - ok
09:54:53.0334 1856  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:54:53.0345 1856  umbus - ok
09:54:53.0367 1856  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:54:53.0368 1856  UmPass - ok
09:54:53.0402 1856  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
09:54:53.0411 1856  UmRdpService - ok
09:54:53.0442 1856  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
09:54:53.0448 1856  upnphost - ok
09:54:53.0469 1856  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
09:54:53.0477 1856  USBAAPL64 - ok
09:54:53.0508 1856  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:54:53.0517 1856  usbaudio - ok
09:54:53.0531 1856  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:54:53.0534 1856  usbccgp - ok
09:54:53.0554 1856  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:54:53.0556 1856  usbcir - ok
09:54:53.0583 1856  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:54:53.0593 1856  usbehci - ok
09:54:53.0623 1856  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:54:53.0626 1856  usbhub - ok
09:54:53.0643 1856  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:54:53.0645 1856  usbohci - ok
09:54:53.0665 1856  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:54:53.0673 1856  usbprint - ok
09:54:53.0707 1856  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:54:53.0715 1856  USBSTOR - ok
09:54:53.0721 1856  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:54:53.0722 1856  usbuhci - ok
09:54:53.0734 1856  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
09:54:53.0738 1856  UxSms - ok
09:54:53.0753 1856  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
09:54:53.0754 1856  VaultSvc - ok
09:54:53.0771 1856  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:54:53.0772 1856  vdrvroot - ok
09:54:53.0812 1856  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
09:54:53.0826 1856  vds - ok
09:54:53.0837 1856  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:54:53.0839 1856  vga - ok
09:54:53.0852 1856  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:54:53.0860 1856  VgaSave - ok
09:54:53.0866 1856  VGPU - ok
09:54:53.0893 1856  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:54:53.0896 1856  vhdmp - ok
09:54:53.0911 1856  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:54:53.0912 1856  viaide - ok
09:54:53.0921 1856  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
09:54:53.0923 1856  vmbus - ok
09:54:53.0930 1856  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:54:53.0931 1856  VMBusHID - ok
09:54:53.0943 1856  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:54:53.0945 1856  volmgr - ok
09:54:53.0983 1856  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:54:53.0992 1856  volmgrx - ok
09:54:54.0008 1856  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:54:54.0011 1856  volsnap - ok
09:54:54.0034 1856  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
09:54:54.0035 1856  vpcbus - ok
09:54:54.0075 1856  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
09:54:54.0082 1856  vpcnfltr - ok
09:54:54.0105 1856  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
09:54:54.0107 1856  vpcusb - ok
09:54:54.0148 1856  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
09:54:54.0152 1856  vpcvmm - ok
09:54:54.0180 1856  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:54:54.0183 1856  vsmraid - ok
09:54:54.0225 1856  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
09:54:54.0257 1856  VSS - ok
09:54:54.0265 1856  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:54:54.0266 1856  vwifibus - ok
09:54:54.0352 1856  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
09:54:54.0368 1856  W32Time - ok
09:54:54.0379 1856  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:54:54.0380 1856  WacomPen - ok
09:54:54.0404 1856  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:54:54.0412 1856  WANARP - ok
09:54:54.0419 1856  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:54:54.0420 1856  Wanarpv6 - ok
09:54:54.0492 1856  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:54:54.0525 1856  WatAdminSvc - ok
09:54:54.0581 1856  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
09:54:54.0606 1856  wbengine - ok
09:54:54.0633 1856  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:54:54.0638 1856  WbioSrvc - ok
09:54:54.0665 1856  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:54:54.0671 1856  wcncsvc - ok
09:54:54.0678 1856  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:54:54.0682 1856  WcsPlugInService - ok
09:54:54.0687 1856  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:54:54.0688 1856  Wd - ok
09:54:54.0722 1856  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:54:54.0730 1856  Wdf01000 - ok
09:54:54.0746 1856  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:54:54.0759 1856  WdiServiceHost - ok
09:54:54.0763 1856  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:54:54.0765 1856  WdiSystemHost - ok
09:54:54.0785 1856  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
09:54:54.0789 1856  WebClient - ok
09:54:54.0804 1856  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:54:54.0808 1856  Wecsvc - ok
09:54:54.0821 1856  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:54:54.0824 1856  wercplsupport - ok
09:54:54.0839 1856  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:54:54.0842 1856  WerSvc - ok
09:54:54.0856 1856  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:54:54.0870 1856  WfpLwf - ok
09:54:54.0882 1856  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:54:54.0892 1856  WIMMount - ok
09:54:54.0913 1856  WinDefend - ok
09:54:54.0931 1856  WinHttpAutoProxySvc - ok
09:54:55.0000 1856  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:54:55.0008 1856  Winmgmt - ok
09:54:55.0062 1856  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
09:54:55.0094 1856  WinRM - ok
09:54:55.0155 1856  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:54:55.0166 1856  WinUsb - ok
09:54:55.0209 1856  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:54:55.0228 1856  Wlansvc - ok
09:54:55.0331 1856  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:54:55.0353 1856  wlidsvc - ok
09:54:55.0378 1856  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:54:55.0379 1856  WmiAcpi - ok
09:54:55.0415 1856  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:54:55.0423 1856  wmiApSrv - ok
09:54:55.0441 1856  WMPNetworkSvc - ok
09:54:55.0463 1856  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:54:55.0471 1856  WPCSvc - ok
09:54:55.0498 1856  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:54:55.0510 1856  WPDBusEnum - ok
09:54:55.0528 1856  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:54:55.0529 1856  ws2ifsl - ok
09:54:55.0553 1856  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
09:54:55.0565 1856  wscsvc - ok
09:54:55.0572 1856  WSearch - ok
09:54:55.0658 1856  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:54:55.0678 1856  wuauserv - ok
09:54:55.0701 1856  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:54:55.0713 1856  WudfPf - ok
09:54:55.0735 1856  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:54:55.0737 1856  WUDFRd - ok
09:54:55.0763 1856  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:54:55.0767 1856  wudfsvc - ok
09:54:55.0801 1856  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:54:55.0814 1856  WwanSvc - ok
09:54:55.0831 1856  ================ Scan global ===============================
09:54:55.0851 1856  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:54:55.0890 1856  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:54:55.0909 1856  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:54:55.0930 1856  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:54:55.0962 1856  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:54:55.0967 1856  [Global] - ok
09:54:55.0967 1856  ================ Scan MBR ==================================
09:54:55.0978 1856  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:54:56.0384 1856  \Device\Harddisk0\DR0 - ok
09:54:56.0384 1856  ================ Scan VBR ==================================
09:54:56.0385 1856  [ D84B3FE5D7AFF82A0DC293E20119EF63 ] \Device\Harddisk0\DR0\Partition1
09:54:56.0386 1856  \Device\Harddisk0\DR0\Partition1 - ok
09:54:56.0387 1856  ============================================================
09:54:56.0387 1856  Scan finished
09:54:56.0387 1856  ============================================================
09:54:56.0392 1312  Detected object count: 0
09:54:56.0392 1312  Actual detected object count: 0
09:55:14.0393 0532  Deinitialize success
 

Best regards,

 

jobo



#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 PM

Posted 09 September 2013 - 07:09 PM

How are things running now?


Best Regards,
oneof4.


#12 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 10 September 2013 - 10:53 AM

Hi,

 

I still have the following problems since running combofix:

  • Microsoft Security Center not working, e.g. MS Security Essentials
  • All restore points gone
  • Sound gone
  • Personalized Desktop gone
  • Intel RST Service (IMPORTANT for me) not working (This keeps thew RAID 10 array in good shape)

I can try and reactivate MS Security Center and maybe reinstall Intel RST, but have no idea what happened to the sound and desktop. I have tried selecting the original desktop theme but none of the themes are active (plain black desktop).

 

Is it possible that Combofix simply switched off a bunch of services?

 

I assume from your answer that I have no rootkit, virus, trojan, etc. problems.

 

Thanks for your help.

 

Best regards,

 

jobo



#13 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 10 September 2013 - 11:40 AM

Hi, 

 

FYI - it looks as though it may be a Comodo problem coincidental with running Combofix! They seem to have done an update/upgrade that cleans peoples desktops!!!!  Comodo was removed and when I downloaded and re-installed Comodo it was completely different.It installed a whole bunch of stuff I don't want or need - why do companies get successful and then decide that arrogance is the best policy???? 

 

Thanks once again for your help and sorry to, possibly, have wasted your time.

 

Best,

 

jobo



#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:49 PM

Posted 10 September 2013 - 07:15 PM

Okay, so is your Desktop back to normal? Are your shortcut icons now present?  How about start menu items when you click the Windows orb at the bottom left, are they present?
 
Let's run the following scan to get a better picture of where things stand:
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#15 jobo1943

jobo1943
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:49 PM

Posted 11 September 2013 - 01:04 PM

Hi,

 

The requested files, FRST.txt and Addition.txt are below. I still have no sound, am having Explorer problems and no destop personalization control (which I suspect is a corrupted profile).

 

FRST.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013
Ran by jab at 2013-09-11 10:53:09
Running from C:\Users\jab\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
µTorrent (HKCU Version: 3.3.1.30003)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0)
Adobe Color EU Extra Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Recommended Settings (x32 Version: 1.0)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0)
Adobe Flash CS3 (x32 Version: 9.0)
Adobe Flash CS3 Professional (x32 Version: 9.0.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Flash Video Encoder (x32 Version: 2.0)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe Media Player (x32 Version: 1.8)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10.0)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe Setup (x32 Version: 1.0)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
All File to All File Converter 3000 7.7 (x32)
Amazon Kindle For PC v1.0 (HKCU)
APC PowerChute Personal Edition (x32 Version: 2.1.1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ASUSUpdate (x32)
Bonjour (Version: 3.0.0.10)
BusinessCardsMX 3.98 (x32 Version: 3.98)
calibre (x32 Version: 0.8.52)
Canon G.726 WMP-Decoder (x32 Version: 1.1.0.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.6.0.12)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.2.7)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 2.6.0.4)
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 0.9.3.9)
Canon Utilities CameraWindow (x32 Version: 7.1.0.2)
Canon Utilities CameraWindow DC (x32 Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (x32 Version: 6.4.2.16)
Canon Utilities MyCamera (x32 Version: 6.4.0.5)
Canon Utilities MyCamera DC (x32 Version: 7.0.1.8)
Canon Utilities RemoteCapture DC (x32 Version: 3.0.1.8)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (x32 Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.1.0.8)
CCleaner (Version: 3.15)
Comodo Dragon (x32 Version: 28.1.0.0)
COMODO Firewall (Version: 6.2.23257.2860)
Converber 2.1.0 (x32 Version: 2.1.0)
ConvertXtoDVD 4.1.7.343 (x32 Version: 4.1.7.343)
CopyTrans Suite Remove Only (HKCU Version: 2.12)
Core Temp 1.0 RC3 (Version: 1.0)
CPUID CPU-Z 1.60.1
CyberLink WaveEditor (x32 Version: 1.0.1.2318)
D3DX10 (x32 Version: 15.4.2368.0902)
dBpoweramp [Calculate Audio CRC] Codec (x32)
dBpoweramp Dalet Codec (x32)
dBpoweramp DSP Effects (x32 Version: Release 6)
dBpoweramp FLAC Codec (x32 Version: Release 12 (FLAC 1.2.1))
dBpoweramp m4a Codec (x32 Version: Release 14 r2)
dBpoweramp Monkeys Audio Codec (x32)
dBpoweramp Mp2 and BwfMp2 codec (x32)
dBpoweramp mp3 (Fraunhofer IIS) Codec (x32 Version: Release 2a (v4.0.3))
dBpoweramp Music Converter (x32 Version: Release 14)
dBpoweramp Ogg Vorbis Codec (x32 Version: Release 19 (Vorbis v1.2.0))
dBpoweramp OptimFROG Codec (x32)
dBpoweramp Real Audio (Helix) Encoder (x32)
dBPoweramp tooLame MP2 codec (x32)
dBpoweramp Wave64 Codec (x32)
dBpoweramp WavPack Codec (x32)
dBpoweramp Windows Media Audio 10 Codec (x32 Version: Release 7)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
EPU-6 Engine (x32 Version: 1.02.01)
ESET Online Scanner v3 (x32)
Exact Audio Copy 0.99pb5 (x32 Version: 0.99pb5)
Express Burn (x32)
FileZilla Client 3.3.2.1 (x32 Version: 3.3.2.1)
FontManagementSystem (x32 Version: 4.3.0)
foobar2000 v1.1.8 (x32 Version: 1.1.8)
GeekBuddy (x32 Version: 4.8.66)
Google Chrome (HKCU Version: 29.0.1547.57)
GPL Ghostscript 8.63 (x32)
Handbrake 0.9.4 (x32 Version: 0.9.4)
HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.50.231.0)
HP Officejet Pro 8500 A910 Help (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.002.006.003)
iCloud (Version: 2.1.2.8)
ImgBurn (x32 Version: 2.5.5.0)
INI_FCFG_V03.14A05 (x32)
Intel® Rapid Storage Technology (x32 Version: 10.8.0.1003)
ISOBuddy (x32)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.0.7.1)
JavaFX 2.1.1 (x32 Version: 2.1.1)
jv16 PowerTools 1.3 (x32)
jv16 PowerTools 2012 (x32 Version: )
KeePass Password Safe 2.09 (x32)
K-Lite Codec Pack 5.9.0 (64-bit) (Version: 5.9.0)
K-Lite Codec Pack 8.4.0 (Full) (x32 Version: 8.4.0)
LAME v3.98.2 for Audacity (x32)
LastPass(uninstall only) (x32)
Logo Design Studio Pro (x32 Version: 1.5)
Macrium Reflect (Version: 4.2.2098)
Macrium Reflect Windows PE Component (Version: 2.1.2536)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Expression Blend 3 (x32 Version: 3.0.1927.0)
Microsoft Expression Blend 3 SDK (x32 Version: 1.0.1327.0)
Microsoft Expression Design 3 (x32 Version: 6.0.1739.0)
Microsoft Expression Encoder 3 (x32 Version: 3.0.1332.0)
Microsoft Expression Studio 3 (x32 Version: 3.0.1061.0)
Microsoft Expression Web 3 (x32 Version: 3.0.3813.0)
Microsoft Expression Web 3 SP1 (x32)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (Version: 14.0.7015.1000)
Microsoft Office Project MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (x32 Version: 10.0.40220)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 4.0 x64 ENU (Version: 4.0.8482.1)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MP3 Parser DirectShow Filter (remove only) (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0)
NovaBench 3.0.3 (x32)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Payroll Mate (2011) 7.0.9 (x32)
PC Probe II (x32 Version: 1.04.76)
PC Wizard 2012.2.0 (x32)
PDF Settings (x32 Version: 1.0)
PDF Settings CS5 (x32 Version: 10.0)
PDF-Viewer (Version: 2.0.42.7)
Photo Gallery (x32 Version: 16.4.3508.0205)
PowerDirector (Version: 9.00.0000)
PowerPlugs: Template Finder for PowerPoint (x32 Version: 1.00.0000)
PVSonyDll (Version: 1.00.0001)
QuickBooks (x32 Version: 20.0.4006.807)
QuickBooks Premier: Accountant Edition 2010 (x32 Version: 20.0.4006.807)
QuickTime (x32 Version: 7.73.80.64)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SetIP (x32 Version: 1.04.01.00)
SiSoftware Sandra Lite 2010 (Version: 16.11.2010.1)
Skype Click to Call (x32 Version: 6.9.12585)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartSound Quicktracks 5 (x32 Version: 5.1.7)
SpeedFan (remove only) (x32)
SpiderOak (x32)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab for Intel (x32 Version: 4.5.5.0)
TrojanHunter 5.5 (x32 Version: 5.5)
Ultra Defragmenter (x32 Version: 6.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
VLC media player 2.0.7 (x32 Version: 2.0.7)
WavePad Sound Editor (x32)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows XP Mode (Version: 1.3.7600.16423)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
WinZip 16.0 (x32 Version: 16.0.9715)
XDCAM EX Clip Browser (x32 Version: 2.00.438)
 
==================== Restore Points  =========================
 
10-09-2013 16:27:31 Windows Update
 
==================== Hosts content: ==========================
 
2011-08-03 11:59 - 2013-09-10 09:16 - 00000222 ____A C:\Windows\system32\Drivers\etc\hosts
Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)127.0.0.1       localhost
Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {05FDDDDF-8F48-4E33-BF9A-9D58990B2AEC} - System32\Tasks\Macrium_1156_Full xml => C:\Program Files\Macrium\Reflect\reflect.exe [2011-10-31] (Paramount Software UK Ltd)
Task: {11795F0A-DAE4-4560-9E28-6DFAC32D26A2} - System32\Tasks\NCH Software\ExpressBurnReminder => C:\Program Files (x86)\NCH Software\ExpressBurn\ExpressBurn.exe [2013-04-26] (NCH Software)
Task: {149A85F0-26F2-4A61-B32C-32FB67C7FBDC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1569002E-CE05-4BC4-8864-FCE596C1BC72} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {187C5C62-E5F6-49D1-9858-421B46A78AF8} - System32\Tasks\AdobeAAMUpdater-1.0-office1156-jab => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {312C015E-B50C-45D4-AB76-802FAE33BDC7} - System32\Tasks\Core Temp Autostart jab => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {38D78198-B425-4769-9D83-00C662B656B6} - System32\Tasks\Macrium_1156_Incremental xml => C:\Program Files\Macrium\Reflect\reflect.exe [2011-10-31] (Paramount Software UK Ltd)
Task: {4807F63F-F001-4FF4-9DFF-E4E53A8F7C5E} - System32\Tasks\Core Temp Autostart => C:\Users\jab\Desktop\OPTERON\Opty175_OC\CoreTemp64\Core Temp.exe
Task: {561B7DD5-A54A-44A1-B2A4-53A45FDD0893} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
Task: {620A21A6-553A-47F2-B475-454A53221014} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {70DA0918-3896-4D9D-96D3-45441E2DAA5B} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-OFFICE1156 => C:\Windows\ehome\McxTask.exe
Task: {974B28B4-3D3A-4FF4-AB1A-7D4F1714CF2A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2348748867-2008991914-1298228761-1001Core => C:\Users\jab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11] (Google Inc.)
Task: {A3631E2B-C54D-4C53-9F47-943D521F9B99} - \DSite No Task File
Task: {AB6968AD-7469-425F-BD4E-CB87D7D4002D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AE3D03D1-F443-47C1-97E1-BA5953015CE6} - System32\Tasks\{438C400D-B4B2-4A24-89E2-9B92C07A9C41} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {C6CCA4DE-CA0C-4091-8644-28795F09C5A9} - System32\Tasks\{AE07D5F0-7623-459B-93A2-C94DBF639DB3} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {C6E62BE7-B407-4E48-86FE-B18A3B47AF33} - System32\Tasks\{C130AF93-F030-4A85-8C1D-71B9355F644E} => C:\Program Files (x86)\Hard Disk Sentinel\HDSCtrl.exe
Task: {D21748EF-59B2-4D51-8F16-4879F1CDBE1A} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.98\AsLoader.exe [2009-08-20] (ASUSTeK Computer Inc.)
Task: {F3CB588C-A2C7-4824-BE9F-67285B997229} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31] (Adobe Systems Incorporated)
Task: {F8D58853-AA1B-4B96-99BA-F6C6CADCD7CF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {FC67853F-B3FF-443C-BDDC-79CF988CAAB0} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-09-09] (ASUSTeK Computer Inc.)
Task: {FD84264F-F7D1-4698-B899-B9DC528EE3A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2348748867-2008991914-1298228761-1001UA => C:\Users\jab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2348748867-2008991914-1298228761-1001Core.job => C:\Users\jab\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2348748867-2008991914-1298228761-1001UA.job => C:\Users\jab\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Macrium_1156_Full xml.job => C:\Program Files\Macrium\Reflect\reflect.exe
Task: C:\Windows\Tasks\Macrium_1156_Incremental xml.job => C:\Program Files\Macrium\Reflect\reflect.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-03 11:38 - 2013-02-26 00:32 - 15053264 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-07-15 15:36 - 2013-07-15 15:36 - 00244696 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
2013-07-15 15:36 - 2013-07-15 15:36 - 00661448 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCP110.dll
2013-07-15 15:36 - 2013-07-15 15:36 - 00828872 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCR110.dll
2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-01-22 04:57 - 2013-01-18 08:00 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2012-03-21 16:00 - 2012-03-21 16:00 - 00011592 ____R (WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\wzshls64.dll
2010-10-07 16:33 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-06-18 16:15 - 2013-06-18 16:15 - 05033176 _____ (Terra Informatica Software, Inc.) C:\Program Files\COMODO\COMODO Internet Security\cmdhtml.dll
2013-08-16 11:42 - 2013-08-16 11:42 - 00491520 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\914b102327a5f48542af50a6e5c1f8ab\IAStorUtil.ni.dll
2013-07-12 09:25 - 2013-07-12 09:25 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9806320368a8f23f1f6c5de66ebb29d0\IAStorCommon.ni.dll
2010-03-15 16:57 - 2010-03-15 16:57 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2009-11-26 13:17 - 2007-07-19 18:54 - 00345344 _____ (American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\UpsControl.dll
2009-11-26 13:17 - 2007-07-19 18:54 - 00353536 _____ (American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\UpsDevice.dll
2009-11-26 13:17 - 2007-07-19 18:54 - 00341248 _____ (American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\pdcdll.dll
2009-11-26 13:17 - 2007-07-19 18:43 - 01916928 _____ (American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\res.dll
2009-11-10 22:12 - 2009-04-22 21:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
2009-11-10 22:12 - 2009-08-27 20:41 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll
2009-11-10 22:12 - 2009-08-27 20:41 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
2009-11-10 22:12 - 2009-08-27 20:41 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\AiNap.dll
2009-11-10 22:12 - 2009-08-27 20:41 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\vvc.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 47067600 _____ (Google Inc.) C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\chrome.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 09962960 _____ (The ICU Project) C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\icudt.dll
2010-03-21 11:19 - 2010-03-21 11:19 - 00094208 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-07-15 15:35 - 2013-07-15 15:35 - 00220632 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
2013-07-15 15:35 - 2013-07-15 15:35 - 00534480 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll
2013-07-15 15:35 - 2013-07-15 15:35 - 00862664 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCR110.dll
2013-07-15 15:35 - 2013-07-15 15:35 - 00537560 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll
2013-07-15 15:35 - 2013-07-15 15:35 - 00038360 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\logging.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-21 15:39 - 2013-08-15 18:23 - 03231688 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\D3DCompiler_46.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 00709584 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\libglesv2.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 00099792 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\libegl.dll
2013-08-21 15:39 - 2013-08-15 20:21 - 04053456 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll
2013-08-21 15:39 - 2013-08-15 20:21 - 00410576 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 02110928 _____ (Google Inc.) C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\libpeerconnection.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 01604560 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll
2013-08-21 15:39 - 2013-08-15 20:21 - 13594064 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2013 08:02:02 AM) (Source: APC UPS Service) (User: NT AUTHORITY)
Description: PowerChute not communicating with the battery backup.
 
Error: (09/10/2013 10:13:59 AM) (Source: APC UPS Service) (User: NT AUTHORITY)
Description: PowerChute not communicating with the battery backup.
 
Error: (09/10/2013 09:20:44 AM) (Source: APC UPS Service) (User: NT AUTHORITY)
Description: PowerChute not communicating with the battery backup.
 
Error: (09/10/2013 09:03:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: taskbarcpl.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9da
Exception code: 0xc000041d
Fault offset: 0x000000000000c12f
Faulting process id: 0x11c0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (09/10/2013 09:03:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: taskbarcpl.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9da
Exception code: 0xc0000005
Fault offset: 0x000000000000c12f
Faulting process id: 0x11c0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (09/10/2013 08:59:25 AM) (Source: MsiInstaller) (User: office1156)
Description: Product: COMODO Internet Security -- Error 1706. An installation package for the product COMODO Internet Security cannot be found. Try the installation again using a valid copy of the installation package 'CIS_Setup.msi'.
 
Error: (09/10/2013 08:56:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: taskbarcpl.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9da
Exception code: 0xc000041d
Fault offset: 0x000000000000c12f
Faulting process id: 0x10b0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (09/10/2013 08:56:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: taskbarcpl.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9da
Exception code: 0xc0000005
Fault offset: 0x000000000000c12f
Faulting process id: 0x10b0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (09/10/2013 07:57:18 AM) (Source: APC UPS Service) (User: NT AUTHORITY)
Description: PowerChute not communicating with the battery backup.
 
Error: (09/08/2013 09:54:36 PM) (Source: APC UPS Service) (User: NT AUTHORITY)
Description: PowerChute not communicating with the battery backup.
 
 
System errors:
=============
Error: (09/10/2013 09:18:48 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (09/10/2013 09:18:48 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (09/10/2013 09:16:46 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UimBus
Uim_IM
Uim_VIM
 
Error: (09/10/2013 09:16:43 AM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: 
%%1058
 
Error: (09/10/2013 09:16:42 AM) (Source: Service Control Manager) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error: 
%%1053
 
Error: (09/10/2013 09:16:42 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
 
Error: (09/10/2013 09:15:29 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (09/10/2013 09:09:48 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (09/10/2013 09:09:48 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (09/10/2013 09:07:46 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UimBus
Uim_IM
Uim_VIM
 
 
Microsoft Office Sessions:
=========================
Error: (09/11/2013 08:02:02 AM) (Source: APC UPS Service)(User: NT AUTHORITY)
Description: 
 
Error: (09/10/2013 10:13:59 AM) (Source: APC UPS Service)(User: NT AUTHORITY)
Description: 
 
Error: (09/10/2013 09:20:44 AM) (Source: APC UPS Service)(User: NT AUTHORITY)
Description: 
 
Error: (09/10/2013 09:03:45 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4taskbarcpl.dll6.1.7601.175144ce7c9dac000041d000000000000c12f11c001ceae3f514a4972C:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll91cf6ecc-1a32-11e3-89d4-90e6ba0d3c8c
 
Error: (09/10/2013 09:03:42 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4taskbarcpl.dll6.1.7601.175144ce7c9dac0000005000000000000c12f11c001ceae3f514a4972C:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll8fc11290-1a32-11e3-89d4-90e6ba0d3c8c
 
Error: (09/10/2013 08:59:25 AM) (Source: MsiInstaller)(User: office1156)
Description: Product: COMODO Internet Security -- Error 1706. An installation package for the product COMODO Internet Security cannot be found. Try the installation again using a valid copy of the installation package 'CIS_Setup.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/10/2013 08:56:16 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4taskbarcpl.dll6.1.7601.175144ce7c9dac000041d000000000000c12f10b001cead7cf782232cC:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll862c2a59-1a31-11e3-89d4-90e6ba0d3c8c
 
Error: (09/10/2013 08:56:07 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4taskbarcpl.dll6.1.7601.175144ce7c9dac0000005000000000000c12f10b001cead7cf782232cC:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll80a7fe14-1a31-11e3-89d4-90e6ba0d3c8c
 
Error: (09/10/2013 07:57:18 AM) (Source: APC UPS Service)(User: NT AUTHORITY)
Description: 
 
Error: (09/08/2013 09:54:36 PM) (Source: APC UPS Service)(User: NT AUTHORITY)
Description: 
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-08 21:23:34.284
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-08 21:23:34.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-08 21:23:34.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-08 21:23:34.128
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:27:03.586
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:27:03.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:22:35.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\jab\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:22:35.625
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\jab\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:19:19.111
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\jab\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:19:19.064
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\jab\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 68%
Total physical RAM: 4094.02 MB
Available physical RAM: 1284.25 MB
Total Pagefile: 10233.2 MB
Available Pagefile: 7175.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (WD RE3 1) (Fixed) (Total:1863.02 GB) (Free:1717.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive x: (Seagate_1TB) (Fixed) (Total:931.51 GB) (Free:106.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 00C4AF07)
Partition 1: (Active) - (Size=-198624050688) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 09AF6B12)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013
Ran by jab at 2013-09-11 10:53:09
Running from C:\Users\jab\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
µTorrent (HKCU Version: 3.3.1.30003)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0)
Adobe Color EU Extra Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Recommended Settings (x32 Version: 1.0)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0)
Adobe Flash CS3 (x32 Version: 9.0)
Adobe Flash CS3 Professional (x32 Version: 9.0.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Flash Video Encoder (x32 Version: 2.0)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe Media Player (x32 Version: 1.8)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10.0)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe Setup (x32 Version: 1.0)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
All File to All File Converter 3000 7.7 (x32)
Amazon Kindle For PC v1.0 (HKCU)
APC PowerChute Personal Edition (x32 Version: 2.1.1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ASUSUpdate (x32)
Bonjour (Version: 3.0.0.10)
BusinessCardsMX 3.98 (x32 Version: 3.98)
calibre (x32 Version: 0.8.52)
Canon G.726 WMP-Decoder (x32 Version: 1.1.0.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.6.0.12)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.2.7)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 2.6.0.4)
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 0.9.3.9)
Canon Utilities CameraWindow (x32 Version: 7.1.0.2)
Canon Utilities CameraWindow DC (x32 Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (x32 Version: 6.4.2.16)
Canon Utilities MyCamera (x32 Version: 6.4.0.5)
Canon Utilities MyCamera DC (x32 Version: 7.0.1.8)
Canon Utilities RemoteCapture DC (x32 Version: 3.0.1.8)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (x32 Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.1.0.8)
CCleaner (Version: 3.15)
Comodo Dragon (x32 Version: 28.1.0.0)
COMODO Firewall (Version: 6.2.23257.2860)
Converber 2.1.0 (x32 Version: 2.1.0)
ConvertXtoDVD 4.1.7.343 (x32 Version: 4.1.7.343)
CopyTrans Suite Remove Only (HKCU Version: 2.12)
Core Temp 1.0 RC3 (Version: 1.0)
CPUID CPU-Z 1.60.1
CyberLink WaveEditor (x32 Version: 1.0.1.2318)
D3DX10 (x32 Version: 15.4.2368.0902)
dBpoweramp [Calculate Audio CRC] Codec (x32)
dBpoweramp Dalet Codec (x32)
dBpoweramp DSP Effects (x32 Version: Release 6)
dBpoweramp FLAC Codec (x32 Version: Release 12 (FLAC 1.2.1))
dBpoweramp m4a Codec (x32 Version: Release 14 r2)
dBpoweramp Monkeys Audio Codec (x32)
dBpoweramp Mp2 and BwfMp2 codec (x32)
dBpoweramp mp3 (Fraunhofer IIS) Codec (x32 Version: Release 2a (v4.0.3))
dBpoweramp Music Converter (x32 Version: Release 14)
dBpoweramp Ogg Vorbis Codec (x32 Version: Release 19 (Vorbis v1.2.0))
dBpoweramp OptimFROG Codec (x32)
dBpoweramp Real Audio (Helix) Encoder (x32)
dBPoweramp tooLame MP2 codec (x32)
dBpoweramp Wave64 Codec (x32)
dBpoweramp WavPack Codec (x32)
dBpoweramp Windows Media Audio 10 Codec (x32 Version: Release 7)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
EPU-6 Engine (x32 Version: 1.02.01)
ESET Online Scanner v3 (x32)
Exact Audio Copy 0.99pb5 (x32 Version: 0.99pb5)
Express Burn (x32)
FileZilla Client 3.3.2.1 (x32 Version: 3.3.2.1)
FontManagementSystem (x32 Version: 4.3.0)
foobar2000 v1.1.8 (x32 Version: 1.1.8)
GeekBuddy (x32 Version: 4.8.66)
Google Chrome (HKCU Version: 29.0.1547.57)
GPL Ghostscript 8.63 (x32)
Handbrake 0.9.4 (x32 Version: 0.9.4)
HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.50.231.0)
HP Officejet Pro 8500 A910 Help (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.002.006.003)
iCloud (Version: 2.1.2.8)
ImgBurn (x32 Version: 2.5.5.0)
INI_FCFG_V03.14A05 (x32)
Intel® Rapid Storage Technology (x32 Version: 10.8.0.1003)
ISOBuddy (x32)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.0.7.1)
JavaFX 2.1.1 (x32 Version: 2.1.1)
jv16 PowerTools 1.3 (x32)
jv16 PowerTools 2012 (x32 Version: )
KeePass Password Safe 2.09 (x32)
K-Lite Codec Pack 5.9.0 (64-bit) (Version: 5.9.0)
K-Lite Codec Pack 8.4.0 (Full) (x32 Version: 8.4.0)
LAME v3.98.2 for Audacity (x32)
LastPass(uninstall only) (x32)
Logo Design Studio Pro (x32 Version: 1.5)
Macrium Reflect (Version: 4.2.2098)
Macrium Reflect Windows PE Component (Version: 2.1.2536)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Expression Blend 3 (x32 Version: 3.0.1927.0)
Microsoft Expression Blend 3 SDK (x32 Version: 1.0.1327.0)
Microsoft Expression Design 3 (x32 Version: 6.0.1739.0)
Microsoft Expression Encoder 3 (x32 Version: 3.0.1332.0)
Microsoft Expression Studio 3 (x32 Version: 3.0.1061.0)
Microsoft Expression Web 3 (x32 Version: 3.0.3813.0)
Microsoft Expression Web 3 SP1 (x32)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (Version: 14.0.7015.1000)
Microsoft Office Project MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (x32 Version: 10.0.40220)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 4.0 x64 ENU (Version: 4.0.8482.1)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MP3 Parser DirectShow Filter (remove only) (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0)
NovaBench 3.0.3 (x32)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Payroll Mate (2011) 7.0.9 (x32)
PC Probe II (x32 Version: 1.04.76)
PC Wizard 2012.2.0 (x32)
PDF Settings (x32 Version: 1.0)
PDF Settings CS5 (x32 Version: 10.0)
PDF-Viewer (Version: 2.0.42.7)
Photo Gallery (x32 Version: 16.4.3508.0205)
PowerDirector (Version: 9.00.0000)
PowerPlugs: Template Finder for PowerPoint (x32 Version: 1.00.0000)
PVSonyDll (Version: 1.00.0001)
QuickBooks (x32 Version: 20.0.4006.807)
QuickBooks Premier: Accountant Edition 2010 (x32 Version: 20.0.4006.807)
QuickTime (x32 Version: 7.73.80.64)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SetIP (x32 Version: 1.04.01.00)
SiSoftware Sandra Lite 2010 (Version: 16.11.2010.1)
Skype Click to Call (x32 Version: 6.9.12585)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartSound Quicktracks 5 (x32 Version: 5.1.7)
SpeedFan (remove only) (x32)
SpiderOak (x32)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab for Intel (x32 Version: 4.5.5.0)
TrojanHunter 5.5 (x32 Version: 5.5)
Ultra Defragmenter (x32 Version: 6.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
VLC media player 2.0.7 (x32 Version: 2.0.7)
WavePad Sound Editor (x32)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows XP Mode (Version: 1.3.7600.16423)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
WinZip 16.0 (x32 Version: 16.0.9715)
XDCAM EX Clip Browser (x32 Version: 2.00.438)
 
==================== Restore Points  =========================
 
10-09-2013 16:27:31 Windows Update
 
==================== Hosts content: ==========================
 
2011-08-03 11:59 - 2013-09-10 09:16 - 00000222 ____A C:\Windows\system32\Drivers\etc\hosts
Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)127.0.0.1       localhost
Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {05FDDDDF-8F48-4E33-BF9A-9D58990B2AEC} - System32\Tasks\Macrium_1156_Full xml => C:\Program Files\Macrium\Reflect\reflect.exe [2011-10-31] (Paramount Software UK Ltd)
Task: {11795F0A-DAE4-4560-9E28-6DFAC32D26A2} - System32\Tasks\NCH Software\ExpressBurnReminder => C:\Program Files (x86)\NCH Software\ExpressBurn\ExpressBurn.exe [2013-04-26] (NCH Software)
Task: {149A85F0-26F2-4A61-B32C-32FB67C7FBDC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1569002E-CE05-4BC4-8864-FCE596C1BC72} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {187C5C62-E5F6-49D1-9858-421B46A78AF8} - System32\Tasks\AdobeAAMUpdater-1.0-office1156-jab => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {312C015E-B50C-45D4-AB76-802FAE33BDC7} - System32\Tasks\Core Temp Autostart jab => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {38D78198-B425-4769-9D83-00C662B656B6} - System32\Tasks\Macrium_1156_Incremental xml => C:\Program Files\Macrium\Reflect\reflect.exe [2011-10-31] (Paramount Software UK Ltd)
Task: {4807F63F-F001-4FF4-9DFF-E4E53A8F7C5E} - System32\Tasks\Core Temp Autostart => C:\Users\jab\Desktop\OPTERON\Opty175_OC\CoreTemp64\Core Temp.exe
Task: {561B7DD5-A54A-44A1-B2A4-53A45FDD0893} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
Task: {620A21A6-553A-47F2-B475-454A53221014} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {70DA0918-3896-4D9D-96D3-45441E2DAA5B} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-OFFICE1156 => C:\Windows\ehome\McxTask.exe
Task: {974B28B4-3D3A-4FF4-AB1A-7D4F1714CF2A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2348748867-2008991914-1298228761-1001Core => C:\Users\jab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11] (Google Inc.)
Task: {A3631E2B-C54D-4C53-9F47-943D521F9B99} - \DSite No Task File
Task: {AB6968AD-7469-425F-BD4E-CB87D7D4002D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AE3D03D1-F443-47C1-97E1-BA5953015CE6} - System32\Tasks\{438C400D-B4B2-4A24-89E2-9B92C07A9C41} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {C6CCA4DE-CA0C-4091-8644-28795F09C5A9} - System32\Tasks\{AE07D5F0-7623-459B-93A2-C94DBF639DB3} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {C6E62BE7-B407-4E48-86FE-B18A3B47AF33} - System32\Tasks\{C130AF93-F030-4A85-8C1D-71B9355F644E} => C:\Program Files (x86)\Hard Disk Sentinel\HDSCtrl.exe
Task: {D21748EF-59B2-4D51-8F16-4879F1CDBE1A} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.98\AsLoader.exe [2009-08-20] (ASUSTeK Computer Inc.)
Task: {F3CB588C-A2C7-4824-BE9F-67285B997229} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31] (Adobe Systems Incorporated)
Task: {F8D58853-AA1B-4B96-99BA-F6C6CADCD7CF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {FC67853F-B3FF-443C-BDDC-79CF988CAAB0} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-09-09] (ASUSTeK Computer Inc.)
Task: {FD84264F-F7D1-4698-B899-B9DC528EE3A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2348748867-2008991914-1298228761-1001UA => C:\Users\jab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2348748867-2008991914-1298228761-1001Core.job => C:\Users\jab\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2348748867-2008991914-1298228761-1001UA.job => C:\Users\jab\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Macrium_1156_Full xml.job => C:\Program Files\Macrium\Reflect\reflect.exe
Task: C:\Windows\Tasks\Macrium_1156_Incremental xml.job => C:\Program Files\Macrium\Reflect\reflect.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-03 11:38 - 2013-02-26 00:32 - 15053264 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-07-15 15:36 - 2013-07-15 15:36 - 00244696 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
2013-07-15 15:36 - 2013-07-15 15:36 - 00661448 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCP110.dll
2013-07-15 15:36 - 2013-07-15 15:36 - 00828872 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCR110.dll
2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-01-22 04:57 - 2013-01-18 08:00 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2012-03-21 16:00 - 2012-03-21 16:00 - 00011592 ____R (WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\wzshls64.dll
2010-10-07 16:33 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-06-18 16:15 - 2013-06-18 16:15 - 05033176 _____ (Terra Informatica Software, Inc.) C:\Program Files\COMODO\COMODO Internet Security\cmdhtml.dll
2013-08-16 11:42 - 2013-08-16 11:42 - 00491520 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\914b102327a5f48542af50a6e5c1f8ab\IAStorUtil.ni.dll
2013-07-12 09:25 - 2013-07-12 09:25 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9806320368a8f23f1f6c5de66ebb29d0\IAStorCommon.ni.dll
2010-03-15 16:57 - 2010-03-15 16:57 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2009-11-26 13:17 - 2007-07-19 18:54 - 00345344 _____ (American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\UpsControl.dll
2009-11-26 13:17 - 2007-07-19 18:54 - 00353536 _____ (American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\UpsDevice.dll
2009-11-26 13:17 - 2007-07-19 18:54 - 00341248 _____ (American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\pdcdll.dll
2009-11-26 13:17 - 2007-07-19 18:43 - 01916928 _____ (American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\res.dll
2009-11-10 22:12 - 2009-04-22 21:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
2009-11-10 22:12 - 2009-08-27 20:41 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll
2009-11-10 22:12 - 2009-08-27 20:41 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
2009-11-10 22:12 - 2009-08-27 20:41 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\AiNap.dll
2009-11-10 22:12 - 2009-08-27 20:41 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\vvc.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 47067600 _____ (Google Inc.) C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\chrome.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 09962960 _____ (The ICU Project) C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\icudt.dll
2010-03-21 11:19 - 2010-03-21 11:19 - 00094208 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-07-15 15:35 - 2013-07-15 15:35 - 00220632 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
2013-07-15 15:35 - 2013-07-15 15:35 - 00534480 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll
2013-07-15 15:35 - 2013-07-15 15:35 - 00862664 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCR110.dll
2013-07-15 15:35 - 2013-07-15 15:35 - 00537560 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll
2013-07-15 15:35 - 2013-07-15 15:35 - 00038360 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\logging.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-21 15:39 - 2013-08-15 18:23 - 03231688 _____ (Microsoft Corporation) C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\D3DCompiler_46.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 00709584 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\libglesv2.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 00099792 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\libegl.dll
2013-08-21 15:39 - 2013-08-15 20:21 - 04053456 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll
2013-08-21 15:39 - 2013-08-15 20:21 - 00410576 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 02110928 _____ (Google Inc.) C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\libpeerconnection.dll
2013-08-21 15:39 - 2013-08-15 20:20 - 01604560 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll
2013-08-21 15:39 - 2013-08-15 20:21 - 13594064 _____ () C:\Users\jab\AppData\Local\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2013 08:02:02 AM) (Source: APC UPS Service) (User: NT AUTHORITY)
Description: PowerChute not communicating with the battery backup.
 
Error: (09/10/2013 10:13:59 AM) (Source: APC UPS Service) (User: NT AUTHORITY)
Description: PowerChute not communicating with the battery backup.
 
Error: (09/10/2013 09:20:44 AM) (Source: APC UPS Service) (User: NT AUTHORITY)
Description: PowerChute not communicating with the battery backup.
 
Error: (09/10/2013 09:03:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: taskbarcpl.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9da
Exception code: 0xc000041d
Fault offset: 0x000000000000c12f
Faulting process id: 0x11c0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (09/10/2013 09:03:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: taskbarcpl.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9da
Exception code: 0xc0000005
Fault offset: 0x000000000000c12f
Faulting process id: 0x11c0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (09/10/2013 08:59:25 AM) (Source: MsiInstaller) (User: office1156)
Description: Product: COMODO Internet Security -- Error 1706. An installation package for the product COMODO Internet Security cannot be found. Try the installation again using a valid copy of the installation package 'CIS_Setup.msi'.
 
Error: (09/10/2013 08:56:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: taskbarcpl.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9da
Exception code: 0xc000041d
Fault offset: 0x000000000000c12f
Faulting process id: 0x10b0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (09/10/2013 08:56:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: taskbarcpl.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9da
Exception code: 0xc0000005
Fault offset: 0x000000000000c12f
Faulting process id: 0x10b0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (09/10/2013 07:57:18 AM) (Source: APC UPS Service) (User: NT AUTHORITY)
Description: PowerChute not communicating with the battery backup.
 
Error: (09/08/2013 09:54:36 PM) (Source: APC UPS Service) (User: NT AUTHORITY)
Description: PowerChute not communicating with the battery backup.
 
 
System errors:
=============
Error: (09/10/2013 09:18:48 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (09/10/2013 09:18:48 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (09/10/2013 09:16:46 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UimBus
Uim_IM
Uim_VIM
 
Error: (09/10/2013 09:16:43 AM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: 
%%1058
 
Error: (09/10/2013 09:16:42 AM) (Source: Service Control Manager) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error: 
%%1053
 
Error: (09/10/2013 09:16:42 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
 
Error: (09/10/2013 09:15:29 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (09/10/2013 09:09:48 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (09/10/2013 09:09:48 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (09/10/2013 09:07:46 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UimBus
Uim_IM
Uim_VIM
 
 
Microsoft Office Sessions:
=========================
Error: (09/11/2013 08:02:02 AM) (Source: APC UPS Service)(User: NT AUTHORITY)
Description: 
 
Error: (09/10/2013 10:13:59 AM) (Source: APC UPS Service)(User: NT AUTHORITY)
Description: 
 
Error: (09/10/2013 09:20:44 AM) (Source: APC UPS Service)(User: NT AUTHORITY)
Description: 
 
Error: (09/10/2013 09:03:45 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4taskbarcpl.dll6.1.7601.175144ce7c9dac000041d000000000000c12f11c001ceae3f514a4972C:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll91cf6ecc-1a32-11e3-89d4-90e6ba0d3c8c
 
Error: (09/10/2013 09:03:42 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4taskbarcpl.dll6.1.7601.175144ce7c9dac0000005000000000000c12f11c001ceae3f514a4972C:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll8fc11290-1a32-11e3-89d4-90e6ba0d3c8c
 
Error: (09/10/2013 08:59:25 AM) (Source: MsiInstaller)(User: office1156)
Description: Product: COMODO Internet Security -- Error 1706. An installation package for the product COMODO Internet Security cannot be found. Try the installation again using a valid copy of the installation package 'CIS_Setup.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/10/2013 08:56:16 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4taskbarcpl.dll6.1.7601.175144ce7c9dac000041d000000000000c12f10b001cead7cf782232cC:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll862c2a59-1a31-11e3-89d4-90e6ba0d3c8c
 
Error: (09/10/2013 08:56:07 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4taskbarcpl.dll6.1.7601.175144ce7c9dac0000005000000000000c12f10b001cead7cf782232cC:\Windows\explorer.exeC:\Windows\System32\taskbarcpl.dll80a7fe14-1a31-11e3-89d4-90e6ba0d3c8c
 
Error: (09/10/2013 07:57:18 AM) (Source: APC UPS Service)(User: NT AUTHORITY)
Description: 
 
Error: (09/08/2013 09:54:36 PM) (Source: APC UPS Service)(User: NT AUTHORITY)
Description: 
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-08 21:23:34.284
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-08 21:23:34.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-08 21:23:34.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-08 21:23:34.128
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:27:03.586
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:27:03.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:22:35.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\jab\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:22:35.625
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\jab\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:19:19.111
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\jab\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-26 16:19:19.064
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\jab\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 68%
Total physical RAM: 4094.02 MB
Available physical RAM: 1284.25 MB
Total Pagefile: 10233.2 MB
Available Pagefile: 7175.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (WD RE3 1) (Fixed) (Total:1863.02 GB) (Free:1717.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive x: (Seagate_1TB) (Fixed) (Total:931.51 GB) (Free:106.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 00C4AF07)
Partition 1: (Active) - (Size=-198624050688) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 09AF6B12)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Best,

jobo






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users