RedBarron
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by RedBarron
-
-
Hey, sorry I didn't see your last post, I will do it tomorrow.. btw. this is the last time Malwarebytes blocked anything:
2012/04/26 00:59:13 +0800 IP-BLOCK 60.190.222.181 (Type: outgoing, Port: 50196, Process: chrome.exe)
so fingers crossed, maybe something helped along the way
-
OTL logfile created on: 4/27/2012 11:53:35 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Arne\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
1013.30 Mb Total Physical Memory | 157.65 Mb Available Physical Memory | 15.56% Memory free
2.10 Gb Paging File | 0.61 Gb Available in Paging File | 28.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 150.27 Gb Total Space | 90.28 Gb Free Space | 60.08% Space Free | Partition Type: NTFS
Drive D: | 67.51 Gb Total Space | 65.42 Gb Free Space | 96.90% Space Free | Partition Type: NTFS
Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/27 23:52:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/09/29 20:13:22 | 000,771,640 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe
PRC - [2011/09/29 20:13:19 | 001,181,240 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe
PRC - [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/17 18:37:40 | 000,307,200 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\scalc.exe
PRC - [2010/11/23 14:26:41 | 000,503,808 | ---- | M] (Author - Igor Vigdorchik) -- C:\Program Files\Sticky Notes\StickyNotes.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/11/20 12:01:36 | 002,247,168 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/10/26 19:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/02 23:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/02 23:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/12 15:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 15:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 15:36:18 | 000,544,240 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\libglesv2.dll
MOD - [2012/04/12 15:36:17 | 000,117,744 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\libegl.dll
MOD - [2012/04/12 15:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 15:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 15:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/12 14:51:55 | 008,743,584 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
MOD - [2011/09/29 20:13:22 | 000,771,640 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe
MOD - [2011/03/15 20:40:00 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/03/15 20:40:00 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/02 23:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Arne\AppData\Local\Temp\phoenix\PhnxBldr.sys -- (PhnxBuilder)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\HyperSpace\PhnxBldr.sys -- (PhnxBldr)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arne\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arne\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/27 08:15:47 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48200D8E-3AB9-437A-A139-7AE66C543B8C}\MpKsl61bf4070.sys -- (MpKsl61bf4070)
DRV - [2012/04/25 22:52:35 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/08/04 04:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 04:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/28 17:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/02 04:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/05/01 18:11:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{4C7AABE8-8045-4207-926A-F5EE06FA9BD6}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_en
IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{8B5AE1A3-BDD6-4CE8-8289-C5C05BBAAA7F}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://www.google.com/search?hl=en-GB&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.io8.org/autoproxy/e1.pac"
FF - prefs.js..network.proxy.http: "http://proxy.io8.org/autoproxy/e1.pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/10 00:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/27 23:42:54 | 000,000,000 | ---D | M]
[2010/07/02 20:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\Mozilla\Extensions
[2012/02/25 21:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions
[2012/02/19 14:49:05 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/02/25 21:55:52 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions\chineseperakun@gmail.com
[2010/10/24 00:05:57 | 000,001,632 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\firefox-add-ons.xml
[2010/10/24 00:09:28 | 000,001,330 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\wikipedia-en.xml
[2010/10/24 00:36:42 | 000,001,032 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\wikipedia-eng.xml
[2012/04/27 23:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/27 23:43:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/04/10 00:20:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 18:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/07/08 18:12:54 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/16 18:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: google.com (Default) (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?hl=en&source=hp&biw=1228&bih=610&q={searchTerms}&btnG=Google+Search&aq=1&aqi=g10&aql=&oq=cowboy
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Offline Google Mail = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\
CHR - Extension: Google Calendar = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Zhongwen: A Chinese-English Popup Dictionary = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde\3.2.1_0\
CHR - Extension: Google Play Books = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
O1 HOSTS File: ([2012/04/26 00:22:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Google Pinyin 3 Autoupdater] C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk = C:\Program Files\Sticky Notes\StickyNotes.exe (Author - Igor Vigdorchik)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/04/27 23:52:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe
[2012/04/27 23:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/26 10:16:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Arne\Desktop\aswMBR.exe
[2012/04/26 00:28:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/26 00:27:57 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/04/26 00:21:51 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\temp
[2012/04/26 00:05:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/04/26 00:05:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/04/26 00:05:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/04/26 00:05:10 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/04/26 00:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/25 23:56:45 | 004,475,034 | R--- | C] (Swearware) -- C:\Users\Arne\Desktop\ComboFix.exe
[2012/04/25 22:52:28 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\RK_Quarantine
[2012/04/23 15:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\igowin
[2012/04/18 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/04/18 23:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2012/04/18 19:43:48 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Malwarebytes
[2012/04/18 19:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/18 19:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/18 19:42:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/04/18 19:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/18 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\Arne\Documents\China Reading
[2012/04/18 15:14:04 | 000,000,000 | ---D | C] -- C:\Users\Arne\.FBReader
[2012/04/18 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
[2012/04/18 15:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
[2012/04/18 15:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\FBReader
[2012/04/18 14:52:12 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\calibre
[2012/04/12 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\German
[2012/04/12 21:24:05 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\English
[2012/04/11 19:48:59 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\bigword
[2012/04/05 20:29:36 | 000,000,000 | ---D | C] -- C:\windows\Minidump
========== Files - Modified Within 30 Days ==========
[2012/04/27 23:52:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe
[2012/04/27 23:43:10 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job
[2012/04/27 23:13:03 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 22:43:10 | 000,000,094 | -H-- | M] () -- C:\Users\Arne\Documents\.~lock.Plan.ods#
[2012/04/27 22:43:04 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job
[2012/04/27 20:13:01 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/27 18:28:19 | 000,037,637 | ---- | M] () -- C:\Users\Arne\Documents\Plan.ods
[2012/04/27 16:45:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/26 16:31:18 | 000,649,912 | ---- | M] () -- C:\Users\Arne\Desktop\02.jpg
[2012/04/26 16:29:54 | 000,301,135 | ---- | M] () -- C:\Users\Arne\Desktop\01.jpg
[2012/04/26 10:49:37 | 000,254,651 | ---- | M] () -- C:\Users\Arne\Desktop\malware still there.jpg
[2012/04/26 10:48:40 | 000,000,512 | ---- | M] () -- C:\Users\Arne\Desktop\MBR.dat
[2012/04/26 10:17:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Arne\Desktop\aswMBR.exe
[2012/04/26 00:22:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/04/25 23:57:15 | 004,475,034 | R--- | M] (Swearware) -- C:\Users\Arne\Desktop\ComboFix.exe
[2012/04/25 23:51:07 | 000,194,984 | ---- | M] () -- C:\Users\Arne\Desktop\most recent malware.jpg
[2012/04/25 22:52:35 | 000,013,824 | ---- | M] () -- C:\windows\System32\drivers\TrueSight.sys
[2012/04/25 18:45:36 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 18:45:36 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 18:38:06 | 796,889,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/24 19:42:28 | 000,038,593 | ---- | M] () -- C:\Users\Arne\Desktop\outgoing malware small.jpg
[2012/04/24 19:41:36 | 000,208,399 | ---- | M] () -- C:\Users\Arne\Desktop\outgoing malware.jpg
[2012/04/24 13:02:27 | 154,344,779 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/04/19 00:03:58 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/04/19 00:03:58 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/04/18 19:43:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 15:09:40 | 000,001,835 | ---- | M] () -- C:\Users\Arne\Desktop\FBReader.lnk
[2012/04/18 11:31:05 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/18 11:07:08 | 000,349,848 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/04/14 01:14:56 | 000,002,358 | ---- | M] () -- C:\Users\Arne\Desktop\Google Chrome.lnk
[2012/04/08 23:14:32 | 011,364,790 | ---- | M] () -- C:\Users\Arne\Documents\671790WP0P127500China020300complete.pdf
[2012/04/04 18:44:35 | 000,726,148 | ---- | M] () -- C:\Users\Arne\Documents\chinas_12th_five-year_plan.pdf
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012/04/27 22:43:10 | 000,000,094 | -H-- | C] () -- C:\Users\Arne\Documents\.~lock.Plan.ods#
[2012/04/26 16:24:36 | 000,301,135 | ---- | C] () -- C:\Users\Arne\Desktop\01.jpg
[2012/04/26 16:24:19 | 000,649,912 | ---- | C] () -- C:\Users\Arne\Desktop\02.jpg
[2012/04/26 10:49:36 | 000,254,651 | ---- | C] () -- C:\Users\Arne\Desktop\malware still there.jpg
[2012/04/26 10:48:40 | 000,000,512 | ---- | C] () -- C:\Users\Arne\Desktop\MBR.dat
[2012/04/26 00:05:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/04/26 00:05:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/04/26 00:05:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/04/26 00:05:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/04/26 00:05:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/04/25 23:51:07 | 000,194,984 | ---- | C] () -- C:\Users\Arne\Desktop\most recent malware.jpg
[2012/04/25 22:52:35 | 000,013,824 | ---- | C] () -- C:\windows\System32\drivers\TrueSight.sys
[2012/04/24 19:42:27 | 000,038,593 | ---- | C] () -- C:\Users\Arne\Desktop\outgoing malware small.jpg
[2012/04/24 19:41:35 | 000,208,399 | ---- | C] () -- C:\Users\Arne\Desktop\outgoing malware.jpg
[2012/04/18 19:43:13 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 15:09:40 | 000,001,835 | ---- | C] () -- C:\Users\Arne\Desktop\FBReader.lnk
[2012/04/08 23:19:19 | 011,364,790 | ---- | C] () -- C:\Users\Arne\Documents\671790WP0P127500China020300complete.pdf
[2012/04/05 20:29:31 | 154,344,779 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/04/04 18:44:42 | 000,726,148 | ---- | C] () -- C:\Users\Arne\Documents\chinas_12th_five-year_plan.pdf
[2011/09/29 20:13:23 | 000,305,720 | ---- | C] () -- C:\windows\System32\GooglePinyin3EnRes.dll
[2011/09/25 15:47:48 | 000,018,760 | ---- | C] () -- C:\windows\System32\QQVistaHelper.dll
[2011/09/02 15:11:11 | 000,004,608 | ---- | C] () -- C:\Users\Arne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/17 17:27:18 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2010/12/21 16:11:28 | 000,007,599 | ---- | C] () -- C:\Users\Arne\AppData\Local\Resmon.ResmonCfg
[2010/11/23 14:57:24 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/11/23 14:57:24 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/11/23 14:57:24 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/11/23 14:57:23 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/08/25 21:14:55 | 000,000,000 | ---- | C] () -- C:\Users\Arne\AppData\Roaming\wklnhst.dat
[2010/08/08 22:51:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/29 22:31:44 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
========== LOP Check ==========
[2012/02/11 17:32:06 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\.anki
[2012/02/11 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\.matplotlib
[2012/02/17 11:00:39 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Azureus
[2012/04/18 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\calibre
[2010/10/20 05:25:17 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DataCast
[2010/10/03 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/19 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\mplayer
[2010/08/25 06:36:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\OpenOffice.org
[2010/08/11 20:04:09 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PDF reDirect
[2011/02/09 18:45:53 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PlayFirst
[2010/08/25 21:14:56 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Template
[2011/09/25 16:01:12 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Tencent
[2011/06/22 10:36:37 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Windows Live Writer
[2012/04/24 13:02:44 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2011/11/12 00:53:35 | 000,033,915 | ---- | M] ()(C:\Users\Arne\Documents\??????????????????????.docx) -- C:\Users\Arne\Documents\北京中医药大学国医堂中医门诊部专家出诊时间表.docx
[2011/11/12 00:53:24 | 000,033,915 | ---- | C] ()(C:\Users\Arne\Documents\??????????????????????.docx) -- C:\Users\Arne\Documents\北京中医药大学国医堂中医门诊部专家出诊时间表.docx
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:ABE89FFE
< End of report >
OTL Extras logfile created on: 4/27/2012 11:53:36 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Arne\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
1013.30 Mb Total Physical Memory | 157.65 Mb Available Physical Memory | 15.56% Memory free
2.10 Gb Paging File | 0.61 Gb Available in Paging File | 28.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 150.27 Gb Total Space | 90.28 Gb Free Space | 60.08% Space Free | Partition Type: NTFS
Drive D: | 67.51 Gb Total Space | 65.42 Gb Free Space | 96.90% Space Free | Partition Type: NTFS
Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{172585EC-A1E4-4B74-830F-2D7C4C2C3E2C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E81CDA4-8FC7-4303-B7A7-E0909113DFEA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{668E2972-5AC1-42D4-B84C-5B1E4B780BC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6AD63518-332F-4098-8F62-AE4ED8AD1BDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076C08A2-71AB-45FF-A705-794B0EF82BBA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2595AB1F-AC01-4C45-A751-58A1CA407403}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E5C6471B-A467-490A-B202-30760FFAFA80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0FE0F6EF-5EFF-4946-ABAF-5156CD6BBFC4}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{73D83F21-1D89-4EBE-A2B6-3B61D17820C0}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4725E135-CF7D-4906-B4D0-D9F5FED44254}" = PreSetup HyperSpace
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C455C4E0-6D64-4CA8-9CE7-C50ADCE61674}" = Xtra Controller Pro
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Anki" = Anki
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"FBReader for Windows" = FBReader for Windows
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GooglePinyin3" = 谷歌拼音输入法 3.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.0.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/11/2012 12:56:30 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.
Error - 4/13/2012 12:52:02 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 4/13/2012 12:53:19 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 4/13/2012 12:55:04 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.
Error - 4/13/2012 12:57:35 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 4/13/2012 12:57:41 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 4/13/2012 1:45:50 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 4/13/2012 1:47:21 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 4/16/2012 5:44:01 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 4/16/2012 9:14:17 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ Cisco AnyConnect VPN Client Events ]
Error - 4/26/2012 7:44:21 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 4/26/2012 7:44:21 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
[ System Events ]
Error - 6/27/2011 2:38:53 AM | Computer Name = Arne-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
Error - 6/28/2011 12:28:51 AM | Computer Name = Arne-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.107.463.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 6/28/2011 6:36:30 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
Error - 6/29/2011 7:56:51 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
Error - 6/29/2011 8:00:55 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 7/3/2011 7:24:11 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the PlugPlay service.
Error - 7/3/2011 11:20:11 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.
Error - 7/4/2011 5:10:33 AM | Computer Name = Arne-PC | Source = DCOM | ID = 10010
Description =
Error - 7/4/2011 5:13:03 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 7/4/2011 5:13:20 AM | Computer Name = Arne-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842
< End of report >
-
Updated and scanned, nothing found by Microsoft Security Essentials
-
I have Skype 4.2, but it's been on my PC for a long time. I don't know how to check for the two parameters you mentioned in connection with Skype.
I tried every website and they all came back green. I am located in China, so I don't know if they work over here.
Listparts scan:
ListParts by Farbar Version: 12-03-2012 03
Ran by Arne (administrator) on 27-04-2012 at 00:13:43
Windows 7 (X86)
Running From: C:\Users\Arne\Downloads
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 76%
Total physical RAM: 1013.3 MB
Available physical RAM: 242.37 MB
Total Pagefile: 2037.3 MB
Available Pagefile: 497.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.37 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:150.27 GB) (Free:89.9 GB) NTFS
2 Drive d: () (Fixed) (Total:67.51 GB) (Free:65.42 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 1024 KB
Disk 1 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 150 GB 15 GB
Partition 0 Extended 67 GB 165 GB
Partition 4 Logical 67 GB 165 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 RECOVERY NTFS Partition 15 GB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 150 GB Healthy Boot
======================================================================================================
Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 67 GB Healthy
======================================================================================================
****** End Of Log ******
I will have to get back to you with the results of the Security Essentials scan tomorrow.
Thanks
-
Nothing detected
-
Just as I was running the scan I had another pop up come up, this time not blocked by Malwarebytes (which I have re-enabled)
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 10:22:03
-----------------------------
10:22:03.377 OS Version: Windows 6.1.7601 Service Pack 1
10:22:03.377 Number of processors: 2 586 0x1C0A
10:22:03.439 ComputerName: ARNE-PC UserName: Arne
10:22:15.966 Initialize success
10:26:51.737 AVAST engine defs: 12042501
10:27:19.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:27:19.286 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
10:27:19.349 Disk 0 MBR read successfully
10:27:19.349 Disk 0 MBR scan
10:27:19.442 Disk 0 unknown MBR code
10:27:19.489 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
10:27:19.645 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
10:27:19.832 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 153877 MB offset 31664128
10:27:19.957 Disk 0 Partition - 00 0F Extended LBA 69136 MB offset 346804224
10:27:20.004 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 69135 MB offset 346806272
10:27:20.160 Disk 0 scanning sectors +488395120
10:27:20.394 Disk 0 scanning C:\windows\system32\drivers
10:27:58.988 Service scanning
10:28:30.766 Service MpKslf19de2ff c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA898340-CC50-4996-8ECC-1C3A487DFD79}\MpKslf19de2ff.sys **LOCKED** 32
10:28:31.109 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:29:12.402 Modules scanning
10:29:33.602 Disk 0 trace - called modules:
10:29:33.649 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
10:29:33.665 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e76268]
10:29:33.680 3 CLASSPNP.SYS[86d7759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83753028]
10:29:34.460 AVAST engine scan C:\windows
10:29:45.927 AVAST engine scan C:\windows\system32
10:38:55.462 AVAST engine scan C:\windows\system32\drivers
10:39:42.319 AVAST engine scan C:\Users\Arne
10:48:40.301 Disk 0 MBR has been saved successfully to "C:\Users\Arne\Desktop\MBR.dat"
10:48:40.391 The log file has been saved successfully to "C:\Users\Arne\Desktop\aswMBR.txt"
-
Thanks again for your help, I'm going to bed, will be back tomorrow.
-
ComboFix 12-04-25.01 - Arne 26.04.2012 0:08.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.427 [GMT 8:00]
ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\weave\toFetch
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-25 bis 2012-04-25 ))))))))))))))))))))))))))))))
.
.
2012-04-25 16:21 . 2012-04-25 16:22 -------- d-----w- c:\users\Arne\AppData\Local\temp
2012-04-25 16:21 . 2012-04-25 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 14:53 . 2012-04-25 14:53 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys
2012-04-25 14:52 . 2012-04-25 14:52 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-04-25 10:50 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\mpengine.dll
2012-04-23 07:43 . 2012-04-23 07:43 -------- d-----w- c:\program files\igowin
2012-04-18 15:22 . 2012-04-19 04:21 -------- d-----w- c:\program files\Anvisoft
2012-04-18 11:43 . 2012-04-18 11:43 -------- d-----w- c:\users\Arne\AppData\Roaming\Malwarebytes
2012-04-18 11:42 . 2012-04-18 11:42 -------- d-----w- c:\programdata\Malwarebytes
2012-04-18 11:42 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 11:42 . 2012-04-18 11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-18 07:14 . 2012-04-18 07:28 -------- d-----w- c:\users\Arne\.FBReader
2012-04-18 07:09 . 2012-04-18 07:09 -------- d-----w- c:\program files\FBReader
2012-04-18 06:52 . 2012-04-18 07:12 -------- d-----w- c:\users\Arne\AppData\Roaming\calibre
2012-04-17 16:22 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-17 16:22 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-17 16:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-17 16:22 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-17 16:21 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-17 16:21 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-17 16:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-09 16:20 . 2012-04-09 16:20 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-04-09 16:20 . 2012-04-09 16:20 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 07:36 . 2010-08-27 13:12 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-25 08:00 . 2012-02-25 08:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 09:49 . 2012-02-11 09:50 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69CC0D8-4232-4E28-96E6-3CBF44FDAA19}\gapaengine.dll
2012-01-31 12:44 . 2010-08-25 15:07 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-09 16:20 . 2012-02-19 05:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-18 8092192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Google Pinyin 3 Autoupdater"="c:\program files\Google\Google Pinyin 3\GooglePinyinDaemon.exe" [2011-09-29 1181240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sticky Notes.lnk - c:\program files\Sticky Notes\StickyNotes.exe [2010-5-2 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN3.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 84100573
*NewlyCreated* - MPKSL649AFCB5
*NewlyCreated* - TRUESIGHT
*Deregistered* - 84100573
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job
- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job
- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-MCODS
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-26 00:27:54
ComboFix-quarantined-files.txt 2012-04-25 16:27
.
Vor Suchlauf: 96.187.310.080 bytes free
Nach Suchlauf: 96.988.626.944 bytes free
.
- - End Of File - - 1CAF1DBA8C5172C1532731C2AED11B0F
-
<p> </p>
<div>ComboFix 12-04-25.01 - Arne 26.04.2012 0:08.1.2 - x86</div>
<div>Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.427 [GMT 8:00]</div>
<div>ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe</div>
<div>AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}</div>
<div>SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}</div>
<div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>
<div>.</div>
<div>.</div>
<div>(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>c:\programdata\FullRemove.exe</div>
<div>c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\weave\toFetch</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((( Dateien erstellt von 2012-03-25 bis 2012-04-25 ))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>2012-04-25 16:21 . 2012-04-25 16:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Local\temp</div>
<div>2012-04-25 16:21 . 2012-04-25 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>
<div>2012-04-25 14:53 . 2012-04-25 14:53<span class="Apple-tab-span" style="white-space:pre"> </span>29904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys</div>
<div>2012-04-25 14:52 . 2012-04-25 14:52<span class="Apple-tab-span" style="white-space:pre"> </span>13824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\TrueSight.sys</div>
<div>2012-04-25 10:50 . 2012-04-13 07:36<span class="Apple-tab-span" style="white-space:pre"> </span>6734704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\mpengine.dll</div>
<div>2012-04-23 07:43 . 2012-04-23 07:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\igowin</div>
<div>2012-04-18 15:22 . 2012-04-19 04:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Anvisoft</div>
<div>2012-04-18 11:43 . 2012-04-18 11:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Roaming\Malwarebytes</div>
<div>2012-04-18 11:42 . 2012-04-18 11:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div>
<div>2012-04-18 11:42 . 2012-04-04 07:56<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>
<div>2012-04-18 11:42 . 2012-04-18 11:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div>
<div>2012-04-18 07:14 . 2012-04-18 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\.FBReader</div>
<div>2012-04-18 07:09 . 2012-04-18 07:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\FBReader</div>
<div>2012-04-18 06:52 . 2012-04-18 07:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Roaming\calibre</div>
<div>2012-04-17 16:22 . 2012-03-01 05:46<span class="Apple-tab-span" style="white-space:pre"> </span>19824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fs_rec.sys</div>
<div>2012-04-17 16:22 . 2012-03-01 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>172544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div>
<div>2012-04-17 16:22 . 2012-03-01 05:29<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmi.dll</div>
<div>2012-04-17 16:22 . 2012-03-01 05:33<span class="Apple-tab-span" style="white-space:pre"> </span>159232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div>
<div>2012-04-17 16:21 . 2012-03-06 05:59<span class="Apple-tab-span" style="white-space:pre"> </span>3968368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div>
<div>2012-04-17 16:21 . 2012-03-06 05:59<span class="Apple-tab-span" style="white-space:pre"> </span>3913072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div>
<div>2012-04-17 16:18 . 2012-02-17 05:34<span class="Apple-tab-span" style="white-space:pre"> </span>826880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcore.dll</div>
<div>2012-04-09 16:20 . 2012-04-09 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>592824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\gkmedias.dll</div>
<div>2012-04-09 16:20 . 2012-04-09 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>44472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\mozglue.dll</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>2012-04-13 07:36 . 2010-08-27 13:12<span class="Apple-tab-span" style="white-space:pre"> </span>6734704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll</div>
<div>2012-02-25 08:00 . 2012-02-25 08:00<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>
<div>2012-02-11 09:49 . 2012-02-11 09:50<span class="Apple-tab-span" style="white-space:pre"> </span>713784<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69CC0D8-4232-4E28-96E6-3CBF44FDAA19}\gapaengine.dll</div>
<div>2012-01-31 12:44 . 2010-08-25 15:07<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div>
<div>2012-04-09 16:20 . 2012-02-19 05:20<span class="Apple-tab-span" style="white-space:pre"> </span>97208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\browsercomps.dll</div>
<div>.</div>
<div>.</div>
<div>(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. </div>
<div>REGEDIT4</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-18 8092192]</div>
<div>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]</div>
<div>"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]</div>
<div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]</div>
<div>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]</div>
<div>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]</div>
<div>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]</div>
<div>"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]</div>
<div>"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]</div>
<div>"Google Pinyin 3 Autoupdater"="c:\program files\Google\Google Pinyin 3\GooglePinyinDaemon.exe" [2011-09-29 1181240]</div>
<div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]</div>
<div>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]</div>
<div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]</div>
<div>"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]</div>
<div>.</div>
<div>c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>
<div>Sticky Notes.lnk - c:\program files\Sticky Notes\StickyNotes.exe [2010-5-2 503808]</div>
<div>.</div>
<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div>
<div>Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>
<div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div>
<div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>
<div>"EnableUIADesktopToggle"= 0 (0x0)</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]</div>
<div> Ime File<span class="Apple-tab-span" style="white-space:pre"> </span>REG_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>GOOGLEPINYIN3.IME</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]</div>
<div>@="Service"</div>
<div>.</div>
<div>R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]</div>
<div>R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]</div>
<div>R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]</div>
<div>R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]</div>
<div>R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]</div>
<div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]</div>
<div>S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]</div>
<div>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]</div>
<div>.</div>
<div>.</div>
<div>--- Andere Dienste/Treiber im Speicher ---</div>
<div>.</div>
<div>*NewlyCreated* - 84100573</div>
<div>*NewlyCreated* - MPKSL649AFCB5</div>
<div>*NewlyCreated* - TRUESIGHT</div>
<div>*Deregistered* - 84100573</div>
<div>*Deregistered* - TrueSight</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div>
<div>LocalServiceAndNoImpersonation<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc</div>
<div>.</div>
<div>Inhalt des "geplante Tasks" Ordners</div>
<div>.</div>
<div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>
<div>- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]</div>
<div>.</div>
<div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>
<div>- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]</div>
<div>.</div>
<div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job</div>
<div>- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]</div>
<div>.</div>
<div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job</div>
<div>- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]</div>
<div>.</div>
<div>.</div>
<div>------- Zusätzlicher Suchlauf -------</div>
<div>.</div>
<div>uStart Page = hxxp://www.google.com/</div>
<div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000</div>
<div>IE: Free YouTube to Mp3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm</div>
<div>IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html</div>
<div>IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm</div>
<div>IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm</div>
<div>TCP: DhcpNameServer = 10.0.0.1</div>
<div>FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\</div>
<div>FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)</div>
<div>FF - prefs.js: browser.startup.homepage - www.google.com</div>
<div>FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=</div>
<div>FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac</div>
<div>FF - prefs.js: network.proxy.type - 0</div>
<div>.</div>
<div>- - - - Entfernte verwaiste Registrierungseinträge - - - -</div>
<div>.</div>
<div>Toolbar-Locked - (no file)</div>
<div>SafeBoot-MCODS</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>--------------------- Gesperrte Registrierungsschluessel ---------------------</div>
<div>.</div>
<div>[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]</div>
<div>@Denied: (2) (LocalSystem)</div>
<div>"Progid"="WindowsLiveMail.Email.1"</div>
<div>.</div>
<div>[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]</div>
<div>@Denied: (2) (LocalSystem)</div>
<div>"Progid"="WindowsLiveMail.VCard.1"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div>
<div>@Denied: (Full) (Everyone)</div>
<div>.</div>
<div>Zeit der Fertigstellung: 2012-04-26 00:27:54</div>
<div>ComboFix-quarantined-files.txt 2012-04-25 16:27</div>
<div>.</div>
<div>Vor Suchlauf: 96.187.310.080 bytes free</div>
<div>Nach Suchlauf: 96.988.626.944 bytes free</div>
<div>.</div>
<div>- - End Of File - - 1CAF1DBA8C5172C1532731C2AED11B0F</div>
<div> </div>
-
23:44:57.0990 5348 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
23:44:59.0279 5348 ============================================================
23:44:59.0279 5348 Current date / time: 2012/04/25 23:44:59.0279
23:44:59.0279 5348 SystemInfo:
23:44:59.0280 5348
23:44:59.0280 5348 OS Version: 6.1.7601 ServicePack: 1.0
23:44:59.0280 5348 Product type: Workstation
23:44:59.0280 5348 ComputerName:
23:44:59.0281 5348 UserName:
23:44:59.0281 5348 Windows directory: C:\windows
23:44:59.0281 5348 System windows directory: C:\windows
23:44:59.0281 5348 Processor architecture: Intel x86
23:44:59.0281 5348 Number of processors: 2
23:44:59.0281 5348 Page size: 0x1000
23:44:59.0281 5348 Boot type: Normal boot
23:44:59.0281 5348 ============================================================
23:45:01.0930 5348 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:45:01.0936 5348 ============================================================
23:45:01.0936 5348 \Device\Harddisk0\DR0:
23:45:01.0936 5348 MBR partitions:
23:45:01.0937 5348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
23:45:01.0937 5348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x12C8A800
23:45:01.0962 5348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14ABD800, BlocksNum 0x8707970
23:45:01.0962 5348 ============================================================
23:45:02.0055 5348 C: <-> \Device\Harddisk0\DR0\Partition1
23:45:02.0138 5348 D: <-> \Device\Harddisk0\DR0\Partition2
23:45:02.0138 5348 ============================================================
23:45:02.0139 5348 Initialize success
23:45:02.0139 5348 ============================================================
23:45:10.0653 4296 ============================================================
23:45:10.0653 4296 Scan started
23:45:10.0653 4296 Mode: Manual; SigCheck; TDLFS;
23:45:10.0653 4296 ============================================================
23:45:11.0082 4296 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
23:45:11.0500 4296 1394ohci - ok
23:45:11.0578 4296 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
23:45:11.0690 4296 ACPI - ok
23:45:11.0755 4296 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
23:45:11.0891 4296 AcpiPmi - ok
23:45:11.0980 4296 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
23:45:12.0067 4296 adp94xx - ok
23:45:12.0114 4296 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
23:45:12.0250 4296 adpahci - ok
23:45:12.0297 4296 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
23:45:12.0474 4296 adpu320 - ok
23:45:12.0524 4296 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
23:45:12.0705 4296 AeLookupSvc - ok
23:45:12.0794 4296 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
23:45:12.0992 4296 AFD - ok
23:45:13.0043 4296 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
23:45:13.0137 4296 agp440 - ok
23:45:13.0200 4296 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
23:45:13.0278 4296 aic78xx - ok
23:45:13.0324 4296 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
23:45:13.0922 4296 ALG - ok
23:45:13.0993 4296 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
23:45:14.0049 4296 aliide - ok
23:45:14.0072 4296 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
23:45:14.0170 4296 amdagp - ok
23:45:14.0209 4296 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
23:45:14.0288 4296 amdide - ok
23:45:14.0321 4296 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
23:45:14.0479 4296 AmdK8 - ok
23:45:14.0510 4296 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
23:45:14.0641 4296 AmdPPM - ok
23:45:14.0706 4296 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
23:45:14.0820 4296 amdsata - ok
23:45:14.0877 4296 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
23:45:15.0037 4296 amdsbs - ok
23:45:15.0129 4296 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
23:45:15.0214 4296 amdxata - ok
23:45:15.0293 4296 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
23:45:15.0517 4296 AppID - ok
23:45:15.0567 4296 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
23:45:15.0758 4296 AppIDSvc - ok
23:45:15.0841 4296 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
23:45:16.0013 4296 Appinfo - ok
23:45:16.0055 4296 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
23:45:16.0157 4296 arc - ok
23:45:16.0176 4296 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
23:45:16.0288 4296 arcsas - ok
23:45:16.0332 4296 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
23:45:16.0547 4296 AsyncMac - ok
23:45:16.0616 4296 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
23:45:16.0693 4296 atapi - ok
23:45:16.0931 4296 athr (49f17a2e79469be6581d491706720671) C:\windows\system32\DRIVERS\athr.sys
23:45:17.0181 4296 athr - ok
23:45:17.0368 4296 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
23:45:17.0559 4296 AudioEndpointBuilder - ok
23:45:17.0577 4296 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
23:45:17.0705 4296 Audiosrv - ok
23:45:17.0787 4296 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
23:45:18.0005 4296 AxInstSV - ok
23:45:18.0102 4296 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
23:45:18.0301 4296 b06bdrv - ok
23:45:18.0367 4296 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
23:45:18.0554 4296 b57nd60x - ok
23:45:18.0616 4296 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
23:45:18.0773 4296 BDESVC - ok
23:45:18.0820 4296 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
23:45:18.0906 4296 Beep - ok
23:45:18.0988 4296 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
23:45:19.0162 4296 BFE - ok
23:45:19.0243 4296 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
23:45:19.0420 4296 BITS - ok
23:45:19.0462 4296 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
23:45:19.0576 4296 blbdrive - ok
23:45:19.0630 4296 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
23:45:19.0787 4296 bowser - ok
23:45:19.0806 4296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
23:45:19.0952 4296 BrFiltLo - ok
23:45:19.0978 4296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
23:45:20.0045 4296 BrFiltUp - ok
23:45:20.0122 4296 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
23:45:20.0272 4296 Browser - ok
23:45:20.0302 4296 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
23:45:20.0443 4296 Brserid - ok
23:45:20.0458 4296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
23:45:20.0599 4296 BrSerWdm - ok
23:45:20.0635 4296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
23:45:20.0731 4296 BrUsbMdm - ok
23:45:20.0762 4296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
23:45:20.0848 4296 BrUsbSer - ok
23:45:20.0903 4296 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
23:45:21.0052 4296 BthEnum - ok
23:45:21.0087 4296 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
23:45:21.0215 4296 BTHMODEM - ok
23:45:21.0267 4296 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
23:45:21.0354 4296 BthPan - ok
23:45:21.0417 4296 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
23:45:21.0522 4296 BTHPORT - ok
23:45:21.0567 4296 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
23:45:21.0736 4296 bthserv - ok
23:45:21.0766 4296 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
23:45:21.0908 4296 BTHUSB - ok
23:45:21.0954 4296 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
23:45:22.0128 4296 btusbflt - ok
23:45:22.0155 4296 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\windows\system32\drivers\btwaudio.sys
23:45:22.0277 4296 btwaudio - ok
23:45:22.0311 4296 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\DRIVERS\btwavdt.sys
23:45:22.0446 4296 btwavdt - ok
23:45:22.0601 4296 btwdins (0e3ee2bc0ec56bfe869fcde3e5806684) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:45:23.0340 4296 btwdins - ok
23:45:23.0399 4296 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
23:45:23.0494 4296 btwl2cap - ok
23:45:23.0532 4296 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys
23:45:23.0583 4296 btwrchid - ok
23:45:23.0634 4296 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
23:45:23.0802 4296 cdfs - ok
23:45:23.0874 4296 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
23:45:23.0936 4296 cdrom - ok
23:45:24.0014 4296 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
23:45:24.0201 4296 CertPropSvc - ok
23:45:24.0232 4296 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
23:45:24.0348 4296 circlass - ok
23:45:24.0398 4296 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
23:45:24.0518 4296 CLFS - ok
23:45:24.0612 4296 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:45:24.0844 4296 clr_optimization_v2.0.50727_32 - ok
23:45:24.0931 4296 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:45:25.0003 4296 clr_optimization_v4.0.30319_32 - ok
23:45:25.0031 4296 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
23:45:25.0124 4296 CmBatt - ok
23:45:25.0180 4296 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
23:45:25.0235 4296 cmdide - ok
23:45:25.0288 4296 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
23:45:25.0418 4296 CNG - ok
23:45:25.0473 4296 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
23:45:25.0534 4296 Compbatt - ok
23:45:25.0602 4296 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
23:45:25.0712 4296 CompositeBus - ok
23:45:25.0736 4296 COMSysApp - ok
23:45:25.0759 4296 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
23:45:25.0820 4296 crcdisk - ok
23:45:25.0900 4296 CryptOSD (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys
23:45:26.0023 4296 CryptOSD - ok
23:45:26.0087 4296 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
23:45:26.0212 4296 CryptSvc - ok
23:45:26.0302 4296 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
23:45:26.0469 4296 DcomLaunch - ok
23:45:26.0521 4296 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
23:45:26.0673 4296 defragsvc - ok
23:45:26.0740 4296 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
23:45:26.0920 4296 DfsC - ok
23:45:27.0013 4296 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
23:45:27.0169 4296 Dhcp - ok
23:45:27.0211 4296 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
23:45:27.0431 4296 discache - ok
23:45:27.0501 4296 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
23:45:27.0607 4296 Disk - ok
23:45:27.0659 4296 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
23:45:27.0820 4296 Dnscache - ok
23:45:27.0899 4296 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
23:45:28.0060 4296 dot3svc - ok
23:45:28.0194 4296 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
23:45:28.0354 4296 DPS - ok
23:45:28.0412 4296 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
23:45:28.0464 4296 drmkaud - ok
23:45:28.0546 4296 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
23:45:28.0651 4296 DXGKrnl - ok
23:45:28.0699 4296 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
23:45:28.0835 4296 EapHost - ok
23:45:29.0064 4296 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
23:45:29.0258 4296 ebdrv - ok
23:45:29.0391 4296 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
23:45:29.0489 4296 EFS - ok
23:45:29.0616 4296 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\windows\system32\Drivers\ElbyCDIO.sys
23:45:29.0691 4296 ElbyCDIO - ok
23:45:29.0797 4296 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
23:45:29.0890 4296 elxstor - ok
23:45:29.0950 4296 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
23:45:29.0998 4296 ErrDev - ok
23:45:30.0070 4296 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
23:45:30.0237 4296 EventSystem - ok
23:45:30.0291 4296 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
23:45:30.0444 4296 exfat - ok
23:45:30.0472 4296 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
23:45:30.0576 4296 fastfat - ok
23:45:30.0670 4296 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
23:45:30.0980 4296 Fax - ok
23:45:31.0014 4296 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
23:45:31.0122 4296 fdc - ok
23:45:31.0160 4296 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
23:45:31.0283 4296 fdPHost - ok
23:45:31.0308 4296 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
23:45:31.0443 4296 FDResPub - ok
23:45:31.0475 4296 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
23:45:31.0574 4296 FileInfo - ok
23:45:31.0602 4296 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
23:45:31.0733 4296 Filetrace - ok
23:45:31.0844 4296 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
23:45:31.0935 4296 flpydisk - ok
23:45:31.0976 4296 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
23:45:32.0061 4296 FltMgr - ok
23:45:32.0152 4296 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
23:45:32.0305 4296 FontCache - ok
23:45:32.0365 4296 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:45:32.0479 4296 FontCache3.0.0.0 - ok
23:45:32.0515 4296 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
23:45:32.0601 4296 FsDepends - ok
23:45:32.0699 4296 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
23:45:32.0759 4296 Fs_Rec - ok
23:45:32.0841 4296 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
23:45:32.0955 4296 fvevol - ok
23:45:32.0989 4296 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
23:45:33.0088 4296 gagp30kx - ok
23:45:33.0168 4296 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
23:45:33.0399 4296 gpsvc - ok
23:45:33.0495 4296 gupdate - ok
23:45:33.0509 4296 gupdatem - ok
23:45:33.0564 4296 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
23:45:33.0678 4296 hcw85cir - ok
23:45:33.0755 4296 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
23:45:33.0848 4296 HdAudAddService - ok
23:45:33.0903 4296 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
23:45:33.0976 4296 HDAudBus - ok
23:45:34.0014 4296 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
23:45:34.0081 4296 HidBatt - ok
23:45:34.0112 4296 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
23:45:34.0206 4296 HidBth - ok
23:45:34.0206 4296 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
23:45:34.0315 4296 HidIr - ok
23:45:34.0362 4296 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
23:45:34.0548 4296 hidserv - ok
23:45:34.0609 4296 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
23:45:34.0721 4296 HidUsb - ok
23:45:34.0773 4296 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
23:45:34.0895 4296 hkmsvc - ok
23:45:34.0963 4296 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
23:45:35.0105 4296 HomeGroupListener - ok
23:45:35.0171 4296 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
23:45:35.0282 4296 HomeGroupProvider - ok
23:45:35.0345 4296 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
23:45:35.0438 4296 HpSAMD - ok
23:45:35.0528 4296 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
23:45:35.0671 4296 HTTP - ok
23:45:35.0754 4296 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
23:45:35.0808 4296 hwpolicy - ok
23:45:35.0884 4296 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
23:45:36.0030 4296 i8042prt - ok
23:45:36.0096 4296 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
23:45:36.0203 4296 iaStor - ok
23:45:36.0290 4296 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
23:45:36.0430 4296 iaStorV - ok
23:45:36.0581 4296 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:45:37.0014 4296 idsvc - ok
23:45:37.0349 4296 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys
23:45:37.0747 4296 igfx - ok
23:45:37.0919 4296 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
23:45:37.0997 4296 iirsp - ok
23:45:38.0138 4296 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
23:45:38.0328 4296 IKEEXT - ok
23:45:38.0547 4296 IntcAzAudAddService (7cb41a5e5c24f9f50e6533693e2bb74d) C:\windows\system32\drivers\RTKVHDA.sys
23:45:38.0732 4296 IntcAzAudAddService - ok
23:45:38.0962 4296 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
23:45:39.0018 4296 intelide - ok
23:45:39.0067 4296 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
23:45:39.0175 4296 intelppm - ok
23:45:39.0222 4296 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
23:45:39.0374 4296 IPBusEnum - ok
23:45:39.0418 4296 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:45:39.0578 4296 IpFilterDriver - ok
23:45:39.0675 4296 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
23:45:39.0872 4296 iphlpsvc - ok
23:45:39.0919 4296 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
23:45:40.0062 4296 IPMIDRV - ok
23:45:40.0093 4296 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
23:45:40.0199 4296 IPNAT - ok
23:45:40.0233 4296 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
23:45:40.0341 4296 IRENUM - ok
23:45:40.0399 4296 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
23:45:40.0521 4296 isapnp - ok
23:45:40.0607 4296 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
23:45:40.0712 4296 iScsiPrt - ok
23:45:40.0761 4296 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
23:45:40.0852 4296 kbdclass - ok
23:45:40.0885 4296 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
23:45:41.0001 4296 kbdhid - ok
23:45:41.0046 4296 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
23:45:41.0124 4296 KeyIso - ok
23:45:41.0151 4296 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
23:45:41.0264 4296 KSecDD - ok
23:45:41.0295 4296 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
23:45:41.0435 4296 KSecPkg - ok
23:45:41.0560 4296 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
23:45:41.0725 4296 KtmRm - ok
23:45:41.0799 4296 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
23:45:41.0960 4296 LanmanServer - ok
23:45:42.0013 4296 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
23:45:42.0146 4296 LanmanWorkstation - ok
23:45:42.0211 4296 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
23:45:42.0359 4296 lltdio - ok
23:45:42.0408 4296 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
23:45:42.0550 4296 lltdsvc - ok
23:45:42.0573 4296 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
23:45:42.0693 4296 lmhosts - ok
23:45:42.0741 4296 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
23:45:42.0855 4296 LSI_FC - ok
23:45:42.0875 4296 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
23:45:42.0980 4296 LSI_SAS - ok
23:45:43.0008 4296 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
23:45:43.0090 4296 LSI_SAS2 - ok
23:45:43.0113 4296 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
23:45:43.0229 4296 LSI_SCSI - ok
23:45:43.0263 4296 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
23:45:43.0433 4296 luafv - ok
23:45:43.0510 4296 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
23:45:43.0577 4296 MBAMProtector - ok
23:45:43.0660 4296 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:45:44.0021 4296 MBAMService - ok
23:45:44.0059 4296 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
23:45:44.0125 4296 megasas - ok
23:45:44.0157 4296 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
23:45:44.0230 4296 MegaSR - ok
23:45:44.0269 4296 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
23:45:44.0400 4296 MMCSS - ok
23:45:44.0430 4296 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
23:45:44.0614 4296 Modem - ok
23:45:44.0711 4296 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
23:45:44.0882 4296 monitor - ok
23:45:44.0958 4296 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
23:45:45.0070 4296 mouclass - ok
23:45:45.0193 4296 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
23:45:45.0315 4296 mouhid - ok
23:45:45.0392 4296 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
23:45:45.0559 4296 mountmgr - ok
23:45:45.0915 4296 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
23:45:46.0047 4296 MpFilter - ok
23:45:46.0225 4296 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
23:45:46.0418 4296 mpio - ok
23:45:46.0718 4296 MpKsl649afcb5 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys
23:45:46.0817 4296 MpKsl649afcb5 - ok
23:45:46.0928 4296 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys
23:45:47.0014 4296 MpNWMon - ok
23:45:47.0208 4296 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
23:45:47.0426 4296 mpsdrv - ok
23:45:47.0582 4296 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
23:45:47.0813 4296 MpsSvc - ok
23:45:47.0890 4296 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
23:45:47.0994 4296 MRxDAV - ok
23:45:48.0063 4296 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
23:45:48.0189 4296 mrxsmb - ok
23:45:48.0249 4296 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:45:48.0380 4296 mrxsmb10 - ok
23:45:48.0411 4296 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:45:48.0587 4296 mrxsmb20 - ok
23:45:48.0655 4296 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
23:45:48.0744 4296 msahci - ok
23:45:48.0809 4296 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
23:45:48.0902 4296 msdsm - ok
23:45:48.0971 4296 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
23:45:49.0134 4296 MSDTC - ok
23:45:49.0219 4296 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
23:45:49.0509 4296 Msfs - ok
23:45:49.0543 4296 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
23:45:49.0651 4296 mshidkmdf - ok
23:45:49.0717 4296 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
23:45:49.0793 4296 msisadrv - ok
23:45:49.0872 4296 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
23:45:50.0104 4296 MSiSCSI - ok
23:45:50.0120 4296 msiserver - ok
23:45:50.0276 4296 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
23:45:50.0447 4296 MSKSSRV - ok
23:45:50.0964 4296 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
23:45:51.0091 4296 MsMpSvc - ok
23:45:51.0169 4296 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
23:45:51.0316 4296 MSPCLOCK - ok
23:45:51.0435 4296 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
23:45:51.0567 4296 MSPQM - ok
23:45:51.0609 4296 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
23:45:51.0823 4296 MsRPC - ok
23:45:51.0929 4296 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
23:45:52.0042 4296 mssmbios - ok
23:45:52.0098 4296 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
23:45:52.0206 4296 MSTEE - ok
23:45:52.0223 4296 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
23:45:52.0331 4296 MTConfig - ok
23:45:52.0361 4296 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
23:45:52.0475 4296 Mup - ok
23:45:52.0555 4296 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
23:45:52.0749 4296 napagent - ok
23:45:52.0866 4296 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
23:45:53.0030 4296 NativeWifiP - ok
23:45:53.0102 4296 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
23:45:53.0288 4296 NDIS - ok
23:45:53.0372 4296 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
23:45:53.0523 4296 NdisCap - ok
23:45:53.0558 4296 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
23:45:53.0717 4296 NdisTapi - ok
23:45:53.0800 4296 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
23:45:53.0984 4296 Ndisuio - ok
23:45:54.0061 4296 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
23:45:54.0201 4296 NdisWan - ok
23:45:54.0226 4296 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
23:45:54.0417 4296 NDProxy - ok
23:45:54.0458 4296 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
23:45:54.0650 4296 NetBIOS - ok
23:45:54.0771 4296 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
23:45:55.0018 4296 NetBT - ok
23:45:55.0082 4296 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
23:45:55.0194 4296 Netlogon - ok
23:45:55.0255 4296 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
23:45:55.0449 4296 Netman - ok
23:45:55.0487 4296 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
23:45:55.0742 4296 netprofm - ok
23:45:55.0851 4296 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:45:55.0976 4296 NetTcpPortSharing - ok
23:45:56.0023 4296 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
23:45:56.0140 4296 nfrd960 - ok
23:45:56.0259 4296 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys
23:45:56.0381 4296 NisDrv - ok
23:45:56.0516 4296 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
23:45:56.0742 4296 NisSrv - ok
23:45:56.0819 4296 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
23:45:57.0051 4296 NlaSvc - ok
23:45:57.0068 4296 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
23:45:57.0270 4296 Npfs - ok
23:45:57.0355 4296 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
23:45:57.0511 4296 nsi - ok
23:45:57.0562 4296 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
23:45:57.0712 4296 nsiproxy - ok
23:45:57.0894 4296 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
23:45:58.0510 4296 Ntfs - ok
23:45:58.0571 4296 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
23:45:58.0686 4296 Null - ok
23:45:58.0772 4296 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
23:45:58.0938 4296 nvraid - ok
23:45:58.0977 4296 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
23:45:59.0156 4296 nvstor - ok
23:45:59.0286 4296 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
23:45:59.0376 4296 nv_agp - ok
23:45:59.0428 4296 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
23:45:59.0554 4296 ohci1394 - ok
23:45:59.0637 4296 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:45:59.0754 4296 ose - ok
23:45:59.0807 4296 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
23:45:59.0948 4296 p2pimsvc - ok
23:46:00.0005 4296 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
23:46:00.0116 4296 p2psvc - ok
23:46:00.0161 4296 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
23:46:00.0290 4296 Parport - ok
23:46:00.0602 4296 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
23:46:00.0710 4296 partmgr - ok
23:46:00.0739 4296 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
23:46:00.0826 4296 Parvdm - ok
23:46:00.0874 4296 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
23:46:01.0025 4296 PcaSvc - ok
23:46:01.0088 4296 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
23:46:01.0165 4296 pci - ok
23:46:01.0190 4296 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
23:46:01.0244 4296 pciide - ok
23:46:01.0288 4296 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
23:46:01.0365 4296 pcmcia - ok
23:46:01.0394 4296 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
23:46:01.0476 4296 pcw - ok
23:46:01.0539 4296 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
23:46:01.0687 4296 PEAUTH - ok
23:46:01.0781 4296 PhnxBldr - ok
23:46:01.0859 4296 PhnxBuilder - ok
23:46:02.0065 4296 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
23:46:02.0409 4296 pla - ok
23:46:02.0670 4296 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
23:46:02.0827 4296 PlugPlay - ok
23:46:02.0860 4296 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
23:46:02.0993 4296 PNRPAutoReg - ok
23:46:03.0041 4296 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
23:46:03.0137 4296 PNRPsvc - ok
23:46:03.0218 4296 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
23:46:03.0351 4296 PolicyAgent - ok
23:46:03.0470 4296 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
23:46:03.0607 4296 Power - ok
23:46:03.0678 4296 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
23:46:03.0833 4296 PptpMiniport - ok
23:46:03.0940 4296 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
23:46:04.0033 4296 Processor - ok
23:46:04.0111 4296 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
23:46:04.0276 4296 ProfSvc - ok
23:46:04.0349 4296 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
23:46:04.0422 4296 ProtectedStorage - ok
23:46:04.0514 4296 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
23:46:04.0678 4296 Psched - ok
23:46:04.0802 4296 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
23:46:04.0928 4296 ql2300 - ok
23:46:05.0073 4296 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
23:46:05.0193 4296 ql40xx - ok
23:46:05.0244 4296 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
23:46:05.0384 4296 QWAVE - ok
23:46:05.0415 4296 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
23:46:05.0523 4296 QWAVEdrv - ok
23:46:05.0553 4296 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
23:46:05.0755 4296 RasAcd - ok
23:46:05.0865 4296 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
23:46:06.0010 4296 RasAgileVpn - ok
23:46:06.0048 4296 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
23:46:06.0198 4296 RasAuto - ok
23:46:06.0697 4296 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
23:46:06.0876 4296 Rasl2tp - ok
23:46:06.0994 4296 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
23:46:07.0136 4296 RasMan - ok
23:46:07.0175 4296 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
23:46:07.0303 4296 RasPppoe - ok
23:46:07.0341 4296 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
23:46:07.0487 4296 RasSstp - ok
23:46:07.0556 4296 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
23:46:07.0680 4296 rdbss - ok
23:46:07.0696 4296 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
23:46:07.0790 4296 rdpbus - ok
23:46:07.0841 4296 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
23:46:07.0919 4296 RDPCDD - ok
23:46:07.0965 4296 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
23:46:08.0046 4296 RDPENCDD - ok
23:46:08.0091 4296 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
23:46:08.0177 4296 RDPREFMP - ok
23:46:08.0263 4296 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
23:46:08.0462 4296 RDPWD - ok
23:46:08.0558 4296 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
23:46:08.0724 4296 rdyboost - ok
23:46:08.0783 4296 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
23:46:08.0939 4296 RemoteAccess - ok
23:46:08.0985 4296 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
23:46:09.0140 4296 RemoteRegistry - ok
23:46:09.0199 4296 Rezip (f85ae59a52885f4b09aadafb23001a3b) C:\windows\SYSTEM32\Rezip.exe
23:46:09.0608 4296 Rezip ( UnsignedFile.Multi.Generic ) - warning
23:46:09.0608 4296 Rezip - detected UnsignedFile.Multi.Generic (1)
23:46:09.0666 4296 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
23:46:09.0745 4296 RFCOMM - ok
23:46:09.0798 4296 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
23:46:09.0919 4296 RpcEptMapper - ok
23:46:09.0960 4296 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
23:46:10.0040 4296 RpcLocator - ok
23:46:10.0200 4296 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
23:46:10.0356 4296 RpcSs - ok
23:46:10.0406 4296 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
23:46:10.0549 4296 rspndr - ok
23:46:10.0583 4296 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
23:46:10.0720 4296 RTL8167 - ok
23:46:10.0767 4296 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
23:46:10.0850 4296 SABI - ok
23:46:10.0883 4296 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
23:46:10.0956 4296 SamSs - ok
23:46:11.0022 4296 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
23:46:11.0141 4296 sbp2port - ok
23:46:11.0172 4296 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
23:46:11.0313 4296 SCardSvr - ok
23:46:11.0375 4296 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
23:46:11.0484 4296 scfilter - ok
23:46:11.0588 4296 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
23:46:11.0799 4296 Schedule - ok
23:46:11.0860 4296 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
23:46:11.0983 4296 SCPolicySvc - ok
23:46:12.0037 4296 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
23:46:12.0166 4296 SDRSVC - ok
23:46:12.0269 4296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
23:46:12.0395 4296 secdrv - ok
23:46:12.0430 4296 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
23:46:12.0554 4296 seclogon - ok
23:46:12.0601 4296 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
23:46:12.0739 4296 SENS - ok
23:46:12.0786 4296 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
23:46:12.0867 4296 Serenum - ok
23:46:12.0903 4296 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
23:46:13.0146 4296 Serial - ok
23:46:13.0286 4296 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
23:46:13.0357 4296 sermouse - ok
23:46:13.0454 4296 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
23:46:13.0602 4296 SessionEnv - ok
23:46:13.0647 4296 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
23:46:13.0748 4296 sffdisk - ok
23:46:13.0775 4296 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
23:46:13.0855 4296 sffp_mmc - ok
23:46:13.0885 4296 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
23:46:13.0967 4296 sffp_sd - ok
23:46:14.0000 4296 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
23:46:14.0078 4296 sfloppy - ok
23:46:14.0130 4296 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
23:46:14.0407 4296 SharedAccess - ok
23:46:14.0488 4296 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
23:46:14.0647 4296 ShellHWDetection - ok
23:46:14.0741 4296 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
23:46:14.0850 4296 sisagp - ok
23:46:14.0897 4296 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
23:46:14.0975 4296 SiSRaid2 - ok
23:46:14.0996 4296 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
23:46:15.0090 4296 SiSRaid4 - ok
23:46:15.0119 4296 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
23:46:15.0286 4296 Smb - ok
23:46:15.0351 4296 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
23:46:15.0447 4296 SNMPTRAP - ok
23:46:15.0476 4296 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
23:46:15.0536 4296 spldr - ok
23:46:15.0623 4296 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
23:46:15.0776 4296 Spooler - ok
23:46:16.0000 4296 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
23:46:16.0543 4296 sppsvc - ok
23:46:16.0696 4296 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
23:46:16.0839 4296 sppuinotify - ok
23:46:16.0927 4296 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
23:46:17.0035 4296 srv - ok
23:46:17.0074 4296 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
23:46:17.0170 4296 srv2 - ok
23:46:17.0200 4296 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
23:46:17.0278 4296 srvnet - ok
23:46:17.0336 4296 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
23:46:17.0472 4296 SSDPSRV - ok
23:46:17.0503 4296 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
23:46:17.0624 4296 SstpSvc - ok
23:46:17.0661 4296 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
23:46:17.0724 4296 stexstor - ok
23:46:17.0808 4296 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
23:46:17.0922 4296 StiSvc - ok
23:46:17.0989 4296 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
23:46:18.0048 4296 swenum - ok
23:46:18.0109 4296 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
23:46:18.0287 4296 swprv - ok
23:46:18.0358 4296 SynTP (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys
23:46:18.0431 4296 SynTP - ok
23:46:18.0554 4296 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
23:46:18.0741 4296 SysMain - ok
23:46:18.0802 4296 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
23:46:18.0949 4296 TabletInputService - ok
23:46:19.0022 4296 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\windows\system32\DRIVERS\taphss.sys
23:46:19.0099 4296 taphss - ok
23:46:19.0178 4296 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
23:46:19.0332 4296 TapiSrv - ok
23:46:19.0366 4296 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
23:46:19.0522 4296 TBS - ok
23:46:19.0690 4296 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
23:46:19.0828 4296 Tcpip - ok
23:46:19.0871 4296 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
23:46:20.0004 4296 TCPIP6 - ok
23:46:20.0069 4296 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
23:46:20.0199 4296 tcpipreg - ok
23:46:20.0265 4296 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
23:46:20.0345 4296 TDPIPE - ok
23:46:20.0415 4296 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
23:46:20.0492 4296 TDTCP - ok
23:46:20.0547 4296 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
23:46:20.0702 4296 tdx - ok
23:46:20.0771 4296 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
23:46:20.0902 4296 TermDD - ok
23:46:20.0979 4296 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
23:46:21.0172 4296 TermService - ok
23:46:21.0243 4296 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
23:46:21.0372 4296 Themes - ok
23:46:21.0418 4296 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
23:46:21.0531 4296 THREADORDER - ok
23:46:21.0585 4296 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
23:46:21.0739 4296 TrkWks - ok
23:46:21.0818 4296 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys
23:46:21.0865 4296 TrueSight ( UnsignedFile.Multi.Generic ) - warning
23:46:21.0865 4296 TrueSight - detected UnsignedFile.Multi.Generic (1)
23:46:21.0969 4296 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
23:46:22.0213 4296 TrustedInstaller - ok
23:46:22.0259 4296 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
23:46:22.0389 4296 tssecsrv - ok
23:46:22.0474 4296 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
23:46:22.0586 4296 TsUsbFlt - ok
23:46:22.0672 4296 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
23:46:22.0774 4296 tunnel - ok
23:46:22.0815 4296 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
23:46:22.0904 4296 uagp35 - ok
23:46:22.0981 4296 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
23:46:23.0098 4296 udfs - ok
23:46:23.0148 4296 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
23:46:23.0280 4296 UI0Detect - ok
23:46:23.0343 4296 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
23:46:23.0443 4296 uliagpkx - ok
23:46:23.0514 4296 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
23:46:23.0614 4296 umbus - ok
23:46:23.0644 4296 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
23:46:23.0696 4296 UmPass - ok
23:46:23.0739 4296 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
23:46:23.0896 4296 upnphost - ok
23:46:23.0974 4296 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
23:46:24.0115 4296 usbaudio - ok
23:46:24.0175 4296 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
23:46:24.0319 4296 usbccgp - ok
23:46:24.0391 4296 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
23:46:24.0477 4296 usbcir - ok
23:46:24.0535 4296 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
23:46:24.0618 4296 usbehci - ok
23:46:24.0673 4296 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
23:46:24.0766 4296 usbhub - ok
23:46:24.0805 4296 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
23:46:24.0888 4296 usbohci - ok
23:46:24.0941 4296 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
23:46:25.0019 4296 usbprint - ok
23:46:25.0065 4296 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
23:46:25.0169 4296 usbscan - ok
23:46:25.0231 4296 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:46:25.0390 4296 USBSTOR - ok
23:46:25.0430 4296 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
23:46:25.0500 4296 usbuhci - ok
23:46:25.0583 4296 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
23:46:25.0664 4296 usbvideo - ok
23:46:25.0703 4296 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
23:46:25.0830 4296 UxSms - ok
23:46:25.0874 4296 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
23:46:25.0969 4296 VaultSvc - ok
23:46:26.0009 4296 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys
23:46:26.0108 4296 VClone - ok
23:46:26.0170 4296 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
23:46:26.0246 4296 vdrvroot - ok
23:46:26.0348 4296 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
23:46:26.0519 4296 vds - ok
23:46:26.0559 4296 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
23:46:26.0653 4296 vga - ok
23:46:26.0687 4296 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
23:46:26.0795 4296 VgaSave - ok
23:46:26.0852 4296 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
23:46:26.0926 4296 vhdmp - ok
23:46:26.0990 4296 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
23:46:27.0081 4296 viaagp - ok
23:46:27.0121 4296 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
23:46:27.0208 4296 ViaC7 - ok
23:46:27.0234 4296 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
23:46:27.0287 4296 viaide - ok
23:46:27.0320 4296 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
23:46:27.0409 4296 volmgr - ok
23:46:27.0449 4296 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
23:46:27.0534 4296 volmgrx - ok
23:46:27.0612 4296 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
23:46:27.0687 4296 volsnap - ok
23:46:27.0830 4296 vpnagent (d6653180d162cb3144fdbc8a651cebb1) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
23:46:28.0021 4296 vpnagent - ok
23:46:28.0093 4296 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\windows\system32\DRIVERS\vpnva.sys
23:46:28.0156 4296 vpnva - ok
23:46:28.0212 4296 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
23:46:28.0352 4296 vsmraid - ok
23:46:28.0467 4296 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
23:46:28.0691 4296 VSS - ok
23:46:28.0737 4296 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
23:46:28.0826 4296 vwifibus - ok
23:46:28.0866 4296 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
23:46:28.0971 4296 vwififlt - ok
23:46:29.0027 4296 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
23:46:29.0099 4296 vwifimp - ok
23:46:29.0165 4296 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
23:46:29.0310 4296 W32Time - ok
23:46:29.0343 4296 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
23:46:29.0426 4296 WacomPen - ok
23:46:29.0486 4296 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
23:46:29.0632 4296 WANARP - ok
23:46:29.0645 4296 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
23:46:29.0776 4296 Wanarpv6 - ok
23:46:29.0901 4296 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
23:46:30.0194 4296 wbengine - ok
23:46:30.0255 4296 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
23:46:30.0370 4296 WbioSrvc - ok
23:46:30.0453 4296 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
23:46:30.0582 4296 wcncsvc - ok
23:46:30.0614 4296 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
23:46:30.0738 4296 WcsPlugInService - ok
23:46:30.0801 4296 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
23:46:30.0864 4296 Wd - ok
23:46:30.0912 4296 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
23:46:30.0987 4296 Wdf01000 - ok
23:46:31.0018 4296 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
23:46:31.0143 4296 WdiServiceHost - ok
23:46:31.0157 4296 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
23:46:31.0248 4296 WdiSystemHost - ok
23:46:31.0316 4296 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
23:46:31.0441 4296 WebClient - ok
23:46:31.0492 4296 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
23:46:31.0625 4296 Wecsvc - ok
23:46:31.0654 4296 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
23:46:31.0771 4296 wercplsupport - ok
23:46:31.0812 4296 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
23:46:31.0934 4296 WerSvc - ok
23:46:31.0984 4296 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
23:46:32.0088 4296 WfpLwf - ok
23:46:32.0120 4296 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
23:46:32.0184 4296 WIMMount - ok
23:46:32.0290 4296 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:46:32.0460 4296 WinDefend - ok
23:46:32.0482 4296 WinHttpAutoProxySvc - ok
23:46:32.0560 4296 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
23:46:32.0704 4296 Winmgmt - ok
23:46:32.0827 4296 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
23:46:33.0058 4296 WinRM - ok
23:46:33.0205 4296 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
23:46:33.0299 4296 WinUsb - ok
23:46:33.0397 4296 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
23:46:33.0550 4296 Wlansvc - ok
23:46:33.0613 4296 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
23:46:33.0693 4296 WmiAcpi - ok
23:46:33.0763 4296 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
23:46:33.0946 4296 wmiApSrv - ok
23:46:34.0110 4296 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:46:34.0493 4296 WMPNetworkSvc - ok
23:46:34.0525 4296 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
23:46:34.0626 4296 WPCSvc - ok
23:46:34.0691 4296 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
23:46:34.0800 4296 WPDBusEnum - ok
23:46:34.0865 4296 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
23:46:34.0973 4296 ws2ifsl - ok
23:46:35.0021 4296 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
23:46:35.0212 4296 wscsvc - ok
23:46:35.0226 4296 WSearch - ok
23:46:35.0406 4296 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
23:46:35.0669 4296 wuauserv - ok
23:46:35.0846 4296 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
23:46:36.0020 4296 WudfPf - ok
23:46:36.0096 4296 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
23:46:36.0196 4296 WUDFRd - ok
23:46:36.0310 4296 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
23:46:36.0446 4296 wudfsvc - ok
23:46:36.0533 4296 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
23:46:36.0634 4296 WwanSvc - ok
23:46:36.0726 4296 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
23:46:36.0857 4296 yukonw7 - ok
23:46:36.0975 4296 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
23:46:37.0473 4296 \Device\Harddisk0\DR0 - ok
23:46:37.0482 4296 Boot (0x1200) (95099517972e5513e32c2d8ee0fc9e54) \Device\Harddisk0\DR0\Partition0
23:46:37.0485 4296 \Device\Harddisk0\DR0\Partition0 - ok
23:46:37.0511 4296 Boot (0x1200) (fae2ec81b7c69eb5164fce781bf3e03e) \Device\Harddisk0\DR0\Partition1
23:46:37.0514 4296 \Device\Harddisk0\DR0\Partition1 - ok
23:46:37.0546 4296 Boot (0x1200) (4385b450a436503a66ab30dec1a7a5b8) \Device\Harddisk0\DR0\Partition2
23:46:37.0549 4296 \Device\Harddisk0\DR0\Partition2 - ok
23:46:37.0550 4296 ============================================================
23:46:37.0550 4296 Scan finished
23:46:37.0550 4296 ============================================================
23:46:37.0580 5556 Detected object count: 2
23:46:37.0580 5556 Actual detected object count: 2
23:46:54.0426 5556 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
23:46:54.0426 5556 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:46:54.0429 5556 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
23:46:54.0429 5556 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
-
Thanks MrCharlie
RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Arne [Admin rights]
Mode: Scan -- Date: 04/25/2012 23:04:35
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
--- User ---
[MBR] 2309d53b5e50f1481e33ea97262948e9
[bSP] 42cd176af1e1fa736744448df7d3160e : KIWI Image system MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 153877 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 346804224 | Size: 69136 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
First off, I really appreciate the help, don't think (know) this would be a big problem but I don't feel confident with this malware on my PC.
I started getting these annoying pop up ads for some Chinese role-playing game at the lower bottom right corner of my screen when i try to connect to websites (not just Chinese ones, so I realized that there was something on my PC). The pop ups come with sound (how nice).
I installed Malwarebytes Anti Malware and activated the full version trial then ran a scan. Found and quarantined "PUP.TollbarDownloader" in an exe file I had downloaded (and I guess executed) at some point. But I still get these messages that it blocked outgoing traffic every so often:
2012/04/24 10:55:06 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57038, Process: firefox.exe)
2012/04/24 10:58:20 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57187, Process: firefox.exe)
2012/04/24 10:58:53 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57212, Process: firefox.exe)
2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52592, Process: chrome.exe)
2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52593, Process: chrome.exe)
2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52594, Process: chrome.exe)
2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52595, Process: chrome.exe)
2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52596, Process: chrome.exe)
I ran a scan according to the forum guidelines and get these logs:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Arne at 11:08:28 on 2012-04-24
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.220 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\SYSTEM32\Rezip.exe
C:\windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Sticky Notes\StickyNotes.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\scalc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\igowin\igowin.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "c:\users\arne\appdata\local\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11f_Plugin.exe -update plugin
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Google Pinyin 3 Autoupdater] "c:\program files\google\google pinyin 3\GooglePinyinDaemon.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\arne\appdata\roaming\micros~1\windows\startm~1\programs\startup\sticky~1.lnk - c:\program files\sticky notes\StickyNotes.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\arne\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\0516E696E6F60245563616 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\24F6F6B677F627D6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\348696E616E45647D235471627265736B637 : DhcpNameServer = 172.13.0.1
TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\348696E616E45647D244B65557 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\7756E67756E6132333 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\D43644F6E616C6467237 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\arne\appdata\roaming\mozilla\firefox\profiles\6pojc2zr.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\arne\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 165648]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-10 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-18 654408]
R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-12-10 311296]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-8-4 645048]
R3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\drivers\CryptOSD.sys [2009-5-1 384896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-18 22344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-26 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-11 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-29 29472]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224]
.
=============== Created Last 30 ================
.
2012-04-24 02:34:06 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9984dc56-d0f1-4566-8554-6b0a4947e2e8}\mpengine.dll
2012-04-23 07:43:51 -------- d-----w- c:\program files\igowin
2012-04-18 15:22:55 -------- d-----w- c:\program files\Anvisoft
2012-04-18 11:43:48 -------- d-----w- c:\users\arne\appdata\roaming\Malwarebytes
2012-04-18 11:42:55 -------- d-----w- c:\programdata\Malwarebytes
2012-04-18 11:42:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 11:42:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-18 07:14:04 -------- d-----w- c:\users\arne\.FBReader
2012-04-18 07:09:34 -------- d-----w- c:\program files\FBReader
2012-04-18 06:52:12 -------- d-----w- c:\users\arne\appdata\roaming\calibre
2012-04-17 16:22:04 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-17 16:22:04 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-17 16:22:04 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-17 16:22:03 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-17 16:21:15 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-17 16:21:14 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-17 16:18:00 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-09 16:20:44 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-04-09 16:20:44 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-26 15:41:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-25 08:00:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 11:16:18,57 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 29.06.2010 21:58:46
System Uptime: 24.04.2012 01:25:06 (10 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N150/N210/N220
Processor: Intel® Atom CPU N450 @ 1.66GHz | CPU 1 | 1667/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 150 GiB total, 87,251 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 66,425 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Device ID: USB\VID_0A5C&PID_219B\506313BBB795
Manufacturer: Broadcom
Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
PNP Device ID: USB\VID_0A5C&PID_219B\506313BBB795
Service: BTHUSB
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP369: 25.03.2012 18:03:15 - Windows Update
RP370: 28.03.2012 20:49:26 - Windows Update
RP371: 01.04.2012 22:45:16 - Windows Update
RP372: 05.04.2012 12:38:43 - Windows Update
RP373: 09.04.2012 12:25:04 - Windows Update
RP374: 12.04.2012 23:51:23 - Windows Update
RP375: 16.04.2012 12:32:00 - Windows Update
RP376: 18.04.2012 00:19:23 - Windows Update
RP378: 18.04.2012 14:49:07 - Installed calibre
RP380: 18.04.2012 15:30:49 - Removed calibre
RP381: 21.04.2012 12:56:53 - Windows Update
.
==== Installed Programs ======================
.
??????? 3.0
7-Zip 4.65
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player 11.6
Anki
Apple Application Support
Apple Software Update
Atheros Client Installation Program
BatteryLifeExtender
ChargeableUSB
Cisco AnyConnect VPN Client
Compatibility Pack for the 2007 Office system
ContentSAFER for Wizmax
CyberLink YouCam
Easy Display Manager
Easy Network Manager
Easy Resolution Manager
Easy SpeedUp Manager
EasyBatteryManager
FBReader for Windows
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.8
Full Tilt Poker
Google Chrome
Google Earth Plug-in
Google Update Helper
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java 6 Update 22
Java 6 Update 29
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
Paint.NET v3.5.8
PokerStars
PokerStove version 1.23
PreSetup HyperSpace
QuickTime
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Skype™ 4.2
swMSM
Synaptics Pointing Device Driver
TIPP10 Version 2.0.3
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
VirtualCloneDrive
VLC media player 1.1.5
Vuze
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Xtra Controller Pro
YouTube Downloader 2.6.2
.
==== Event Viewer Messages From Past Week ========
.
22.04.2012 23:44:32, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.209.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
22.04.2012 22:55:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.209.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
22.04.2012 13:24:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
20.04.2012 18:38:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
19.04.2012 16:08:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
19.04.2012 16:08:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
19.04.2012 12:23:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
19.04.2012 12:23:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 7 time(s).
18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 7 time(s).
18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 7 time(s).
18.04.2012 19:53:25, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 5 time(s).
18.04.2012 17:40:04, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 3 time(s).
18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 6 time(s).
18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 6 time(s).
18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 6 time(s).
18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 5 time(s).
18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 5 time(s).
18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 5 time(s).
18.04.2012 17:39:59, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 4 time(s).
18.04.2012 17:39:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 4 time(s).
18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 4 time(s).
18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 4 time(s).
18.04.2012 15:43:45, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s).
18.04.2012 14:53:56, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
18.04.2012 14:48:59, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 2 time(s).
18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 3 time(s).
18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 3 time(s).
18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 3 time(s).
18.04.2012 14:48:56, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 2 time(s).
18.04.2012 14:48:56, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
18.04.2012 14:48:56, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
18.04.2012 14:48:56, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
18.04.2012 14:48:56, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
18.04.2012 14:48:52, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).
18.04.2012 14:48:52, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
18.04.2012 14:48:52, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
18.04.2012 14:48:52, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
18.04.2012 00:07:20, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
.
==== End Of File ===========================
Chinese pop up ads
in Resolved Malware Removal Logs
Posted
Ok, so I thought I was good, then I got the same thing again:
2012/05/02 10:52:53 +0800 IP-BLOCK 122.70.141.101 (Type: outgoing, Port: 59021, Process: chrome.exe)
Here is the OTL log:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Arne
->Java cache emptied: 10237700 bytes
User: Default
User: Default User
User: Public
Total Java Files Cleaned = 10.00 mb
[EMPTYTEMP]
User: All Users
User: Arne
->Temp folder emptied: 56522282 bytes
->Temporary Internet Files folder emptied: 56483518 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 80288214 bytes
->Google Chrome cache emptied: 363081678 bytes
->Flash cache emptied: 112725 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74464 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 531.00 mb
OTL by OldTimer - Version 3.2.42.1 log created on 05032012_122652
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Here is the MBAM, ran a full scan:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.03.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
[administrator]
Protection: Enabled
03.05.2012 13:29:15
mbam-log-2012-05-03 (13-29-15).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293548
Time elapsed: 1 hour(s), 26 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)