Pardew
-
Posts
31 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Pardew
-
Don't know if it's too early to just 'cash in my chips' and get a new system soon. Although the freeze has only occurred during MBAM. Why would that be? SAS and AVG have been running scans ok. So you don't think it's worth doing the advanced boot option thing? It's only when browsing, it takes a bit longer. Is it average for a HDD to develop faults around 5 years? Suppose it depends mostly on frequency of usage....
-
'Had to' switch off at the mains again........froze for an hour and a half. No bsod. Left house for work. Will be back late afternoon/early evening UK again to do ABO.
-
If I need to back up the entire system, can I do that on a DVD, Maurice?
-
Just finished backing up files and folders onto DVDS. Began following your instructions by firstly doing the VEW scan. Unfortunately, on running the message; Runtime error '75' Path/File access error' came up. Then I started a full MBAM scan which froze on 1.35 on C/config.sys . About 5 mins later following a short 2 sec burst of activity in the HD, the CUrrently scanning item changed to 'C/Games/iSnooker/adverts/advertise.png. This was followed by short 'marching paced' clicks in the HD for about 10 mins. About 10 mins later the mouse icon froze. At the time of typing this, it has been 75 mins since I started the scan and I was poised with my iPad ready to capture an 'expected' bsod!! Your doctrine of infinite patience has rubbed off on me but soon I have to go to work again and will not be able to do the advance boot option phase until tomorrow!! 80 mins - still no change!
-
Am busy today backing up my 'stuff' onto DVD's then I'm at work. If I get time to run the tests I'll post later. If not, should be tomorrow.
-
Ok. Will probably attempt this around late afternoon UK time. I read it wrong. The disc method was as an alternative. Sorry.
-
Why does it behave like this when MBAM runs? It doesn't with SAS or my AVG. This is all a bit daunting now, unchartered territory for me. I do have a Medion labelled (PC is MEDION) Vista Home Premium recovery disc. Where would I find my user account name to input?! Just want to be sure before I start doing all this, Maurice. I mean, the system is only a bit slow in opening webpages, loading pictures and such. Apart from that, it's reasonably fine. Will this procedure harm my files and folders etc?! What will happen?! When you say detailed description of MBAM scan, it's difficult to produce/ describe without a end log. It will most likely freeze at some point and afte about 10 or so minutes it will blue screen, reboot and do another chkdsk to recover. Of course, I want my pc to run a bit better/quicker when I'm surfing the web but forgive me, I'm just a bit reluctantly wary of this now. A couple of days ago, I forgot to mention, I did notice during the insertion of the eset online scan web address on IE browser at the top, the appearance of 'funmoods' in some capacity again. Sorry for whoffling, Maurice!
-
....not package......inpage
-
MBAM has AVG in it's ignore list. Is that what you mean? Vista Home Premium for some reason, doesn't facilitate an complete PC back-up, only files and folders. I don't know what the 'restore' was. I know I haven't performed a system restore. What missing pics? MBAM runs ok in safe mode. Did another scan in normal mode and gt as far as 18 mins in until freeze for 5 mins and bluescreen at the the top of which it said KERNEL_STACK_PACKAGE, I think.
-
My pc is seems to be running more sharply. Web pages opening little quicker. The bsod has only occurred when I run MBAM. Firstly, what are trust settings? The system is about 5 years old. Chkdsk ran earlier today. How do I run a memory diagnostic? I've never been inside the pc casing. Never moved or added ram. Run me thru how to do a full system back up, please. I have a few Tevion 4.7GB DVD-RW discs. Will they do? How many do I need?
-
Disabled AVG2012 - Initiated MBAMFREE 'full scan' (which is set to ignore AVG) and about 1m 30s in, it froze. After 5 mins, I left my pc for 20 mins. Got back to find my log in screen and it had recovered from an unexpected shutdown following another bsod. Is there a way to capture a blue screen event afterwards? Thanks.
-
Hi Maurice It does seem to be responding a little more sharply. Thank you so much for your help thus far. I'm pushed for time at present so will have to carry the above out and post the findings tomorrow afternoon UK time. Thanks again.
-
Step 1 All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 0 bytes Step 2(AVG2012 & Firewall disabled) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.6 (01.20.2013:1) OS: Windows Vista Home Premium x86 Ran by popster on 21/01/2013 at 16:30:51.10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared Step 3 # AdwCleaner v2.107 - Logfile created 01/21/2013 at 16:41:18 # Updated 21/01/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : popster - DAVE # Boot Mode : Normal # Running from : C:\Users\popster\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla ***** [Registry] ***** Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v2.0 (en-US) File : C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\41cbjatn.default\prefs.js [OK] File is clean. File : C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\9z0n1cbg.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.52 File : C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.12.1707.0 File : C:\Users\popster\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [6224 octets] - [05/01/2013 14:16:19] AdwCleaner[R2].txt - [4917 octets] - [05/01/2013 22:31:18] AdwCleaner[R3].txt - [1564 octets] - [21/01/2013 16:41:18] AdwCleaner[s1].txt - [5022 octets] - [05/01/2013 22:31:48] ########## EOF - C:\AdwCleaner[R3].txt - [1684 octets] ##########
-
Also, have recently acquired 3 transparent icons on my destop - an empty folder D9325FC2149B7FFE & 2 desktop.ini
-
The OTL LOP & Purity check took about 15 mins.
-
Part 2 OTL logfile created on: 19/01/2013 20:51:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\popster\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.11% Memory free 4.23 Gb Paging File | 3.10 Gb Available in Paging File | 73.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445.76 Gb Total Space | 104.73 Gb Free Space | 23.49% Space Free | Partition Type: NTFS Drive D: | 19.99 Gb Total Space | 10.38 Gb Free Space | 51.94% Space Free | Partition Type: FAT32 Computer Name: DAVE | User Name: popster | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/19 20:49:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\popster\Desktop\OTL.exe PRC - [2013/01/03 02:42:57 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/07/26 02:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2012/06/13 02:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe PRC - [2012/06/13 02:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2012/03/19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/14 03:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcfgex.exe PRC - [2012/02/14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007/10/19 17:42:38 | 000,290,909 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe PRC - [2007/10/19 17:42:38 | 000,114,779 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2007/10/08 14:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/06/27 10:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe PRC - [2007/06/27 10:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe PRC - [2007/06/27 10:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe PRC - [2007/06/27 10:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe PRC - [2007/06/27 10:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe PRC - [2007/06/27 10:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe PRC - [2007/02/12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe PRC - [2001/11/12 03:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/02/15 23:16:49 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV - [2013/01/10 00:10:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/03 02:42:57 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/06/13 02:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/19 17:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) SRV - [2007/10/19 17:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) SRV - [2007/10/08 14:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007/06/27 10:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) SRV - [2007/06/27 10:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager) SRV - [2007/06/27 10:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) SRV - [2007/06/27 10:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) SRV - [2007/06/27 10:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) SRV - [2007/06/27 10:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM) SRV - [2007/06/27 10:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) SRV - [2007/06/27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) SRV - [2007/02/12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) SRV - [2001/11/12 03:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\popster\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013/01/19 16:58:33 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight) DRV - [2013/01/14 20:00:16 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/08/24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/07/26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/04/19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/03/10 21:29:49 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2012/03/10 21:29:49 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2012/01/31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/12/23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/12/23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011/12/23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011/12/23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011/05/23 00:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd) DRV - [2010/04/19 12:46:56 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/10/28 21:48:24 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2007/11/21 02:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007/11/08 16:36:25 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2007/11/06 19:00:00 | 008,230,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/08/22 01:01:58 | 001,242,976 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007/06/27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP) DRV - [2007/06/19 01:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) DRV - [2007/02/18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr) DRV - [2006/11/17 00:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2002/11/12 10:01:44 | 000,053,168 | ---- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) DRV - [2002/11/12 10:01:42 | 000,748,544 | ---- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{4A8988B5-B1C2-B59E-FE47-307FB9DC0270}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1QzutDtDtC0DzytBtByE0CtAtDyByCtByBzytN0D0TzutBtDtCtBtDyCtBtB&cr=1488802776 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 7C FE 1B 11 A1 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{324109BB-0518-4C58-A4DC-58548F03D4A2}: "URL" = http://uk.search.yahoo.com/search/dir?ei=UTF-8&p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{4A8988B5-B1C2-B59E-FE47-307FB9DC0270}: "URL" = http://search.avg.com/route/?d=4cc813d0&v=6.10.6.4&i=&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us IE - HKCU\..\SearchScopes\{519F30B1-BCC6-407A-814D-0E2B7D176B94}: "URL" = http://uk.news.search.yahoo.com/search/news?ei=UTF-8&p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{59F26952-4C07-40D8-B545-8B8B39BD01F1}: "URL" = http://uk.local.yahoo.com/search.html?p={searchTerms}&ei=UTF-8&x=wrt&w=uctid,fw,belongto&type=GugiXML&cs=&fr=yessv IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7MEDA_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{79DE8400-EE9A-4EEA-8FEC-98F893E7CC06}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AA0CD970-D0C1-459B-9205-A7F2C4049690}: "URL" = http://uk.search.yahoo.com/search/audio?ei=UTF-8&p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{C8FF864E-B13D-4873-88DC-60E5E38CBE51}: "URL" = http://shopping.yahoo.co.uk/ctl/do/search?catId=100164013&siteSearchQuery={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{DA90F6CD-7D0F-4569-8BFB-68F1DF869A6F}: "URL" = http://uk.search.yahoo.com/search/images?ei=UTF-8&p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{DB251F66-D0AD-40DE-9CB0-290F373C647D}: "URL" = http://uk.search.yahoo.com/search/video?ei=UTF-8&p={searchTerms}&fr=yessv IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1QzutDtDtC0DzytBtByE0CtAtDyByCtByBzytN0D0TzutBtDtCtBtDyCtBtB&cr=1488802776 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" FF - prefs.js..backup.old.browser.search.selectedEngine: "Google" FF - prefs.js..backup.old.browser.search.defaultenginename: "Google" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/08/28 14:11:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/10 16:43:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/28 14:11:43 | 000,000,000 | ---D | M] [2012/06/22 22:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\41cbjatn.default\extensions [2009/11/15 14:37:06 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\41cbjatn.default\extensions\ChoiceGuard@Microsoft [2012/06/22 18:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\popster\AppData\Roaming\Mozilla\Firefox\Profiles\9z0n1cbg.default\extensions [2008/12/16 02:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008/09/09 20:35:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/09/09 20:35:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2008/11/28 14:44:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\REAL-NETWORKS@PARTNERS.MOZILLA.COM File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\TALKBACK@MOZILLA.ORG [2008/12/10 02:01:59 | 000,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png [2008/12/10 02:01:59 | 000,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: AVG Do Not Track = C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Gmail = C:\Users\popster\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2010/04/25 22:12:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - Startup: C:\Users\popster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://training.k2ms.com/WebPlayer/authorware_web_player_installers/cab/awswaxd.cab (Macromedia Authorware Web Player Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} http://217.41.63.194:65531/img/NetCamPlayerWeb11g.ocx (NetCamPlayerWeb11g Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19FD4D38-5258-444F-B48D-F367539B2C4F}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\popster\Pictures\120601.bmp O24 - Desktop BackupWallPaper: C:\Users\popster\Pictures\120601.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/01/19 20:49:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\popster\Desktop\OTL.exe [2013/01/19 20:16:14 | 000,000,000 | ---D | C] -- C:\Users\popster\Doctor Web [2013/01/19 18:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/01/18 23:06:54 | 000,000,000 | ---D | C] -- C:\Users\popster\Desktop\RK_Quarantine [2013/01/18 18:20:25 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\popster\Desktop\aswMBR.exe [2013/01/17 19:20:30 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/01/17 19:20:30 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\temp [2013/01/17 19:19:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/17 19:05:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/01/17 19:05:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/01/17 19:05:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/01/17 19:05:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/17 19:00:11 | 005,024,203 | R--- | C] (Swearware) -- C:\Users\popster\Desktop\ComboFix.exe [2013/01/17 15:36:43 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{6096B4E3-4DCB-4E55-95E5-D4BC5347DF3E} [2013/01/16 13:59:24 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{1CE4A9DE-CA2A-4263-9317-F4D7F42CF241} [2013/01/14 20:56:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\popster\Desktop\tdsskiller.exe [2013/01/14 19:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2013/01/14 19:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2013/01/14 19:41:49 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\popster\Desktop\erunt-setup.exe [2013/01/14 16:04:21 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{8A2C8FA6-BA8C-472A-A627-469D7CEDE38C} [2013/01/12 22:41:29 | 000,000,000 | ---D | C] -- C:\Users\popster\Desktop\TT STUFF [2013/01/12 17:32:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\popster\Desktop\dds.com [2013/01/12 11:26:53 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{23C1E158-874F-4017-96F2-0E1C8B1D42CA} [2013/01/09 23:50:14 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/01/09 23:50:12 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013/01/09 23:38:43 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{D20BAF27-7F5F-440C-AF77-9AA13B13A4D7} [2013/01/07 15:42:57 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\popster\Desktop\TFC.exe [2013/01/07 15:39:45 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{FE3B78B2-A1B9-4BC9-AA25-137CC6DCDB2A} [2013/01/06 20:45:32 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/01/06 20:45:32 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/01/06 20:45:32 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/01/06 20:43:59 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/01/06 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{0353B84D-8359-4634-864F-A403B401BBA7} [2013/01/05 22:47:55 | 000,752,213 | ---- | C] (Farbar) -- C:\Users\popster\Desktop\MiniToolBox.exe [2013/01/05 22:35:55 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{DA73D36E-14ED-47FD-BAAB-B205E02B3B5A} [2013/01/05 14:18:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/01/05 14:10:18 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Roaming\Malwarebytes [2013/01/05 14:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/05 14:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/05 14:10:03 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/01/05 14:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/05 14:02:18 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Users\popster\Desktop\mbam-clean-1.60.2.0003.exe [2013/01/05 13:57:19 | 000,498,427 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\popster\Desktop\JRT.exe [2013/01/05 07:11:32 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{8C91E7AA-C83C-49FC-A8F9-4819E04A6D39} [2013/01/04 11:08:32 | 000,000,000 | ---D | C] -- C:\JRT [2013/01/04 10:21:36 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{7B251A9B-91BE-4847-AC53-8909C5291605} [2013/01/03 14:21:05 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{EFAF88C7-DAD1-4AFF-BE5E-03708A3D951A} [2013/01/02 15:42:38 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{664603AF-1C2B-4DC2-A7B5-95D82C2A31AE} [2013/01/01 20:36:23 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{8D96743C-6F86-47ED-9980-9B0C8D0EDC07} [2012/12/27 14:23:22 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{A7683EE8-9CBB-475A-8BD1-07D2FB9809F0} [2012/12/26 09:22:20 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{49B0C7F6-90A8-494A-A317-42B5C56AE07D} [2012/12/25 17:14:33 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{FDB3203C-EAF7-49AA-AFEB-1CD828948855} [2012/12/24 14:53:24 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{065BF280-6BE1-43C0-8C85-4C106D879DE9} [2012/12/23 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{2B807B29-0FE1-443C-9881-E1524ECF504D} [2012/12/23 03:19:48 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{2E544CA1-4145-41FA-845C-C6C67D7FCD5E} [2012/12/23 03:12:40 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/23 03:12:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/22 14:26:32 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{D87E5F51-E2A4-40CB-B3B4-6208405AC528} [2012/12/21 11:16:23 | 000,000,000 | ---D | C] -- C:\Users\popster\AppData\Local\{57E3105D-2A38-4AA9-9851-AF375FAAC393} ========== Files - Modified Within 30 Days ========== [2013/01/19 20:49:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\popster\Desktop\OTL.exe [2013/01/19 20:16:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/19 20:12:35 | 109,406,672 | ---- | M] () -- C:\Users\popster\Desktop\drweb-cureit.exe [2013/01/19 20:08:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/19 20:00:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/19 20:00:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/19 18:02:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/19 18:00:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/19 18:00:33 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys [2013/01/19 17:16:55 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\popster\Desktop\TFC.exe [2013/01/19 16:58:33 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys [2013/01/19 13:11:13 | 106,782,800 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2013/01/18 23:02:32 | 000,000,512 | ---- | M] () -- C:\Users\popster\Desktop\MBR.dat [2013/01/18 18:31:31 | 000,764,416 | ---- | M] () -- C:\Users\popster\Desktop\RogueKiller.exe [2013/01/18 18:21:17 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\popster\Desktop\aswMBR.exe [2013/01/17 19:00:45 | 005,024,203 | R--- | M] (Swearware) -- C:\Users\popster\Desktop\ComboFix.exe [2013/01/17 16:02:15 | 215,231,140 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/01/14 20:56:57 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\popster\Desktop\tdsskiller.exe [2013/01/14 20:00:16 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys [2013/01/14 19:47:45 | 000,000,737 | ---- | M] () -- C:\Users\popster\Desktop\NTREGOPT.lnk [2013/01/14 19:47:45 | 000,000,718 | ---- | M] () -- C:\Users\popster\Desktop\ERUNT.lnk [2013/01/14 19:41:49 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\popster\Desktop\erunt-setup.exe [2013/01/12 17:32:05 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\popster\Desktop\dds.com [2013/01/12 11:53:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013/01/10 00:10:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/01/10 00:10:16 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/01/10 00:05:33 | 000,431,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/01/09 23:57:15 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/09 23:57:15 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/06 21:07:36 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013/01/05 22:48:01 | 000,752,213 | ---- | M] (Farbar) -- C:\Users\popster\Desktop\MiniToolBox.exe [2013/01/05 22:39:07 | 000,856,731 | ---- | M] () -- C:\Users\popster\Desktop\SecurityCheck.exe [2013/01/05 14:10:05 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/05 14:02:18 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Users\popster\Desktop\mbam-clean-1.60.2.0003.exe [2013/01/05 13:57:19 | 000,498,427 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\popster\Desktop\JRT.exe [2012/12/26 18:06:07 | 000,544,773 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm ========== Files Created - No Company Name ========== [2013/01/19 20:00:34 | 109,406,672 | ---- | C] () -- C:\Users\popster\Desktop\drweb-cureit.exe [2013/01/19 16:52:48 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys [2013/01/18 23:02:32 | 000,000,512 | ---- | C] () -- C:\Users\popster\Desktop\MBR.dat [2013/01/18 18:31:30 | 000,764,416 | ---- | C] () -- C:\Users\popster\Desktop\RogueKiller.exe [2013/01/17 19:05:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/01/17 19:05:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/01/17 19:05:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/01/17 19:05:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/01/17 19:05:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/14 20:00:16 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys [2013/01/14 19:47:45 | 000,000,737 | ---- | C] () -- C:\Users\popster\Desktop\NTREGOPT.lnk [2013/01/14 19:47:45 | 000,000,718 | ---- | C] () -- C:\Users\popster\Desktop\ERUNT.lnk [2013/01/06 21:07:36 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013/01/06 21:07:36 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013/01/05 22:38:58 | 000,856,731 | ---- | C] () -- C:\Users\popster\Desktop\SecurityCheck.exe [2013/01/05 14:10:05 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/17 16:07:11 | 000,024,206 | ---- | C] () -- C:\Users\popster\AppData\Roaming\UserTile.png [2010/12/09 14:17:50 | 004,481,488 | ---- | C] () -- C:\Users\popster\likd.flv [2010/09/22 10:09:45 | 000,035,093 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010/09/22 10:09:33 | 000,035,093 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010/08/18 12:34:24 | 004,044,173 | ---- | C] () -- C:\Users\popster\B2 SC 7542-03.mp3 [2010/07/13 14:29:44 | 067,819,601 | ---- | C] () -- C:\Users\popster\Grampian Horn_Porto Vigo Faro.zip [2010/05/27 14:34:22 | 000,000,380 | ---- | C] () -- C:\Users\popster\AppData\Roaming\wklnhst.dat [2010/04/19 09:56:54 | 000,000,000 | ---- | C] () -- C:\Users\popster\defogger_reenable [2010/03/30 00:58:38 | 000,002,320 | ---- | C] () -- C:\Users\popster\love.npf [2010/03/14 17:29:28 | 000,030,492 | ---- | C] () -- C:\Users\popster\danny stuff.wav [2010/03/14 17:29:13 | 000,030,492 | ---- | C] () -- C:\Users\popster\danny stuff.npf [2009/12/07 00:30:19 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2009/12/07 00:28:59 | 000,000,884 | ---- | C] () -- C:\ProgramData\ss.ini [2009/11/21 20:04:15 | 000,036,892 | ---- | C] () -- C:\Users\popster\BOOGIEBUM.npf [2009/11/20 20:46:37 | 000,037,097 | ---- | C] () -- C:\Users\popster\SKANK.npf [2009/11/18 16:49:44 | 000,002,250 | ---- | C] () -- C:\Users\popster\work in prog2.npf [2009/09/20 23:37:01 | 006,075,279 | ---- | C] () -- C:\Users\popster\Tea Rooms Cover Art (High Def).pdf [2009/09/20 23:36:53 | 006,605,743 | ---- | C] () -- C:\Users\popster\02 - Shake The West Awake.mp3 [2008/09/25 12:26:57 | 000,000,134 | ---- | C] () -- C:\Users\popster\AppData\Roaming\default.pls [2008/09/23 22:10:20 | 000,001,024 | ---- | C] () -- C:\Users\popster\.rnd [2008/09/04 18:11:09 | 000,074,318 | ---- | C] () -- C:\Users\popster\EVIE FIRE.gif [2008/09/02 23:47:46 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008/08/06 11:22:47 | 000,008,268 | ---- | C] () -- C:\Users\popster\AppData\Local\d3d9caps.dat [2008/07/17 17:07:16 | 000,138,240 | ---- | C] () -- C:\Users\popster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008/12/04 16:51:01 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\Astro Gemini Software [2011/10/12 21:07:00 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\AVG [2011/10/12 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\AVG2012 [2009/10/29 11:06:22 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\AVG9 [2009/02/21 14:25:45 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\BitZipper [2010/05/03 05:47:06 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/06/12 20:40:37 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\EPSON [2008/09/10 18:50:00 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\FrostWire [2009/01/05 15:39:45 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\NCH Swift Sound [2011/02/15 23:19:45 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\OpenOffice.org [2011/05/20 16:06:14 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\Opera [2009/11/11 17:03:15 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\Panasonic [2012/07/17 16:07:10 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\PeerNetworking [2008/09/02 23:49:59 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\Samsung [2008/12/08 07:23:55 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\Softplicity [2010/05/27 14:34:22 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\Template [2009/11/14 22:10:51 | 000,000,000 | ---D | M] -- C:\Users\popster\AppData\Roaming\Ulead Systems ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 617 bytes -> C:\Users\popster\Documents\Mentoring - Alex Metcalfe L6SB.eml:OECustomProperty @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:51394AA5 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > Results of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG Internet Security 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Free Edition Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 10 Java 6 Update 3 Java SE Development Kit 7 Update 11 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 8 Adobe Reader out of Date! Adobe Reader 10.1.5 Adobe Reader out of Date! Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.52 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log``````````````````````
-
Hi Step 1 log RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : popster [Admin rights] Mode : Remove -- Date : 01/19/2013 17:01:48 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\popster\AppData\Local\Temp\IHU9175.tmp.exe -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NOT SELECTED [HJ SMENU] HKLM\[...]\Advanced : Start_ShowMyGames (0) -> NOT SELECTED [HJ SMENU] HKLM\[...]\Advanced : Start_ShowRun (0) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3500830AS +++++ --- User --- [MBR] 32b3eb136abd2fd9b29b7dbea9b70ba0 [bSP] 04a411becf51529dc915b996c93d9252 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 456456 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 934822350 | Size: 20481 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4]_D_01192013_02d1701.txt >> RKreport[2]_S_01192013_02d1655.txt ; RKreport[3]_S_01192013_02d1658.txt ; RKreport[4]_D_01192013_02d1701.txt Step 2 - nothing found.(took about 40 minutes) Step 3 - no threats found(took about 1h 30m) Step 4 - DrWeb Cureit took 15 mins to load to my desktop. Did 'express scan' in enhanced protection mode(recommended). Whole scan took 25 mins. There was no checkbox 'complete scan' option as I noticed. Nothing was found. No log option. I could do this again if I did anything wrong. Step 5 - logs OTL Extras logfile created on: 19/01/2013 20:51:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\popster\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.11% Memory free 4.23 Gb Paging File | 3.10 Gb Available in Paging File | 73.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445.76 Gb Total Space | 104.73 Gb Free Space | 23.49% Space Free | Partition Type: NTFS Drive D: | 19.99 Gb Total Space | 10.38 Gb Free Space | 51.94% Space Free | Partition Type: FAT32 Computer Name: DAVE | User Name: popster | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{057D741D-0078-4589-B59B-5482DD865615}" = lport=139 | protocol=6 | dir=in | app=system | "{102EB6D1-0B09-44AD-AF3A-266FB6CA91B4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{11E5ED4D-6883-458F-9301-72749EB4B03F}" = rport=2869 | protocol=6 | dir=out | app=system | "{15A3D0C2-98E9-47DE-80F3-9F0A08EDE839}" = lport=445 | protocol=6 | dir=in | app=system | "{2566314C-EE9E-4B21-A86E-F045F52EEA83}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2C109243-3CAF-41BA-9C7A-4E2B5ACE2171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2F8B2F25-E6E3-4BFA-93B7-EF150F7C7922}" = lport=137 | protocol=17 | dir=in | app=system | "{324A2628-1537-4837-832A-1B21B0BDA6DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3F6F52B0-C177-4BF7-B94F-DF12E9C9BC98}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{47202532-03CE-4FC2-AC24-63A15AC91CB2}" = rport=138 | protocol=17 | dir=out | app=system | "{4ACC677E-61F4-4D6F-BA84-1471537B9A8D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4DD16B3F-7CB7-46CD-B4CA-0016075D7F67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{566919D2-20ED-4FB8-A6C5-04D85913420B}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv media server upnp discovery | "{5AB5C5AF-35B3-48D5-A8BB-0C8844BB9130}" = rport=139 | protocol=6 | dir=out | app=system | "{63CDFE4E-AFE0-47F2-B0CE-F4118AE073F3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{656C3FB0-5C64-4982-BA48-603C8C97C881}" = lport=2869 | protocol=6 | dir=in | app=system | "{733E7DFF-97AE-492C-AD77-2448499615E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7D006FC0-CA36-4A41-967A-5053EDAD6BD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9F877E52-DDC0-4D4A-9586-E1DA2666FB11}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{9F9E1AA7-24B9-4EF2-886B-E0ECCB34E091}" = rport=137 | protocol=17 | dir=out | app=system | "{A7F38619-1AEF-4D27-9C81-314EB3C06A08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | "{A9016877-7C9E-4DE5-BE00-406B9358EF42}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B0B4C85D-55E5-4E6A-B1E2-E77AAB69EDCE}" = lport=138 | protocol=17 | dir=in | app=system | "{C0C988BA-50F8-4924-AE2C-05F3C9E72ABB}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv media server discovery | "{C4F5AA54-AF8B-4994-9843-E43A43FBA755}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5FC627C-EA04-4DFE-A989-52098F987E59}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C76AA265-C33E-4DAE-8A6E-DCE116B51139}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) | "{DC7D7E15-C2F6-444E-81D5-1ADD02F6DB03}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E050241C-A3B7-454C-ACE7-539E99047E71}" = rport=445 | protocol=6 | dir=out | app=system | "{E3EBF82F-DE75-4D67-BF93-00099B19F429}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F42FF12C-D825-4666-9A0D-F3BBA5611920}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FDF04636-7E18-4995-8CB1-4B81ADF60562}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CD72A99-3B48-4442-99C0-3D442134613F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{134F7710-1761-46CB-BC25-691BBFDDE565}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{139B1807-E5C7-4910-B1BF-1E38967C0DD0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{1568276B-1415-4084-AE8E-24A00BA6D30A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{15D2670F-2084-4184-A6C5-5D7EC4E96286}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | "{17DE77A0-06BB-48DD-B316-AE69F1F05B58}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | "{1BF003E5-64B7-4C4F-9E53-148FC306A642}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{29B6BF29-A17D-42C7-A8ED-B66D6FD5A3FE}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{2BDD1228-7714-4F68-84D3-6FA6ED2F68A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2CA0959F-12C2-4F59-9630-D07ABCFB9F8F}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | "{33BAE2EA-4BEA-429C-AA93-C84DC362BD5E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{34E3E53C-B170-4879-BCA1-05C78C1DA364}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{39D449DF-E4DD-43F1-80E8-DBC47D60DB15}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{3F324021-9562-4511-B2D6-3E08C13A8DC7}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{41A55242-60EC-4378-979F-FE3A8423F734}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) | "{41C5CC3F-50A1-4327-AFE8-A08792152515}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4572B181-8BC4-4D98-A83F-2DD1B94C3D10}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{470FF8AE-D0D2-4639-8CC3-ED83AA60B73C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{4755FFBC-ED6E-4511-A185-F6E1B8E957AC}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) | "{4DF1A534-0975-45C2-8E6F-B773CEB18B56}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) | "{4F49BAB6-F724-4DF0-94E0-47BC8F78C098}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | "{5340A6DC-EC5C-4A0E-BF74-2D530C986473}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5B50EF8D-1806-4207-9A9E-3371BCAA9AB6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{5B8811E2-A750-4E98-A136-DAB78CCF69A3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{607D3F8C-E74C-435A-B886-E9A2C8C28FDD}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | "{6326C941-6B09-4769-A94B-851CD734C813}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{64D39F79-E232-40BA-875A-E8FD6DD0367A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6580A701-0BDA-4D32-86CD-2DE3D729D2FF}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | "{6A6EFE73-38E1-4AEB-8CA0-C3427B98C84A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{6CA127A0-5C88-48D4-B586-8DA4642C86F1}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | "{7BBE4B0B-AD63-4DF4-9ACB-EE0238159F2E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{7EE435C4-CC47-4147-A852-DB1A4C1E66D1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{83837CE9-B800-41F5-9E9E-0EEC8F5F75CE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{8AA5F122-03D5-495F-954D-7C6EDC517DA9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{9234D7F9-7529-4A66-99A0-4E54D9C000F5}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | "{95CC1625-D62B-4660-A1F2-EA93C7A1B8EF}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | "{9A28C300-BE18-4A53-8074-2DFAD50B6740}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | "{9CE256CF-B890-4D7B-AABE-98EA6ED7D938}" = dir=in | app=c:\program files\itunes\itunes.exe | "{9D00C58E-69E4-4173-BDE4-FC05A521ABEC}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{9F912FFC-30E3-452E-BCAE-2A0EE3096838}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | "{9FEA4666-D41F-487F-8087-0E8B20F53030}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{AC591EC9-98C3-4A9E-A683-3D0EFCF28AB4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B617BFBB-6E51-4159-9D66-9981B489534F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{B63E1859-11AC-42DA-B16D-BEC20EC4DCF2}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | "{C2EFA153-6DB1-42A1-A79D-B57193D997A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{C49E9EB6-674E-4F35-8715-2239EAF7C1BE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{C68BD778-ED64-40BC-AEFC-D1D49B057873}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{C7E5CCC5-25E5-43B4-A21B-7C123735B7B6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{CE97DA24-650B-4337-87A0-DE71810EF8BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D7604CB6-B699-4729-9047-DD0818BCE9E4}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | "{D7CBCAA2-07DA-4D89-BFF1-03E2657DF0C1}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | "{DC6A12E4-DABB-44AB-A57A-A2BE27B1CE5E}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | "{E080E0A2-5721-4704-A1AE-B0EF322F4BA1}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{E3669F5A-6769-432C-BE0F-9C2552B99491}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | "{EF22CBBB-F311-4CC0-976A-EA5EF968243C}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) | "{F18C0F03-A29D-441D-A76C-DCB79336E7F4}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{F9532484-8E52-4AAA-BEFD-D6AEB071534F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{FE652B8E-6387-4286-AB1A-31CC3763145E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "TCP Query User{00397932-F4E3-4A7C-8048-E1BE2C5E38AE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{53BFBECD-000E-4D4B-86AC-0676772FC04F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{68761C64-C50C-4957-8C23-2AA2EA236F5C}C:\users\popster\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\popster\desktop\utorrent.exe | "TCP Query User{6AA9CF8A-1FD0-4D99-99D0-8370C08DA670}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{ACFA1AB5-F6E4-485F-9261-464EFB4802CD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{C591D6D0-F2F9-4903-A097-833D3DF092B7}C:\users\popster\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\popster\desktop\utorrent.exe | "TCP Query User{DC154F97-D6CC-4039-B830-DBC0CF223089}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{0CDF2DBD-E113-4CA1-A3CA-7D30ABBF81A3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{28F809E6-B3E9-44FC-B675-10A9AA6313EA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{2CE7FB2D-D926-4D39-96A7-6615B679C84A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{59F67859-A74B-4239-8605-D52A55EA119E}C:\users\popster\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\popster\desktop\utorrent.exe | "UDP Query User{A16C0A7A-0E99-47AF-AF1A-1BC6842B6A95}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{D87E6FB5-85A1-4F15-BB4B-BBA0054C939E}C:\users\popster\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\popster\desktop\utorrent.exe | "UDP Query User{EB039788-4988-4601-A267-7F9953A30227}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{32A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{A5EA10B8-304A-412E-8ED8-4D8488F19A49}" = AVG 2012 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv Software "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5) "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel® PRO Network Connections 12.2.41.0 "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Premium "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Audacity_is1" = Audacity 1.2.6 "AVG" = AVG 2012 "BT Broadband Desktop Help" = BT Broadband Desktop Help "BTHomeHub" = BTHomeHub "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EPSON Printer and Utilities" = EPSON Printer Software "Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual "EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall "ERUNT_is1" = ERUNT 1.1j "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "Google Updater" = Google Updater "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Intel® Configuration Center" = Intel® Viiv Software "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "Opera 12.12.1707" = Opera 12.12 "PROSetDX" = Intel® PRO Network Connections 12.2.41.0 "PUBLISHERR" = Microsoft Office Publisher 2007 Trial "RealAlt_is1" = Real Alternative 1.9.0 "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SSC Service Utility_is1" = SSC Service Utility v4.30 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "X10Hardware" = X10 Hardware "Yahoo! Applications" = BT Yahoo! Applications ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06/01/2013 17:38:23 | Computer Name = dave | Source = MsiInstaller | ID = 11719 Description = Error - 06/01/2013 17:44:21 | Computer Name = dave | Source = MsiInstaller | ID = 11719 Description = Error - 06/01/2013 17:47:56 | Computer Name = dave | Source = MsiInstaller | ID = 11719 Description = Error - 06/01/2013 17:52:28 | Computer Name = dave | Source = MsiInstaller | ID = 11719 Description = Error - 06/01/2013 18:06:44 | Computer Name = dave | Source = MsiInstaller | ID = 11719 Description = Error - 09/01/2013 21:27:12 | Computer Name = dave | Source = MsiInstaller | ID = 11719 Description = Error - 17/01/2013 15:12:25 | Computer Name = dave | Source = Application Error | ID = 1000 Description = Faulting application PEV.exe, version 0.0.0.0, time stamp 0x4e06cfe8, faulting module PEV.exe, version 0.0.0.0, time stamp 0x4e06cfe8, exception code 0x40000015, fault offset 0x0008d1c0, process id 0x1494, application start time 0x01cdf4e695320628. Error - 19/01/2013 13:11:27 | Computer Name = dave | Source = Application Hang | ID = 1002 Description = The program TFC.exe version 3.1.9.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 918 Start Time: 01cdf667c5d2d8f1 Termination Time: 0 [ OSession Events ] Error - 28/04/2011 15:39:59 | Computer Name = dave | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 13/05/2011 10:45:41 | Computer Name = dave | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 10/10/2012 17:21:44 | Computer Name = dave | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7820 seconds with 4560 seconds of active time. This session ended with a crash. Error - 14/10/2012 08:51:57 | Computer Name = dave | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3141 seconds with 840 seconds of active time. This session ended with a crash. Error - 03/11/2012 12:48:59 | Computer Name = dave | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 107 seconds with 60 seconds of active time. This session ended with a crash. Error - 24/11/2012 11:45:38 | Computer Name = dave | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 816 seconds with 780 seconds of active time. This session ended with a crash. Error - 24/11/2012 12:13:11 | Computer Name = dave | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1636 seconds with 1620 seconds of active time. This session ended with a crash. Error - 02/12/2012 15:52:11 | Computer Name = dave | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 527 seconds with 480 seconds of active time. This session ended with a crash. Error - 27/12/2012 14:55:21 | Computer Name = dave | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3011 seconds with 1440 seconds of active time. This session ended with a crash. [ System Events ] Error - 19/01/2013 13:14:24 | Computer Name = dave | Source = EventLog | ID = 6008 Description = The previous system shutdown at 17:12:42 on 19/01/2013 was unexpected. Error - 19/01/2013 13:15:27 | Computer Name = dave | Source = Service Control Manager | ID = 7023 Description = Error - 19/01/2013 13:15:27 | Computer Name = dave | Source = Service Control Manager | ID = 7026 Description = Error - 19/01/2013 13:17:09 | Computer Name = dave | Source = Service Control Manager | ID = 7024 Description = Error - 19/01/2013 13:18:39 | Computer Name = dave | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 19/01/2013 13:59:23 | Computer Name = dave | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. Error - 19/01/2013 14:02:06 | Computer Name = dave | Source = Service Control Manager | ID = 7023 Description = Error - 19/01/2013 14:02:06 | Computer Name = dave | Source = Service Control Manager | ID = 7026 Description = Error - 19/01/2013 14:03:03 | Computer Name = dave | Source = Service Control Manager | ID = 7024 Description = Error - 19/01/2013 14:04:53 | Computer Name = dave | Source = ipnathlp | ID = 34001 Description = The ICS_IPV6 failed to configure IPv6 stack. < End of report >
-
Hi Maurice Here are the logs for step 1 & 2 With the F-SECURE online scanner, I get - The latest version of Java is required to run F-Secure Online Scanner. You can download it from http://java.sun.com or by clicking the download button. After installing Java Runtime Environment, you can continue the launching process of F-Secure Online Scanner. I have Java 7 Update 10 installed in progs and features. The latest version is update 11 so I installed Java SE Development Kit 7 Update 11 and it still won't initiate the scanner when I click continue. Should I uninstall Java SE Development Kit 7 Update 11? Step 1 aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-01-18 23:00:09 ----------------------------- 23:00:09.086 OS Version: Windows 6.0.6002 Service Pack 2 23:00:09.086 Number of processors: 2 586 0xF0B 23:00:09.086 ComputerName: DAVE UserName: 23:00:10.646 Initialize success 23:01:03.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 23:01:03.701 Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 3 23:01:03.716 Disk 0 MBR read successfully 23:01:03.716 Disk 0 MBR scan 23:01:03.716 Disk 0 Windows VISTA default MBR code 23:01:03.716 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 456456 MB offset 63 23:01:03.716 Disk 0 Partition - 00 0F Extended LBA 20481 MB offset 934822350 23:01:03.747 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20481 MB offset 934822413 23:01:03.747 Disk 0 scanning sectors +976768065 23:01:03.794 Disk 0 scanning C:\Windows\system32\drivers 23:01:11.818 Service scanning 23:01:28.369 Modules scanning 23:01:46.496 Scan finished successfully 23:02:32.984 Disk 0 MBR has been saved successfully to "C:\Users\popster\Desktop\MBR.dat" 23:02:32.999 The log file has been saved successfully to "C:\Users\popster\Desktop\aswMBR.txt" Step 2 RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : popster [Admin rights] Mode : Scan -- Date : 01/18/2013 23:08:15 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\popster\AppData\Local\Temp\IHU9175.tmp.exe -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU] HKLM\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKLM\[...]\Advanced : Start_ShowRun (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3500830AS +++++ --- User --- [MBR] 32b3eb136abd2fd9b29b7dbea9b70ba0 [bSP] 04a411becf51529dc915b996c93d9252 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 456456 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 934822350 | Size: 20481 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01182013_02d2308.txt >> RKreport[1]_S_01182013_02d2308.txt
-
Sorry, Maurice. Not sure what you mean by change a-v scan to none..
-
I definitely disabled AVG2012 checking 'until restart' before running Combofix.
-
2013-01-17 19:19:36 . 2013-01-17 19:19:36 910 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PlayMovie.reg.dat 2013-01-17 19:19:35 . 2013-01-17 19:19:35 1,000 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AppleSyncNotifier.reg.dat 2013-01-17 19:19:35 . 2013-01-17 19:19:35 988 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat 2013-01-17 19:19:35 . 2013-01-17 19:19:35 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat 2013-01-17 19:19:35 . 2013-01-17 19:19:35 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat 2013-01-17 19:19:30 . 2013-01-17 19:19:30 167 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MobileDocuments.reg.dat 2013-01-17 19:14:58 . 2013-01-17 19:14:58 5,213 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2013-01-17 19:05:19 . 2013-01-17 19:08:00 62 ----a-w- C:\Qoobox\Quarantine\catchme.log Hope this is the one.
-
Hi - Carried out above.(About 5 mins into Combofix scan, a windows opened 'PEV.exe stopped working') Combofix log ComboFix 13-01-17.03 - popster 17/01/2013 19:08:00.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1059 [GMT 0:00] Running from: c:\users\popster\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 ))))))))))))))))))))))))))))))) . . 2013-01-17 19:17 . 2013-01-17 19:17 -------- d-----w- c:\users\popster\AppData\Local\temp 2013-01-17 15:39 . 2013-01-17 15:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-01-14 20:00 . 2013-01-14 20:00 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-01-14 19:47 . 2013-01-14 19:48 -------- d-----w- c:\program files\ERUNT 2013-01-09 23:50 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 23:50 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 23:50 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-06 20:45 . 2012-11-28 10:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-05 14:18 . 2013-01-05 14:18 -------- d-----w- c:\windows\ERUNT 2013-01-05 14:10 . 2013-01-05 14:10 -------- d-----w- c:\users\popster\AppData\Roaming\Malwarebytes 2013-01-05 14:10 . 2013-01-05 14:10 -------- d-----w- c:\programdata\Malwarebytes 2013-01-05 14:10 . 2013-01-05 14:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 14:10 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-04 11:08 . 2013-01-05 14:17 -------- d-----w- C:\JRT 2012-12-23 03:12 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-23 03:12 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-20 00:50 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-20 00:50 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-20 00:50 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-20 00:50 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-20 00:50 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-20 00:50 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-20 00:50 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-20 00:50 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-20 00:50 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-20 00:50 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-20 00:50 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-20 00:47 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-20 00:47 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-20 00:47 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-20 00:47 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 00:10 . 2012-04-01 19:58 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-10 00:10 . 2011-05-16 05:16 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2008-12-10 02:01 . 2008-12-10 02:02 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [N/A] . c:\users\popster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-03-10 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-04-19 12:46 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp] 2009-09-14 16:56 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] 2007-06-27 10:18 215256 ----a-w- c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-12-19 19:36 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-10-08 14:19 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-12-14 16:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2012-03-08 17:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-06-29 18:16 1373480 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport] 2007-06-27 10:14 439512 ----a-w- c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-11-06 19:00 8530464 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-11-06 19:00 81920 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2007-11-06 19:00 86016 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-08-17 03:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-09 05:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService] 2007-10-19 17:42 155648 ----a-w- c:\program files\HomeCinema\TV Enhance\TVEService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-12 17:17 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:10] . 2013-01-12 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-17 19:53] . 2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:54] . 2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:54] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: motive.com\pbttbc.bt TCP: DhcpNameServer = 192.168.1.254 DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://217.41.63.194:65531/img/NetCamPlayerWeb11g.ocx . - - - - ORPHANS REMOVED - - - - . HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-PlayMovie - c:\program files\HomeCinema\PlayMovie\PMVService.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-17 19:17 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4210753331-32940636-3746106261-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6438A827-D06D-F09F-4DAD-5F352EC17E55}*] "hafnegnglkndbkdb"=hex:6b,61,62,65,67,65,6d,65,62,66,6a,65,6e,65,64,66,67,69, 6e,67,67,6f,00,02 "iadnkophcijnaaanml"=hex:6b,61,68,65,6c,6a,6c,6a,66,6c,70,65,67,6c,62,6d,6b,6b, 68,6b,64,63,00,00 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-01-17 19:20:28 ComboFix-quarantined-files.txt 2013-01-17 19:20 . Pre-Run: 111,942,623,232 bytes free Post-Run: 112,867,704,832 bytes free . - - End Of File - - 83E2C5150DE174988D959E9E472DF224
-
Hi. Followed instructions above. I disable my AVG(MBAM is set to ignore AVG anyway) During MBAM full scan, it froze after a minute on C:\TVE.iss for about 5 minutes then froze again on 04m55s. A further 10 mins elapsed when it bluescreened - Problem signature: Problem Event Name: BlueScreen OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 2057 Additional information about the problem: BCCode: 1000008e BCP1: C002001C BCP2: 8871586C BCP3: 962192E8 BCP4: 00000000 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\Mini011713-01.dmp C:\Users\popster\AppData\Local\temp\WER-214173-0.sysdata.xml C:\Users\popster\AppData\Local\temp\WER95E8.tmp.version.txt ......then the pc performed a chkdsk on auto reboot.
-
Hi Maurice I have noted this post but have no time at moment. Will carry out tomorrow. Thank you for your continued help.
-
I'm sorry. As regards this issue, in post 10 it was the TDSSKiller report I was referring to. The TDS Killer reported no threats found. I could not copy and paste the report resulting from the TDSS scan. I am used to copying and pasting right-clicking the mouse. I've only recently discovered the Ctrl+C > Ctrl+V method. 14:19:43.0911 1268 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 14:19:44.0270 1268 ============================================================ 14:19:44.0270 1268 Current date / time: 2013/01/16 14:19:44.0270 14:19:44.0270 1268 SystemInfo: 14:19:44.0270 1268 14:19:44.0270 1268 OS Version: 6.0.6002 ServicePack: 2.0 14:19:44.0270 1268 Product type: Workstation 14:19:44.0270 1268 ComputerName: DAVE 14:19:44.0270 1268 UserName: popster 14:19:44.0270 1268 Windows directory: C:\Windows 14:19:44.0270 1268 System windows directory: C:\Windows 14:19:44.0270 1268 Processor architecture: Intel x86 14:19:44.0270 1268 Number of processors: 2 14:19:44.0270 1268 Page size: 0x1000 14:19:44.0270 1268 Boot type: Normal boot 14:19:44.0270 1268 ============================================================ 14:19:44.0597 1268 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:19:44.0629 1268 ============================================================ 14:19:44.0629 1268 \Device\Harddisk0\DR0: 14:19:44.0629 1268 MBR partitions: 14:19:44.0629 1268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37B8418F 14:19:44.0644 1268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8420D, BlocksNum 0x2800A34 14:19:44.0644 1268 ============================================================ 14:19:44.0675 1268 C: <-> \Device\Harddisk0\DR0\Partition1 14:19:44.0707 1268 D: <-> \Device\Harddisk0\DR0\Partition2 14:19:44.0707 1268 ============================================================ 14:19:44.0707 1268 Initialize success 14:19:44.0707 1268 ============================================================ 14:19:54.0301 1796 ============================================================ 14:19:54.0301 1796 Scan started 14:19:54.0301 1796 Mode: Manual; 14:19:54.0301 1796 ============================================================ 14:19:54.0410 1796 ================ Scan system memory ======================== 14:19:54.0410 1796 System memory - ok 14:19:54.0410 1796 ================ Scan services ============================= 14:19:54.0566 1796 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 14:19:54.0566 1796 !SASCORE - ok 14:19:54.0789 1796 [ 53A3664BCA7BBC1C09744455BF2EA136 ] 3xHybrid C:\Windows\system32\DRIVERS\3xHybrid.sys 14:19:54.0805 1796 3xHybrid - ok 14:19:54.0852 1796 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 14:19:54.0852 1796 ACPI - ok 14:19:54.0961 1796 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 14:19:54.0961 1796 AdobeARMservice - ok 14:19:55.0054 1796 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:19:55.0054 1796 AdobeFlashPlayerUpdateSvc - ok 14:19:55.0086 1796 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:19:55.0086 1796 adp94xx - ok 14:19:55.0101 1796 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:19:55.0101 1796 adpahci - ok 14:19:55.0117 1796 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:19:55.0117 1796 adpu160m - ok 14:19:55.0132 1796 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:19:55.0132 1796 adpu320 - ok 14:19:55.0148 1796 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:19:55.0148 1796 AeLookupSvc - ok 14:19:55.0210 1796 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 14:19:55.0210 1796 AFD - ok 14:19:55.0226 1796 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:19:55.0226 1796 aic78xx - ok 14:19:55.0257 1796 [ 235CED68762538AAE388CCA5CDC0441A ] alcan5wn C:\Windows\system32\DRIVERS\alcan5wn.sys 14:19:55.0257 1796 alcan5wn - ok 14:19:55.0288 1796 [ D6652432D103B4228FFAD7A754A374B5 ] alcaudsl C:\Windows\system32\DRIVERS\alcaudsl.sys 14:19:55.0288 1796 alcaudsl - ok 14:19:55.0351 1796 [ CF86F64A1AEA27E5FA97E697BF70346D ] AlertService C:\Program Files\Intel\IntelDH\CCU\AlertService.exe 14:19:55.0351 1796 AlertService - ok 14:19:55.0382 1796 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 14:19:55.0382 1796 ALG - ok 14:19:55.0398 1796 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys 14:19:55.0398 1796 aliide - ok 14:19:55.0413 1796 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 14:19:55.0413 1796 amdagp - ok 14:19:55.0429 1796 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys 14:19:55.0429 1796 amdide - ok 14:19:55.0444 1796 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 14:19:55.0444 1796 AmdK7 - ok 14:19:55.0460 1796 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:19:55.0460 1796 AmdK8 - ok 14:19:55.0476 1796 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 14:19:55.0476 1796 Appinfo - ok 14:19:55.0543 1796 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:19:55.0543 1796 Apple Mobile Device - ok 14:19:55.0559 1796 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 14:19:55.0559 1796 arc - ok 14:19:55.0590 1796 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:19:55.0590 1796 arcsas - ok 14:19:55.0621 1796 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:19:55.0621 1796 AsyncMac - ok 14:19:55.0637 1796 [ 78620BDA3EC87816E5D1FA86F920BC3A ] atapi C:\Windows\system32\drivers\atapi.sys 14:19:55.0637 1796 atapi - ok 14:19:55.0699 1796 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:19:55.0699 1796 AudioEndpointBuilder - ok 14:19:55.0715 1796 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 14:19:55.0715 1796 Audiosrv - ok 14:19:55.0777 1796 [ C46BA2C177DF0B84F9C0BFC1E4574DC7 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys 14:19:55.0777 1796 Avgfwfd - ok 14:19:55.0902 1796 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe 14:19:55.0917 1796 avgfws - ok 14:19:56.0073 1796 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 14:19:56.0105 1796 AVGIDSAgent - ok 14:19:56.0167 1796 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys 14:19:56.0167 1796 AVGIDSDriver - ok 14:19:56.0183 1796 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys 14:19:56.0183 1796 AVGIDSFilter - ok 14:19:56.0214 1796 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys 14:19:56.0214 1796 AVGIDSHX - ok 14:19:56.0229 1796 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys 14:19:56.0229 1796 AVGIDSShim - ok 14:19:56.0276 1796 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys 14:19:56.0276 1796 Avgldx86 - ok 14:19:56.0323 1796 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys 14:19:56.0323 1796 Avgmfx86 - ok 14:19:56.0370 1796 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys 14:19:56.0370 1796 Avgrkx86 - ok 14:19:56.0417 1796 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys 14:19:56.0417 1796 Avgtdix - ok 14:19:56.0432 1796 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe 14:19:56.0432 1796 avgwd - ok 14:19:56.0463 1796 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 14:19:56.0463 1796 Beep - ok 14:19:56.0510 1796 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 14:19:56.0510 1796 BFE - ok 14:19:56.0573 1796 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 14:19:56.0573 1796 BITS - ok 14:19:56.0588 1796 blbdrive - ok 14:19:56.0635 1796 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 14:19:56.0635 1796 Bonjour Service - ok 14:19:56.0697 1796 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:19:56.0697 1796 bowser - ok 14:19:56.0713 1796 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:19:56.0713 1796 BrFiltLo - ok 14:19:56.0729 1796 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:19:56.0729 1796 BrFiltUp - ok 14:19:56.0744 1796 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 14:19:56.0744 1796 Browser - ok 14:19:56.0760 1796 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 14:19:56.0760 1796 Brserid - ok 14:19:56.0775 1796 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:19:56.0775 1796 BrSerWdm - ok 14:19:56.0775 1796 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:19:56.0775 1796 BrUsbMdm - ok 14:19:56.0791 1796 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:19:56.0791 1796 BrUsbSer - ok 14:19:56.0791 1796 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:19:56.0807 1796 BTHMODEM - ok 14:19:56.0838 1796 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:19:56.0838 1796 cdfs - ok 14:19:56.0869 1796 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:19:56.0869 1796 cdrom - ok 14:19:56.0900 1796 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 14:19:56.0900 1796 CertPropSvc - ok 14:19:56.0916 1796 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 14:19:56.0916 1796 circlass - ok 14:19:56.0978 1796 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 14:19:56.0978 1796 CLFS - ok 14:19:57.0041 1796 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:19:57.0041 1796 clr_optimization_v2.0.50727_32 - ok 14:19:57.0087 1796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:19:57.0087 1796 clr_optimization_v4.0.30319_32 - ok 14:19:57.0119 1796 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:19:57.0119 1796 cmdide - ok 14:19:57.0134 1796 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:19:57.0134 1796 Compbatt - ok 14:19:57.0134 1796 COMSysApp - ok 14:19:57.0165 1796 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:19:57.0165 1796 crcdisk - ok 14:19:57.0165 1796 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 14:19:57.0165 1796 Crusoe - ok 14:19:57.0197 1796 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:19:57.0197 1796 CryptSvc - ok 14:19:57.0243 1796 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:19:57.0259 1796 DcomLaunch - ok 14:19:57.0290 1796 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:19:57.0290 1796 DfsC - ok 14:19:57.0384 1796 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 14:19:57.0399 1796 DFSR - ok 14:19:57.0446 1796 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:19:57.0446 1796 Dhcp - ok 14:19:57.0477 1796 [ 2C56880D37785CF2C07B0309CEBB0A7D ] DHTRACE C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe 14:19:57.0477 1796 DHTRACE - ok 14:19:57.0509 1796 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 14:19:57.0509 1796 disk - ok 14:19:57.0555 1796 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:19:57.0555 1796 Dnscache - ok 14:19:57.0602 1796 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:19:57.0602 1796 dot3svc - ok 14:19:57.0633 1796 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 14:19:57.0633 1796 DPS - ok 14:19:57.0665 1796 [ 28B42D80CE943A98C6BCEA67263CBDFF ] DQLWinService C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe 14:19:57.0665 1796 DQLWinService - ok 14:19:57.0696 1796 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:19:57.0696 1796 drmkaud - ok 14:19:57.0743 1796 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:19:57.0758 1796 DXGKrnl - ok 14:19:57.0789 1796 [ 476D9F2F0789CDE89ACEE2A2FB21EC5A ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys 14:19:57.0789 1796 e1express - ok 14:19:57.0805 1796 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 14:19:57.0805 1796 E1G60 - ok 14:19:57.0821 1796 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 14:19:57.0821 1796 EapHost - ok 14:19:57.0852 1796 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 14:19:57.0852 1796 Ecache - ok 14:19:57.0899 1796 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:19:57.0914 1796 ehRecvr - ok 14:19:57.0930 1796 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 14:19:57.0930 1796 ehSched - ok 14:19:57.0945 1796 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 14:19:57.0945 1796 ehstart - ok 14:19:57.0961 1796 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:19:57.0961 1796 elxstor - ok 14:19:58.0023 1796 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:19:58.0023 1796 EMDMgmt - ok 14:19:58.0086 1796 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 14:19:58.0086 1796 EventSystem - ok 14:19:58.0117 1796 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 14:19:58.0133 1796 exfat - ok 14:19:58.0179 1796 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:19:58.0179 1796 fastfat - ok 14:19:58.0195 1796 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:19:58.0195 1796 fdc - ok 14:19:58.0211 1796 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 14:19:58.0211 1796 fdPHost - ok 14:19:58.0226 1796 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 14:19:58.0242 1796 FDResPub - ok 14:19:58.0257 1796 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys 14:19:58.0257 1796 FETNDIS - ok 14:19:58.0289 1796 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:19:58.0289 1796 FileInfo - ok 14:19:58.0320 1796 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:19:58.0320 1796 Filetrace - ok 14:19:58.0335 1796 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:19:58.0335 1796 flpydisk - ok 14:19:58.0382 1796 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:19:58.0382 1796 FltMgr - ok 14:19:58.0460 1796 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 14:19:58.0460 1796 FontCache - ok 14:19:58.0538 1796 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:19:58.0538 1796 FontCache3.0.0.0 - ok 14:19:58.0554 1796 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:19:58.0554 1796 Fs_Rec - ok 14:19:58.0585 1796 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:19:58.0585 1796 gagp30kx - ok 14:19:58.0632 1796 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys 14:19:58.0632 1796 GEARAspiWDM - ok 14:19:58.0694 1796 [ F0187E45268E86AAAA932CBD9087BEA8 ] GoogleDesktopManager-110309-193829 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 14:19:58.0694 1796 GoogleDesktopManager-110309-193829 - ok 14:19:58.0741 1796 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 14:19:58.0757 1796 gpsvc - ok 14:19:58.0819 1796 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 14:19:58.0819 1796 gupdate - ok 14:19:58.0850 1796 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 14:19:58.0850 1796 gupdatem - ok 14:19:58.0897 1796 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 14:19:58.0897 1796 gusvc - ok 14:19:58.0944 1796 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:19:58.0944 1796 HdAudAddService - ok 14:19:58.0991 1796 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:19:59.0006 1796 HDAudBus - ok 14:19:59.0022 1796 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:19:59.0022 1796 HidBth - ok 14:19:59.0037 1796 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 14:19:59.0037 1796 HidIr - ok 14:19:59.0084 1796 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 14:19:59.0084 1796 hidserv - ok 14:19:59.0115 1796 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:19:59.0115 1796 HidUsb - ok 14:19:59.0147 1796 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:19:59.0147 1796 hkmsvc - ok 14:19:59.0162 1796 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:19:59.0162 1796 HpCISSs - ok 14:19:59.0193 1796 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:19:59.0193 1796 HTTP - ok 14:19:59.0193 1796 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:19:59.0193 1796 i2omp - ok 14:19:59.0225 1796 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:19:59.0225 1796 i8042prt - ok 14:19:59.0256 1796 [ 9BCF5972C941B4B5CB60DED03CB9E300 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 14:19:59.0271 1796 IAANTMON - ok 14:19:59.0287 1796 [ 28AAE599496B4930B3F19026F2083BC4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 14:19:59.0287 1796 iaStor - ok 14:19:59.0303 1796 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:19:59.0303 1796 iaStorV - ok 14:19:59.0365 1796 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:19:59.0365 1796 idsvc - ok 14:19:59.0381 1796 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:19:59.0381 1796 iirsp - ok 14:19:59.0427 1796 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 14:19:59.0443 1796 IKEEXT - ok 14:19:59.0505 1796 [ 9F5898EBD3BBE82EADF2EFA595F02A72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 14:19:59.0521 1796 IntcAzAudAddService - ok 14:19:59.0552 1796 [ 7F440F8CED849FCDFA85BB3521B4F048 ] IntelDH C:\Windows\system32\Drivers\IntelDH.sys 14:19:59.0552 1796 IntelDH - ok 14:19:59.0568 1796 [ E5EA1C17DA5065032E346591FF64F3AF ] intelide C:\Windows\system32\drivers\intelide.sys 14:19:59.0568 1796 intelide - ok 14:19:59.0599 1796 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:19:59.0599 1796 intelppm - ok 14:19:59.0630 1796 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:19:59.0630 1796 IPBusEnum - ok 14:19:59.0646 1796 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:19:59.0646 1796 IpFilterDriver - ok 14:19:59.0693 1796 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:19:59.0693 1796 iphlpsvc - ok 14:19:59.0693 1796 IpInIp - ok 14:19:59.0724 1796 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:19:59.0724 1796 IPMIDRV - ok 14:19:59.0755 1796 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:19:59.0755 1796 IPNAT - ok 14:19:59.0786 1796 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 14:19:59.0802 1796 iPod Service - ok 14:19:59.0833 1796 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:19:59.0833 1796 IRENUM - ok 14:19:59.0833 1796 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:19:59.0833 1796 isapnp - ok 14:19:59.0880 1796 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:19:59.0880 1796 iScsiPrt - ok 14:19:59.0942 1796 [ 50ADB2883F8874AA6632A67CD410F27F ] ISSM C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe 14:19:59.0942 1796 ISSM - ok 14:19:59.0973 1796 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:19:59.0973 1796 iteatapi - ok 14:19:59.0989 1796 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:19:59.0989 1796 iteraid - ok 14:20:00.0005 1796 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:20:00.0005 1796 kbdclass - ok 14:20:00.0051 1796 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:20:00.0051 1796 kbdhid - ok 14:20:00.0098 1796 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 14:20:00.0098 1796 KeyIso - ok 14:20:00.0114 1796 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:20:00.0129 1796 KSecDD - ok 14:20:00.0161 1796 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 14:20:00.0176 1796 KtmRm - ok 14:20:00.0207 1796 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 14:20:00.0207 1796 LanmanServer - ok 14:20:00.0239 1796 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:20:00.0254 1796 LanmanWorkstation - ok 14:20:00.0270 1796 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:20:00.0270 1796 lltdio - ok 14:20:00.0317 1796 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:20:00.0317 1796 lltdsvc - ok 14:20:00.0348 1796 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:20:00.0363 1796 lmhosts - ok 14:20:00.0379 1796 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:20:00.0379 1796 LSI_FC - ok 14:20:00.0395 1796 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:20:00.0395 1796 LSI_SAS - ok 14:20:00.0426 1796 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:20:00.0426 1796 LSI_SCSI - ok 14:20:00.0457 1796 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 14:20:00.0457 1796 luafv - ok 14:20:00.0473 1796 [ 9A3741D5412AB81B86992915E3ECD3E9 ] M1 Server C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe 14:20:00.0473 1796 M1 Server - ok 14:20:00.0504 1796 [ D6767D36902E4B9F9EBB2DDD3BBF1A35 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys 14:20:00.0504 1796 mbamchameleon - ok 14:20:00.0535 1796 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 14:20:00.0535 1796 MBAMProtector - ok 14:20:00.0566 1796 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 14:20:00.0582 1796 MBAMScheduler - ok 14:20:00.0597 1796 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 14:20:00.0597 1796 MBAMService - ok 14:20:00.0629 1796 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe 14:20:00.0629 1796 McciCMService - ok 14:20:00.0660 1796 [ 6AD27B01272F966C9611A398961FCF15 ] MCLServiceATL C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe 14:20:00.0660 1796 MCLServiceATL - ok 14:20:00.0691 1796 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:20:00.0691 1796 Mcx2Svc - ok 14:20:00.0707 1796 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 14:20:00.0707 1796 megasas - ok 14:20:00.0722 1796 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 14:20:00.0722 1796 MMCSS - ok 14:20:00.0738 1796 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 14:20:00.0738 1796 Modem - ok 14:20:00.0769 1796 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:20:00.0769 1796 monitor - ok 14:20:00.0769 1796 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:20:00.0769 1796 mouclass - ok 14:20:00.0816 1796 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:20:00.0816 1796 mouhid - ok 14:20:00.0831 1796 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:20:00.0831 1796 MountMgr - ok 14:20:00.0847 1796 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 14:20:00.0847 1796 mpio - ok 14:20:00.0878 1796 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:20:00.0878 1796 mpsdrv - ok 14:20:00.0925 1796 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 14:20:00.0941 1796 MpsSvc - ok 14:20:00.0941 1796 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:20:00.0941 1796 Mraid35x - ok 14:20:00.0972 1796 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 14:20:00.0972 1796 MREMP50 - ok 14:20:00.0972 1796 MREMP50a64 - ok 14:20:00.0972 1796 MREMPR5 - ok 14:20:00.0987 1796 MRENDIS5 - ok 14:20:00.0987 1796 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 14:20:00.0987 1796 MRESP50 - ok 14:20:01.0003 1796 MRESP50a64 - ok 14:20:01.0050 1796 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:20:01.0050 1796 MRxDAV - ok 14:20:01.0097 1796 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:20:01.0097 1796 mrxsmb - ok 14:20:01.0112 1796 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:20:01.0128 1796 mrxsmb10 - ok 14:20:01.0143 1796 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:20:01.0143 1796 mrxsmb20 - ok 14:20:01.0143 1796 [ 86068B8B54A5EB092F51657F00B2222A ] msahci C:\Windows\system32\drivers\msahci.sys 14:20:01.0143 1796 msahci - ok 14:20:01.0190 1796 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:20:01.0190 1796 msdsm - ok 14:20:01.0206 1796 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 14:20:01.0206 1796 MSDTC - ok 14:20:01.0237 1796 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:20:01.0237 1796 Msfs - ok 14:20:01.0253 1796 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:20:01.0253 1796 msisadrv - ok 14:20:01.0284 1796 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:20:01.0284 1796 MSiSCSI - ok 14:20:01.0284 1796 msiserver - ok 14:20:01.0299 1796 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:20:01.0299 1796 MSKSSRV - ok 14:20:01.0331 1796 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:20:01.0331 1796 MSPCLOCK - ok 14:20:01.0346 1796 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:20:01.0346 1796 MSPQM - ok 14:20:01.0377 1796 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:20:01.0377 1796 MsRPC - ok 14:20:01.0409 1796 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:20:01.0409 1796 mssmbios - ok 14:20:01.0409 1796 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:20:01.0409 1796 MSTEE - ok 14:20:01.0471 1796 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 14:20:01.0471 1796 Mup - ok 14:20:01.0518 1796 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 14:20:01.0518 1796 napagent - ok 14:20:01.0565 1796 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:20:01.0565 1796 NativeWifiP - ok 14:20:01.0643 1796 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 14:20:01.0643 1796 NBService - ok 14:20:01.0705 1796 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:20:01.0705 1796 NDIS - ok 14:20:01.0736 1796 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:20:01.0736 1796 NdisTapi - ok 14:20:01.0752 1796 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:20:01.0752 1796 Ndisuio - ok 14:20:01.0783 1796 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:20:01.0783 1796 NdisWan - ok 14:20:01.0814 1796 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:20:01.0814 1796 NDProxy - ok 14:20:01.0830 1796 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:20:01.0830 1796 NetBIOS - ok 14:20:01.0877 1796 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:20:01.0877 1796 netbt - ok 14:20:01.0892 1796 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 14:20:01.0892 1796 Netlogon - ok 14:20:01.0923 1796 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 14:20:01.0923 1796 Netman - ok 14:20:01.0955 1796 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 14:20:01.0955 1796 netprofm - ok 14:20:01.0986 1796 [ DF938648626332E830A9BD153110AA75 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys 14:20:02.0001 1796 netr28u - ok 14:20:02.0033 1796 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:20:02.0048 1796 NetTcpPortSharing - ok 14:20:02.0064 1796 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:20:02.0064 1796 nfrd960 - ok 14:20:02.0095 1796 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:20:02.0095 1796 NlaSvc - ok 14:20:02.0189 1796 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 14:20:02.0189 1796 NMIndexingService - ok 14:20:02.0220 1796 [ 5384D7A64E7B6011E98D68F69DCFC980 ] NMSCore C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe 14:20:02.0220 1796 NMSCore - ok 14:20:02.0251 1796 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] nmsunidr C:\Windows\system32\DRIVERS\nmsunidr.sys 14:20:02.0251 1796 nmsunidr - ok 14:20:02.0282 1796 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:20:02.0282 1796 Npfs - ok 14:20:02.0313 1796 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 14:20:02.0313 1796 nsi - ok 14:20:02.0329 1796 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:20:02.0329 1796 nsiproxy - ok 14:20:02.0391 1796 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:20:02.0407 1796 Ntfs - ok 14:20:02.0438 1796 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 14:20:02.0438 1796 ntrigdigi - ok 14:20:02.0438 1796 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 14:20:02.0438 1796 Null - ok 14:20:02.0657 1796 [ 68BA207655B6CD6BBDCB8917C8F241F5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:20:02.0703 1796 nvlddmkm - ok 14:20:02.0719 1796 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:20:02.0719 1796 nvraid - ok 14:20:02.0735 1796 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:20:02.0750 1796 nvstor - ok 14:20:02.0766 1796 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:20:02.0766 1796 nv_agp - ok 14:20:02.0766 1796 NwlnkFlt - ok 14:20:02.0766 1796 NwlnkFwd - ok 14:20:02.0813 1796 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:20:02.0813 1796 odserv - ok 14:20:02.0859 1796 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 14:20:02.0859 1796 ohci1394 - ok 14:20:02.0875 1796 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:20:02.0875 1796 ose - ok 14:20:02.0937 1796 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:20:02.0937 1796 p2pimsvc - ok 14:20:02.0969 1796 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 14:20:02.0969 1796 p2psvc - ok 14:20:03.0015 1796 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\DRIVERS\parport.sys 14:20:03.0015 1796 Parport - ok 14:20:03.0062 1796 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:20:03.0062 1796 partmgr - ok 14:20:03.0062 1796 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 14:20:03.0062 1796 Parvdm - ok 14:20:03.0093 1796 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 14:20:03.0093 1796 PcaSvc - ok 14:20:03.0140 1796 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 14:20:03.0140 1796 pci - ok 14:20:03.0171 1796 [ 304048C2565A803D091CCA1AC945F593 ] pciide C:\Windows\system32\drivers\pciide.sys 14:20:03.0171 1796 pciide - ok 14:20:03.0187 1796 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:20:03.0187 1796 pcmcia - ok 14:20:03.0218 1796 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:20:03.0218 1796 PEAUTH - ok 14:20:03.0312 1796 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 14:20:03.0327 1796 pla - ok 14:20:03.0390 1796 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:20:03.0390 1796 PlugPlay - ok 14:20:03.0421 1796 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:20:03.0421 1796 PNRPAutoReg - ok 14:20:03.0437 1796 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:20:03.0452 1796 PNRPsvc - ok 14:20:03.0468 1796 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:20:03.0468 1796 PolicyAgent - ok 14:20:03.0468 1796 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:20:03.0468 1796 PptpMiniport - ok 14:20:03.0483 1796 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 14:20:03.0483 1796 Processor - ok 14:20:03.0499 1796 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 14:20:03.0515 1796 ProfSvc - ok 14:20:03.0515 1796 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 14:20:03.0515 1796 ProtectedStorage - ok 14:20:03.0561 1796 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 14:20:03.0577 1796 PSched - ok 14:20:03.0608 1796 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:20:03.0624 1796 ql2300 - ok 14:20:03.0639 1796 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:20:03.0639 1796 ql40xx - ok 14:20:03.0686 1796 [ 938A882B718866E24CA5F71DFC925866 ] QualityManager C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe 14:20:03.0686 1796 QualityManager - ok 14:20:03.0702 1796 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 14:20:03.0717 1796 QWAVE - ok 14:20:03.0733 1796 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:20:03.0733 1796 QWAVEdrv - ok 14:20:03.0795 1796 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys 14:20:03.0795 1796 R300 - ok 14:20:03.0827 1796 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:20:03.0827 1796 RasAcd - ok 14:20:03.0842 1796 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 14:20:03.0842 1796 RasAuto - ok 14:20:03.0873 1796 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:20:03.0873 1796 Rasl2tp - ok 14:20:03.0920 1796 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 14:20:03.0920 1796 RasMan - ok 14:20:03.0967 1796 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:20:03.0967 1796 RasPppoe - ok 14:20:03.0998 1796 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:20:04.0014 1796 RasSstp - ok 14:20:04.0045 1796 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:20:04.0061 1796 rdbss - ok 14:20:04.0092 1796 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:20:04.0092 1796 RDPCDD - ok 14:20:04.0107 1796 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 14:20:04.0107 1796 rdpdr - ok 14:20:04.0123 1796 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:20:04.0123 1796 RDPENCDD - ok 14:20:04.0154 1796 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:20:04.0170 1796 RDPWD - ok 14:20:04.0185 1796 [ A8430231E1A06828210248C79755BF9C ] Remote UI Service C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe 14:20:04.0185 1796 Remote UI Service - ok 14:20:04.0217 1796 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:20:04.0217 1796 RemoteAccess - ok 14:20:04.0279 1796 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:20:04.0279 1796 RemoteRegistry - ok 14:20:04.0310 1796 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe 14:20:04.0310 1796 RichVideo - ok 14:20:04.0341 1796 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys 14:20:04.0341 1796 RimUsb - ok 14:20:04.0373 1796 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 14:20:04.0373 1796 RpcLocator - ok 14:20:04.0404 1796 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll 14:20:04.0404 1796 RpcSs - ok 14:20:04.0435 1796 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:20:04.0435 1796 rspndr - ok 14:20:04.0435 1796 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 14:20:04.0435 1796 SamSs - ok 14:20:04.0497 1796 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 14:20:04.0497 1796 SASDIFSV - ok 14:20:04.0529 1796 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 14:20:04.0529 1796 SASENUM - ok 14:20:04.0544 1796 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 14:20:04.0544 1796 SASKUTIL - ok 14:20:04.0575 1796 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:20:04.0575 1796 sbp2port - ok 14:20:04.0607 1796 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:20:04.0622 1796 SCardSvr - ok 14:20:04.0669 1796 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 14:20:04.0669 1796 Schedule - ok 14:20:04.0685 1796 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:20:04.0685 1796 SCPolicySvc - ok 14:20:04.0700 1796 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:20:04.0700 1796 SDRSVC - ok 14:20:04.0778 1796 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 14:20:04.0778 1796 SeaPort - ok 14:20:04.0809 1796 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:20:04.0809 1796 secdrv - ok 14:20:04.0825 1796 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 14:20:04.0825 1796 seclogon - ok 14:20:04.0856 1796 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 14:20:04.0856 1796 SENS - ok 14:20:04.0872 1796 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 14:20:04.0872 1796 Serenum - ok 14:20:04.0903 1796 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys 14:20:04.0903 1796 Serial - ok 14:20:04.0934 1796 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:20:04.0934 1796 sermouse - ok 14:20:04.0965 1796 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 14:20:04.0965 1796 SessionEnv - ok 14:20:04.0981 1796 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:20:04.0981 1796 sffdisk - ok 14:20:04.0997 1796 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:20:04.0997 1796 sffp_mmc - ok 14:20:04.0997 1796 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:20:04.0997 1796 sffp_sd - ok 14:20:05.0012 1796 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:20:05.0012 1796 sfloppy - ok 14:20:05.0028 1796 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:20:05.0043 1796 SharedAccess - ok 14:20:05.0090 1796 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:20:05.0090 1796 ShellHWDetection - ok 14:20:05.0106 1796 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 14:20:05.0106 1796 SiSRaid2 - ok 14:20:05.0121 1796 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:20:05.0121 1796 SiSRaid4 - ok 14:20:05.0231 1796 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 14:20:05.0262 1796 slsvc - ok 14:20:05.0293 1796 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 14:20:05.0309 1796 SLUINotify - ok 14:20:05.0340 1796 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:20:05.0340 1796 Smb - ok 14:20:05.0371 1796 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:20:05.0371 1796 SNMPTRAP - ok 14:20:05.0402 1796 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 14:20:05.0402 1796 spldr - ok 14:20:05.0433 1796 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 14:20:05.0433 1796 Spooler - ok 14:20:05.0480 1796 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 14:20:05.0480 1796 srv - ok 14:20:05.0511 1796 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:20:05.0527 1796 srv2 - ok 14:20:05.0527 1796 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:20:05.0527 1796 srvnet - ok 14:20:05.0558 1796 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:20:05.0558 1796 SSDPSRV - ok 14:20:05.0574 1796 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:20:05.0589 1796 SstpSvc - ok 14:20:05.0605 1796 [ 5A1D0CA8A5F1E7B4EC50B9D76C001F0E ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys 14:20:05.0605 1796 ss_bus - ok 14:20:05.0621 1796 [ F0A85580E36A3A85059037D39A9CF079 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys 14:20:05.0621 1796 ss_mdfl - ok 14:20:05.0621 1796 [ 84C3DBFD1BFA4ADC0A950B3D5506CB00 ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys 14:20:05.0636 1796 ss_mdm - ok 14:20:05.0652 1796 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys 14:20:05.0652 1796 StarOpen - ok 14:20:05.0699 1796 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 14:20:05.0714 1796 stisvc - ok 14:20:05.0730 1796 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:20:05.0730 1796 swenum - ok 14:20:05.0761 1796 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 14:20:05.0777 1796 swprv - ok 14:20:05.0792 1796 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 14:20:05.0792 1796 Symc8xx - ok 14:20:05.0808 1796 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 14:20:05.0808 1796 Sym_hi - ok 14:20:05.0808 1796 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 14:20:05.0823 1796 Sym_u3 - ok 14:20:05.0855 1796 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 14:20:05.0870 1796 SysMain - ok 14:20:05.0901 1796 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:20:05.0901 1796 TabletInputService - ok 14:20:05.0948 1796 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:20:05.0948 1796 TapiSrv - ok 14:20:05.0979 1796 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 14:20:05.0979 1796 TBS - ok 14:20:06.0042 1796 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:20:06.0042 1796 Tcpip - ok 14:20:06.0073 1796 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 14:20:06.0073 1796 Tcpip6 - ok 14:20:06.0104 1796 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:20:06.0104 1796 tcpipreg - ok 14:20:06.0135 1796 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:20:06.0135 1796 TDPIPE - ok 14:20:06.0151 1796 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:20:06.0151 1796 TDTCP - ok 14:20:06.0198 1796 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:20:06.0198 1796 tdx - ok 14:20:06.0245 1796 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:20:06.0245 1796 TermDD - ok 14:20:06.0260 1796 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 14:20:06.0276 1796 TermService - ok 14:20:06.0276 1796 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 14:20:06.0291 1796 Themes - ok 14:20:06.0307 1796 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 14:20:06.0307 1796 THREADORDER - ok 14:20:06.0338 1796 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 14:20:06.0338 1796 TrkWks - ok 14:20:06.0369 1796 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:20:06.0369 1796 TrustedInstaller - ok 14:20:06.0385 1796 [ B56368B25A51CEBDA77E6B20764F07F2 ] TSHWMDTCP C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys 14:20:06.0385 1796 TSHWMDTCP - ok 14:20:06.0401 1796 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:20:06.0401 1796 tssecsrv - ok 14:20:06.0416 1796 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 14:20:06.0416 1796 tunmp - ok 14:20:06.0447 1796 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:20:06.0447 1796 tunnel - ok 14:20:06.0525 1796 [ DEC8ACEBD9CD1F3DD6F4F3A6308D8B94 ] TVECapSvc C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe 14:20:06.0541 1796 TVECapSvc - ok 14:20:06.0541 1796 [ 7A5A6987397F78B1606BDB5C407D3574 ] TVESched C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe 14:20:06.0541 1796 TVESched - ok 14:20:06.0557 1796 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 14:20:06.0572 1796 uagp35 - ok 14:20:06.0603 1796 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:20:06.0603 1796 udfs - ok 14:20:06.0635 1796 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:20:06.0635 1796 UI0Detect - ok 14:20:06.0650 1796 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:20:06.0650 1796 uliagpkx - ok 14:20:06.0666 1796 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 14:20:06.0666 1796 uliahci - ok 14:20:06.0681 1796 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 14:20:06.0681 1796 UlSata - ok 14:20:06.0697 1796 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 14:20:06.0697 1796 ulsata2 - ok 14:20:06.0728 1796 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:20:06.0728 1796 umbus - ok 14:20:06.0744 1796 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 14:20:06.0759 1796 upnphost - ok 14:20:06.0806 1796 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 14:20:06.0806 1796 USBAAPL - ok 14:20:06.0837 1796 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:20:06.0837 1796 usbccgp - ok 14:20:06.0853 1796 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:20:06.0853 1796 usbcir - ok 14:20:06.0900 1796 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:20:06.0900 1796 usbehci - ok 14:20:06.0962 1796 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:20:06.0962 1796 usbhub - ok 14:20:06.0978 1796 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:20:06.0978 1796 usbohci - ok 14:20:07.0025 1796 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:20:07.0025 1796 usbprint - ok 14:20:07.0040 1796 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 14:20:07.0040 1796 usbscan - ok 14:20:07.0056 1796 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:20:07.0056 1796 USBSTOR - ok 14:20:07.0087 1796 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:20:07.0087 1796 usbuhci - ok 14:20:07.0134 1796 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 14:20:07.0149 1796 UxSms - ok 14:20:07.0196 1796 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 14:20:07.0196 1796 vds - ok 14:20:07.0227 1796 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:20:07.0227 1796 vga - ok 14:20:07.0243 1796 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 14:20:07.0243 1796 VgaSave - ok 14:20:07.0259 1796 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 14:20:07.0259 1796 viaagp - ok 14:20:07.0274 1796 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 14:20:07.0274 1796 ViaC7 - ok 14:20:07.0290 1796 [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide C:\Windows\system32\drivers\viaide.sys 14:20:07.0290 1796 viaide - ok 14:20:07.0305 1796 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:20:07.0305 1796 volmgr - ok 14:20:07.0352 1796 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:20:07.0352 1796 volmgrx - ok 14:20:07.0399 1796 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:20:07.0399 1796 volsnap - ok 14:20:07.0430 1796 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:20:07.0430 1796 vsmraid - ok 14:20:07.0493 1796 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 14:20:07.0493 1796 VSS - ok 14:20:07.0508 1796 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 14:20:07.0508 1796 W32Time - ok 14:20:07.0524 1796 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:20:07.0524 1796 WacomPen - ok 14:20:07.0555 1796 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 14:20:07.0555 1796 Wanarp - ok 14:20:07.0555 1796 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:20:07.0555 1796 Wanarpv6 - ok 14:20:07.0602 1796 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:20:07.0617 1796 wcncsvc - ok 14:20:07.0633 1796 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:20:07.0633 1796 WcsPlugInService - ok 14:20:07.0649 1796 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 14:20:07.0649 1796 Wd - ok 14:20:07.0711 1796 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:20:07.0711 1796 Wdf01000 - ok 14:20:07.0742 1796 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:20:07.0742 1796 WdiServiceHost - ok 14:20:07.0742 1796 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:20:07.0758 1796 WdiSystemHost - ok 14:20:07.0805 1796 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 14:20:07.0820 1796 WebClient - ok 14:20:07.0851 1796 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:20:07.0851 1796 Wecsvc - ok 14:20:07.0867 1796 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:20:07.0883 1796 wercplsupport - ok 14:20:07.0914 1796 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 14:20:07.0914 1796 WerSvc - ok 14:20:07.0961 1796 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 14:20:07.0961 1796 WinDefend - ok 14:20:07.0976 1796 WinHttpAutoProxySvc - ok 14:20:08.0054 1796 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:20:08.0054 1796 Winmgmt - ok 14:20:08.0101 1796 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 14:20:08.0101 1796 WinRM - ok 14:20:08.0163 1796 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:20:08.0179 1796 Wlansvc - ok 14:20:08.0257 1796 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:20:08.0273 1796 wlidsvc - ok 14:20:08.0288 1796 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:20:08.0288 1796 WmiAcpi - ok 14:20:08.0335 1796 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:20:08.0335 1796 wmiApSrv - ok 14:20:08.0382 1796 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 14:20:08.0397 1796 WMPNetworkSvc - ok 14:20:08.0444 1796 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:20:08.0444 1796 WPCSvc - ok 14:20:08.0475 1796 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:20:08.0475 1796 WPDBusEnum - ok 14:20:08.0507 1796 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 14:20:08.0507 1796 WpdUsb - ok 14:20:08.0585 1796 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:20:08.0600 1796 WPFFontCache_v0400 - ok 14:20:08.0616 1796 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:20:08.0631 1796 ws2ifsl - ok 14:20:08.0647 1796 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 14:20:08.0647 1796 wscsvc - ok 14:20:08.0647 1796 WSearch - ok 14:20:08.0741 1796 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 14:20:08.0741 1796 wuauserv - ok 14:20:08.0787 1796 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:20:08.0787 1796 WudfPf - ok 14:20:08.0803 1796 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:20:08.0803 1796 WUDFRd - ok 14:20:08.0850 1796 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:20:08.0850 1796 wudfsvc - ok 14:20:08.0881 1796 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys 14:20:08.0881 1796 X10Hid - ok 14:20:08.0881 1796 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 14:20:08.0881 1796 x10nets - ok 14:20:08.0928 1796 [ 0625DB94911790F20A866A564D22612B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys 14:20:08.0928 1796 XUIF - ok 14:20:08.0928 1796 ================ Scan global =============================== 14:20:08.0975 1796 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 14:20:09.0021 1796 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 14:20:09.0037 1796 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 14:20:09.0084 1796 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 14:20:09.0084 1796 [Global] - ok 14:20:09.0084 1796 ================ Scan MBR ================================== 14:20:09.0099 1796 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 14:20:09.0411 1796 \Device\Harddisk0\DR0 - ok 14:20:09.0411 1796 ================ Scan VBR ================================== 14:20:09.0427 1796 [ 215389B626F6DCCB7E2A94E38E6F35D0 ] \Device\Harddisk0\DR0\Partition1 14:20:09.0427 1796 \Device\Harddisk0\DR0\Partition1 - ok 14:20:09.0443 1796 [ 53FFF33F0003704265EA430550B1A3D3 ] \Device\Harddisk0\DR0\Partition2 14:20:09.0443 1796 \Device\Harddisk0\DR0\Partition2 - ok 14:20:09.0443 1796 ============================================================ 14:20:09.0443 1796 Scan finished 14:20:09.0443 1796 ============================================================ 14:20:09.0458 5624 Detected object count: 0 14:20:09.0458 5624 Actual detected object count: 0