Jump to content

Chinese pop up ads


Recommended Posts

First off, I really appreciate the help, don't think (know) this would be a big problem but I don't feel confident with this malware on my PC.

I started getting these annoying pop up ads for some Chinese role-playing game at the lower bottom right corner of my screen when i try to connect to websites (not just Chinese ones, so I realized that there was something on my PC). The pop ups come with sound (how nice).

I installed Malwarebytes Anti Malware and activated the full version trial then ran a scan. Found and quarantined "PUP.TollbarDownloader" in an exe file I had downloaded (and I guess executed) at some point. But I still get these messages that it blocked outgoing traffic every so often:

2012/04/24 10:55:06 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57038, Process: firefox.exe)

2012/04/24 10:58:20 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57187, Process: firefox.exe)

2012/04/24 10:58:53 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57212, Process: firefox.exe)

2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52592, Process: chrome.exe)

2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52593, Process: chrome.exe)

2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52594, Process: chrome.exe)

2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52595, Process: chrome.exe)

2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52596, Process: chrome.exe)

I ran a scan according to the forum guidelines and get these logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Arne at 11:08:28 on 2012-04-24

Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.220 [GMT 8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\windows\SYSTEM32\Rezip.exe

C:\windows\system32\svchost.exe -k imgsvc

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskeng.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\igfxtray.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Sticky Notes\StickyNotes.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\OpenOffice.org 3\program\scalc.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\igowin\igowin.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [Google Update] "c:\users\arne\appdata\local\google\update\GoogleUpdate.exe" /c

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11f_Plugin.exe -update plugin

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [Google Pinyin 3 Autoupdater] "c:\program files\google\google pinyin 3\GooglePinyinDaemon.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\arne\appdata\roaming\micros~1\windows\startm~1\programs\startup\sticky~1.lnk - c:\program files\sticky notes\StickyNotes.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\arne\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\0516E696E6F60245563616 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\24F6F6B677F627D6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\348696E616E45647D235471627265736B637 : DhcpNameServer = 172.13.0.1

TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\348696E616E45647D244B65557 : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\7756E67756E6132333 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\D43644F6E616C6467237 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\arne\appdata\roaming\mozilla\firefox\profiles\6pojc2zr.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=

FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\arne\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 165648]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-10 10752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-18 654408]

R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-12-10 311296]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-8-4 645048]

R3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\drivers\CryptOSD.sys [2009-5-1 384896]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-18 22344]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-26 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-11 43944]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-29 29472]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224]

.

=============== Created Last 30 ================

.

2012-04-24 02:34:06 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9984dc56-d0f1-4566-8554-6b0a4947e2e8}\mpengine.dll

2012-04-23 07:43:51 -------- d-----w- c:\program files\igowin

2012-04-18 15:22:55 -------- d-----w- c:\program files\Anvisoft

2012-04-18 11:43:48 -------- d-----w- c:\users\arne\appdata\roaming\Malwarebytes

2012-04-18 11:42:55 -------- d-----w- c:\programdata\Malwarebytes

2012-04-18 11:42:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-18 11:42:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-18 07:14:04 -------- d-----w- c:\users\arne\.FBReader

2012-04-18 07:09:34 -------- d-----w- c:\program files\FBReader

2012-04-18 06:52:12 -------- d-----w- c:\users\arne\appdata\roaming\calibre

2012-04-17 16:22:04 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-17 16:22:04 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-17 16:22:04 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-17 16:22:03 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-17 16:21:15 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-17 16:21:14 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-17 16:18:00 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-04-09 16:20:44 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-04-09 16:20:44 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-26 15:41:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-25 08:00:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

============= FINISH: 11:16:18,57 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume2

Install Date: 29.06.2010 21:58:46

System Uptime: 24.04.2012 01:25:06 (10 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N150/N210/N220

Processor: Intel® Atom CPU N450 @ 1.66GHz | CPU 1 | 1667/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 150 GiB total, 87,251 GiB free.

D: is FIXED (NTFS) - 68 GiB total, 66,425 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device

Device ID: USB\VID_0A5C&PID_219B\506313BBB795

Manufacturer: Broadcom

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device

PNP Device ID: USB\VID_0A5C&PID_219B\506313BBB795

Service: BTHUSB

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP369: 25.03.2012 18:03:15 - Windows Update

RP370: 28.03.2012 20:49:26 - Windows Update

RP371: 01.04.2012 22:45:16 - Windows Update

RP372: 05.04.2012 12:38:43 - Windows Update

RP373: 09.04.2012 12:25:04 - Windows Update

RP374: 12.04.2012 23:51:23 - Windows Update

RP375: 16.04.2012 12:32:00 - Windows Update

RP376: 18.04.2012 00:19:23 - Windows Update

RP378: 18.04.2012 14:49:07 - Installed calibre

RP380: 18.04.2012 15:30:49 - Removed calibre

RP381: 21.04.2012 12:56:53 - Windows Update

.

==== Installed Programs ======================

.

??????? 3.0

7-Zip 4.65

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Reader 9.5.1

Adobe Shockwave Player 11.6

Anki

Apple Application Support

Apple Software Update

Atheros Client Installation Program

BatteryLifeExtender

ChargeableUSB

Cisco AnyConnect VPN Client

Compatibility Pack for the 2007 Office system

ContentSAFER for Wizmax

CyberLink YouCam

Easy Display Manager

Easy Network Manager

Easy Resolution Manager

Easy SpeedUp Manager

EasyBatteryManager

FBReader for Windows

Free Audio CD Burner version 1.4

Free YouTube to MP3 Converter version 3.8

Full Tilt Poker

Google Chrome

Google Earth Plug-in

Google Update Helper

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Java Auto Updater

Java 6 Update 22

Java 6 Update 29

Malwarebytes Anti-Malware version 1.61.0.1400

Marvell Miniport Driver

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Office Word Viewer 2003

Microsoft PowerPoint Viewer

Microsoft Security Client

Microsoft Security Essentials

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OpenOffice.org 3.3

Paint.NET v3.5.8

PokerStars

PokerStove version 1.23

PreSetup HyperSpace

QuickTime

Realtek High Definition Audio Driver

REALTEK Wireless LAN Software

Samsung Recovery Solution 4

Samsung Support Center

Samsung Update Plus

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Skype™ 4.2

swMSM

Synaptics Pointing Device Driver

TIPP10 Version 2.0.3

Uninstall 1.0.0.1

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

User Guide

VirtualCloneDrive

VLC media player 1.1.5

Vuze

WIDCOMM Bluetooth Software

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Xtra Controller Pro

YouTube Downloader 2.6.2

.

==== Event Viewer Messages From Past Week ========

.

22.04.2012 23:44:32, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.209.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

22.04.2012 22:55:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.209.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

22.04.2012 13:24:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

20.04.2012 18:38:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

19.04.2012 16:08:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

19.04.2012 16:08:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

19.04.2012 12:23:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

19.04.2012 12:23:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 7 time(s).

18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 7 time(s).

18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).

18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 7 time(s).

18.04.2012 19:53:25, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 5 time(s).

18.04.2012 17:40:04, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 3 time(s).

18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 6 time(s).

18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 6 time(s).

18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 6 time(s).

18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 5 time(s).

18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 5 time(s).

18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 5 time(s).

18.04.2012 17:39:59, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 4 time(s).

18.04.2012 17:39:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 4 time(s).

18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 4 time(s).

18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 4 time(s).

18.04.2012 15:43:45, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s).

18.04.2012 14:53:56, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.

18.04.2012 14:48:59, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 2 time(s).

18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 3 time(s).

18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 3 time(s).

18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 3 time(s).

18.04.2012 14:48:56, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 2 time(s).

18.04.2012 14:48:56, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

18.04.2012 14:48:56, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

18.04.2012 14:48:56, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

18.04.2012 14:48:56, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

18.04.2012 14:48:52, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).

18.04.2012 14:48:52, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

18.04.2012 14:48:52, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

18.04.2012 14:48:52, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

18.04.2012 00:07:20, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

Thanks MrCharlie

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User: Arne [Admin rights]

Mode: Scan -- Date: 04/25/2012 23:04:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++

--- User ---

[MBR] 2309d53b5e50f1481e33ea97262948e9

[bSP] 42cd176af1e1fa736744448df7d3160e : KIWI Image system MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 153877 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 346804224 | Size: 69136 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

23:44:57.0990 5348 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

23:44:59.0279 5348 ============================================================

23:44:59.0279 5348 Current date / time: 2012/04/25 23:44:59.0279

23:44:59.0279 5348 SystemInfo:

23:44:59.0280 5348

23:44:59.0280 5348 OS Version: 6.1.7601 ServicePack: 1.0

23:44:59.0280 5348 Product type: Workstation

23:44:59.0280 5348 ComputerName:

23:44:59.0281 5348 UserName:

23:44:59.0281 5348 Windows directory: C:\windows

23:44:59.0281 5348 System windows directory: C:\windows

23:44:59.0281 5348 Processor architecture: Intel x86

23:44:59.0281 5348 Number of processors: 2

23:44:59.0281 5348 Page size: 0x1000

23:44:59.0281 5348 Boot type: Normal boot

23:44:59.0281 5348 ============================================================

23:45:01.0930 5348 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:45:01.0936 5348 ============================================================

23:45:01.0936 5348 \Device\Harddisk0\DR0:

23:45:01.0936 5348 MBR partitions:

23:45:01.0937 5348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000

23:45:01.0937 5348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x12C8A800

23:45:01.0962 5348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14ABD800, BlocksNum 0x8707970

23:45:01.0962 5348 ============================================================

23:45:02.0055 5348 C: <-> \Device\Harddisk0\DR0\Partition1

23:45:02.0138 5348 D: <-> \Device\Harddisk0\DR0\Partition2

23:45:02.0138 5348 ============================================================

23:45:02.0139 5348 Initialize success

23:45:02.0139 5348 ============================================================

23:45:10.0653 4296 ============================================================

23:45:10.0653 4296 Scan started

23:45:10.0653 4296 Mode: Manual; SigCheck; TDLFS;

23:45:10.0653 4296 ============================================================

23:45:11.0082 4296 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

23:45:11.0500 4296 1394ohci - ok

23:45:11.0578 4296 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

23:45:11.0690 4296 ACPI - ok

23:45:11.0755 4296 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

23:45:11.0891 4296 AcpiPmi - ok

23:45:11.0980 4296 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

23:45:12.0067 4296 adp94xx - ok

23:45:12.0114 4296 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

23:45:12.0250 4296 adpahci - ok

23:45:12.0297 4296 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

23:45:12.0474 4296 adpu320 - ok

23:45:12.0524 4296 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll

23:45:12.0705 4296 AeLookupSvc - ok

23:45:12.0794 4296 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

23:45:12.0992 4296 AFD - ok

23:45:13.0043 4296 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

23:45:13.0137 4296 agp440 - ok

23:45:13.0200 4296 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

23:45:13.0278 4296 aic78xx - ok

23:45:13.0324 4296 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe

23:45:13.0922 4296 ALG - ok

23:45:13.0993 4296 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

23:45:14.0049 4296 aliide - ok

23:45:14.0072 4296 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

23:45:14.0170 4296 amdagp - ok

23:45:14.0209 4296 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

23:45:14.0288 4296 amdide - ok

23:45:14.0321 4296 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

23:45:14.0479 4296 AmdK8 - ok

23:45:14.0510 4296 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

23:45:14.0641 4296 AmdPPM - ok

23:45:14.0706 4296 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

23:45:14.0820 4296 amdsata - ok

23:45:14.0877 4296 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

23:45:15.0037 4296 amdsbs - ok

23:45:15.0129 4296 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

23:45:15.0214 4296 amdxata - ok

23:45:15.0293 4296 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

23:45:15.0517 4296 AppID - ok

23:45:15.0567 4296 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll

23:45:15.0758 4296 AppIDSvc - ok

23:45:15.0841 4296 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll

23:45:16.0013 4296 Appinfo - ok

23:45:16.0055 4296 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

23:45:16.0157 4296 arc - ok

23:45:16.0176 4296 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

23:45:16.0288 4296 arcsas - ok

23:45:16.0332 4296 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

23:45:16.0547 4296 AsyncMac - ok

23:45:16.0616 4296 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

23:45:16.0693 4296 atapi - ok

23:45:16.0931 4296 athr (49f17a2e79469be6581d491706720671) C:\windows\system32\DRIVERS\athr.sys

23:45:17.0181 4296 athr - ok

23:45:17.0368 4296 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll

23:45:17.0559 4296 AudioEndpointBuilder - ok

23:45:17.0577 4296 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll

23:45:17.0705 4296 Audiosrv - ok

23:45:17.0787 4296 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll

23:45:18.0005 4296 AxInstSV - ok

23:45:18.0102 4296 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

23:45:18.0301 4296 b06bdrv - ok

23:45:18.0367 4296 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

23:45:18.0554 4296 b57nd60x - ok

23:45:18.0616 4296 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll

23:45:18.0773 4296 BDESVC - ok

23:45:18.0820 4296 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

23:45:18.0906 4296 Beep - ok

23:45:18.0988 4296 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll

23:45:19.0162 4296 BFE - ok

23:45:19.0243 4296 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll

23:45:19.0420 4296 BITS - ok

23:45:19.0462 4296 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

23:45:19.0576 4296 blbdrive - ok

23:45:19.0630 4296 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

23:45:19.0787 4296 bowser - ok

23:45:19.0806 4296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

23:45:19.0952 4296 BrFiltLo - ok

23:45:19.0978 4296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

23:45:20.0045 4296 BrFiltUp - ok

23:45:20.0122 4296 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll

23:45:20.0272 4296 Browser - ok

23:45:20.0302 4296 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

23:45:20.0443 4296 Brserid - ok

23:45:20.0458 4296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

23:45:20.0599 4296 BrSerWdm - ok

23:45:20.0635 4296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

23:45:20.0731 4296 BrUsbMdm - ok

23:45:20.0762 4296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

23:45:20.0848 4296 BrUsbSer - ok

23:45:20.0903 4296 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

23:45:21.0052 4296 BthEnum - ok

23:45:21.0087 4296 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

23:45:21.0215 4296 BTHMODEM - ok

23:45:21.0267 4296 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

23:45:21.0354 4296 BthPan - ok

23:45:21.0417 4296 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys

23:45:21.0522 4296 BTHPORT - ok

23:45:21.0567 4296 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll

23:45:21.0736 4296 bthserv - ok

23:45:21.0766 4296 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys

23:45:21.0908 4296 BTHUSB - ok

23:45:21.0954 4296 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys

23:45:22.0128 4296 btusbflt - ok

23:45:22.0155 4296 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\windows\system32\drivers\btwaudio.sys

23:45:22.0277 4296 btwaudio - ok

23:45:22.0311 4296 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\DRIVERS\btwavdt.sys

23:45:22.0446 4296 btwavdt - ok

23:45:22.0601 4296 btwdins (0e3ee2bc0ec56bfe869fcde3e5806684) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

23:45:23.0340 4296 btwdins - ok

23:45:23.0399 4296 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys

23:45:23.0494 4296 btwl2cap - ok

23:45:23.0532 4296 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys

23:45:23.0583 4296 btwrchid - ok

23:45:23.0634 4296 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

23:45:23.0802 4296 cdfs - ok

23:45:23.0874 4296 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys

23:45:23.0936 4296 cdrom - ok

23:45:24.0014 4296 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll

23:45:24.0201 4296 CertPropSvc - ok

23:45:24.0232 4296 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

23:45:24.0348 4296 circlass - ok

23:45:24.0398 4296 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

23:45:24.0518 4296 CLFS - ok

23:45:24.0612 4296 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:45:24.0844 4296 clr_optimization_v2.0.50727_32 - ok

23:45:24.0931 4296 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:45:25.0003 4296 clr_optimization_v4.0.30319_32 - ok

23:45:25.0031 4296 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

23:45:25.0124 4296 CmBatt - ok

23:45:25.0180 4296 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

23:45:25.0235 4296 cmdide - ok

23:45:25.0288 4296 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys

23:45:25.0418 4296 CNG - ok

23:45:25.0473 4296 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

23:45:25.0534 4296 Compbatt - ok

23:45:25.0602 4296 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

23:45:25.0712 4296 CompositeBus - ok

23:45:25.0736 4296 COMSysApp - ok

23:45:25.0759 4296 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

23:45:25.0820 4296 crcdisk - ok

23:45:25.0900 4296 CryptOSD (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys

23:45:26.0023 4296 CryptOSD - ok

23:45:26.0087 4296 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll

23:45:26.0212 4296 CryptSvc - ok

23:45:26.0302 4296 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll

23:45:26.0469 4296 DcomLaunch - ok

23:45:26.0521 4296 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll

23:45:26.0673 4296 defragsvc - ok

23:45:26.0740 4296 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

23:45:26.0920 4296 DfsC - ok

23:45:27.0013 4296 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll

23:45:27.0169 4296 Dhcp - ok

23:45:27.0211 4296 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

23:45:27.0431 4296 discache - ok

23:45:27.0501 4296 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

23:45:27.0607 4296 Disk - ok

23:45:27.0659 4296 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll

23:45:27.0820 4296 Dnscache - ok

23:45:27.0899 4296 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll

23:45:28.0060 4296 dot3svc - ok

23:45:28.0194 4296 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll

23:45:28.0354 4296 DPS - ok

23:45:28.0412 4296 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

23:45:28.0464 4296 drmkaud - ok

23:45:28.0546 4296 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

23:45:28.0651 4296 DXGKrnl - ok

23:45:28.0699 4296 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll

23:45:28.0835 4296 EapHost - ok

23:45:29.0064 4296 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

23:45:29.0258 4296 ebdrv - ok

23:45:29.0391 4296 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe

23:45:29.0489 4296 EFS - ok

23:45:29.0616 4296 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\windows\system32\Drivers\ElbyCDIO.sys

23:45:29.0691 4296 ElbyCDIO - ok

23:45:29.0797 4296 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

23:45:29.0890 4296 elxstor - ok

23:45:29.0950 4296 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

23:45:29.0998 4296 ErrDev - ok

23:45:30.0070 4296 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll

23:45:30.0237 4296 EventSystem - ok

23:45:30.0291 4296 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

23:45:30.0444 4296 exfat - ok

23:45:30.0472 4296 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

23:45:30.0576 4296 fastfat - ok

23:45:30.0670 4296 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe

23:45:30.0980 4296 Fax - ok

23:45:31.0014 4296 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

23:45:31.0122 4296 fdc - ok

23:45:31.0160 4296 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll

23:45:31.0283 4296 fdPHost - ok

23:45:31.0308 4296 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll

23:45:31.0443 4296 FDResPub - ok

23:45:31.0475 4296 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

23:45:31.0574 4296 FileInfo - ok

23:45:31.0602 4296 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

23:45:31.0733 4296 Filetrace - ok

23:45:31.0844 4296 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

23:45:31.0935 4296 flpydisk - ok

23:45:31.0976 4296 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

23:45:32.0061 4296 FltMgr - ok

23:45:32.0152 4296 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll

23:45:32.0305 4296 FontCache - ok

23:45:32.0365 4296 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

23:45:32.0479 4296 FontCache3.0.0.0 - ok

23:45:32.0515 4296 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

23:45:32.0601 4296 FsDepends - ok

23:45:32.0699 4296 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys

23:45:32.0759 4296 Fs_Rec - ok

23:45:32.0841 4296 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

23:45:32.0955 4296 fvevol - ok

23:45:32.0989 4296 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

23:45:33.0088 4296 gagp30kx - ok

23:45:33.0168 4296 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll

23:45:33.0399 4296 gpsvc - ok

23:45:33.0495 4296 gupdate - ok

23:45:33.0509 4296 gupdatem - ok

23:45:33.0564 4296 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

23:45:33.0678 4296 hcw85cir - ok

23:45:33.0755 4296 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

23:45:33.0848 4296 HdAudAddService - ok

23:45:33.0903 4296 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

23:45:33.0976 4296 HDAudBus - ok

23:45:34.0014 4296 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

23:45:34.0081 4296 HidBatt - ok

23:45:34.0112 4296 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

23:45:34.0206 4296 HidBth - ok

23:45:34.0206 4296 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

23:45:34.0315 4296 HidIr - ok

23:45:34.0362 4296 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll

23:45:34.0548 4296 hidserv - ok

23:45:34.0609 4296 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys

23:45:34.0721 4296 HidUsb - ok

23:45:34.0773 4296 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll

23:45:34.0895 4296 hkmsvc - ok

23:45:34.0963 4296 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll

23:45:35.0105 4296 HomeGroupListener - ok

23:45:35.0171 4296 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll

23:45:35.0282 4296 HomeGroupProvider - ok

23:45:35.0345 4296 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

23:45:35.0438 4296 HpSAMD - ok

23:45:35.0528 4296 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

23:45:35.0671 4296 HTTP - ok

23:45:35.0754 4296 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

23:45:35.0808 4296 hwpolicy - ok

23:45:35.0884 4296 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

23:45:36.0030 4296 i8042prt - ok

23:45:36.0096 4296 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

23:45:36.0203 4296 iaStor - ok

23:45:36.0290 4296 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

23:45:36.0430 4296 iaStorV - ok

23:45:36.0581 4296 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23:45:37.0014 4296 idsvc - ok

23:45:37.0349 4296 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys

23:45:37.0747 4296 igfx - ok

23:45:37.0919 4296 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

23:45:37.0997 4296 iirsp - ok

23:45:38.0138 4296 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll

23:45:38.0328 4296 IKEEXT - ok

23:45:38.0547 4296 IntcAzAudAddService (7cb41a5e5c24f9f50e6533693e2bb74d) C:\windows\system32\drivers\RTKVHDA.sys

23:45:38.0732 4296 IntcAzAudAddService - ok

23:45:38.0962 4296 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

23:45:39.0018 4296 intelide - ok

23:45:39.0067 4296 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

23:45:39.0175 4296 intelppm - ok

23:45:39.0222 4296 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll

23:45:39.0374 4296 IPBusEnum - ok

23:45:39.0418 4296 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

23:45:39.0578 4296 IpFilterDriver - ok

23:45:39.0675 4296 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll

23:45:39.0872 4296 iphlpsvc - ok

23:45:39.0919 4296 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

23:45:40.0062 4296 IPMIDRV - ok

23:45:40.0093 4296 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

23:45:40.0199 4296 IPNAT - ok

23:45:40.0233 4296 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

23:45:40.0341 4296 IRENUM - ok

23:45:40.0399 4296 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

23:45:40.0521 4296 isapnp - ok

23:45:40.0607 4296 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

23:45:40.0712 4296 iScsiPrt - ok

23:45:40.0761 4296 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys

23:45:40.0852 4296 kbdclass - ok

23:45:40.0885 4296 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys

23:45:41.0001 4296 kbdhid - ok

23:45:41.0046 4296 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

23:45:41.0124 4296 KeyIso - ok

23:45:41.0151 4296 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys

23:45:41.0264 4296 KSecDD - ok

23:45:41.0295 4296 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys

23:45:41.0435 4296 KSecPkg - ok

23:45:41.0560 4296 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll

23:45:41.0725 4296 KtmRm - ok

23:45:41.0799 4296 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll

23:45:41.0960 4296 LanmanServer - ok

23:45:42.0013 4296 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll

23:45:42.0146 4296 LanmanWorkstation - ok

23:45:42.0211 4296 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

23:45:42.0359 4296 lltdio - ok

23:45:42.0408 4296 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll

23:45:42.0550 4296 lltdsvc - ok

23:45:42.0573 4296 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll

23:45:42.0693 4296 lmhosts - ok

23:45:42.0741 4296 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

23:45:42.0855 4296 LSI_FC - ok

23:45:42.0875 4296 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

23:45:42.0980 4296 LSI_SAS - ok

23:45:43.0008 4296 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

23:45:43.0090 4296 LSI_SAS2 - ok

23:45:43.0113 4296 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

23:45:43.0229 4296 LSI_SCSI - ok

23:45:43.0263 4296 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

23:45:43.0433 4296 luafv - ok

23:45:43.0510 4296 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys

23:45:43.0577 4296 MBAMProtector - ok

23:45:43.0660 4296 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

23:45:44.0021 4296 MBAMService - ok

23:45:44.0059 4296 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

23:45:44.0125 4296 megasas - ok

23:45:44.0157 4296 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

23:45:44.0230 4296 MegaSR - ok

23:45:44.0269 4296 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

23:45:44.0400 4296 MMCSS - ok

23:45:44.0430 4296 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

23:45:44.0614 4296 Modem - ok

23:45:44.0711 4296 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

23:45:44.0882 4296 monitor - ok

23:45:44.0958 4296 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

23:45:45.0070 4296 mouclass - ok

23:45:45.0193 4296 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

23:45:45.0315 4296 mouhid - ok

23:45:45.0392 4296 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

23:45:45.0559 4296 mountmgr - ok

23:45:45.0915 4296 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys

23:45:46.0047 4296 MpFilter - ok

23:45:46.0225 4296 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

23:45:46.0418 4296 mpio - ok

23:45:46.0718 4296 MpKsl649afcb5 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys

23:45:46.0817 4296 MpKsl649afcb5 - ok

23:45:46.0928 4296 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys

23:45:47.0014 4296 MpNWMon - ok

23:45:47.0208 4296 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

23:45:47.0426 4296 mpsdrv - ok

23:45:47.0582 4296 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll

23:45:47.0813 4296 MpsSvc - ok

23:45:47.0890 4296 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

23:45:47.0994 4296 MRxDAV - ok

23:45:48.0063 4296 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

23:45:48.0189 4296 mrxsmb - ok

23:45:48.0249 4296 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

23:45:48.0380 4296 mrxsmb10 - ok

23:45:48.0411 4296 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

23:45:48.0587 4296 mrxsmb20 - ok

23:45:48.0655 4296 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

23:45:48.0744 4296 msahci - ok

23:45:48.0809 4296 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

23:45:48.0902 4296 msdsm - ok

23:45:48.0971 4296 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe

23:45:49.0134 4296 MSDTC - ok

23:45:49.0219 4296 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

23:45:49.0509 4296 Msfs - ok

23:45:49.0543 4296 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

23:45:49.0651 4296 mshidkmdf - ok

23:45:49.0717 4296 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

23:45:49.0793 4296 msisadrv - ok

23:45:49.0872 4296 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll

23:45:50.0104 4296 MSiSCSI - ok

23:45:50.0120 4296 msiserver - ok

23:45:50.0276 4296 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

23:45:50.0447 4296 MSKSSRV - ok

23:45:50.0964 4296 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

23:45:51.0091 4296 MsMpSvc - ok

23:45:51.0169 4296 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

23:45:51.0316 4296 MSPCLOCK - ok

23:45:51.0435 4296 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

23:45:51.0567 4296 MSPQM - ok

23:45:51.0609 4296 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

23:45:51.0823 4296 MsRPC - ok

23:45:51.0929 4296 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

23:45:52.0042 4296 mssmbios - ok

23:45:52.0098 4296 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

23:45:52.0206 4296 MSTEE - ok

23:45:52.0223 4296 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

23:45:52.0331 4296 MTConfig - ok

23:45:52.0361 4296 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

23:45:52.0475 4296 Mup - ok

23:45:52.0555 4296 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll

23:45:52.0749 4296 napagent - ok

23:45:52.0866 4296 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

23:45:53.0030 4296 NativeWifiP - ok

23:45:53.0102 4296 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

23:45:53.0288 4296 NDIS - ok

23:45:53.0372 4296 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

23:45:53.0523 4296 NdisCap - ok

23:45:53.0558 4296 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

23:45:53.0717 4296 NdisTapi - ok

23:45:53.0800 4296 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

23:45:53.0984 4296 Ndisuio - ok

23:45:54.0061 4296 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

23:45:54.0201 4296 NdisWan - ok

23:45:54.0226 4296 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

23:45:54.0417 4296 NDProxy - ok

23:45:54.0458 4296 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

23:45:54.0650 4296 NetBIOS - ok

23:45:54.0771 4296 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

23:45:55.0018 4296 NetBT - ok

23:45:55.0082 4296 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

23:45:55.0194 4296 Netlogon - ok

23:45:55.0255 4296 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll

23:45:55.0449 4296 Netman - ok

23:45:55.0487 4296 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll

23:45:55.0742 4296 netprofm - ok

23:45:55.0851 4296 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:45:55.0976 4296 NetTcpPortSharing - ok

23:45:56.0023 4296 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

23:45:56.0140 4296 nfrd960 - ok

23:45:56.0259 4296 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys

23:45:56.0381 4296 NisDrv - ok

23:45:56.0516 4296 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

23:45:56.0742 4296 NisSrv - ok

23:45:56.0819 4296 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll

23:45:57.0051 4296 NlaSvc - ok

23:45:57.0068 4296 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

23:45:57.0270 4296 Npfs - ok

23:45:57.0355 4296 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll

23:45:57.0511 4296 nsi - ok

23:45:57.0562 4296 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

23:45:57.0712 4296 nsiproxy - ok

23:45:57.0894 4296 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

23:45:58.0510 4296 Ntfs - ok

23:45:58.0571 4296 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

23:45:58.0686 4296 Null - ok

23:45:58.0772 4296 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

23:45:58.0938 4296 nvraid - ok

23:45:58.0977 4296 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

23:45:59.0156 4296 nvstor - ok

23:45:59.0286 4296 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

23:45:59.0376 4296 nv_agp - ok

23:45:59.0428 4296 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

23:45:59.0554 4296 ohci1394 - ok

23:45:59.0637 4296 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:45:59.0754 4296 ose - ok

23:45:59.0807 4296 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

23:45:59.0948 4296 p2pimsvc - ok

23:46:00.0005 4296 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll

23:46:00.0116 4296 p2psvc - ok

23:46:00.0161 4296 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

23:46:00.0290 4296 Parport - ok

23:46:00.0602 4296 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys

23:46:00.0710 4296 partmgr - ok

23:46:00.0739 4296 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

23:46:00.0826 4296 Parvdm - ok

23:46:00.0874 4296 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll

23:46:01.0025 4296 PcaSvc - ok

23:46:01.0088 4296 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

23:46:01.0165 4296 pci - ok

23:46:01.0190 4296 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

23:46:01.0244 4296 pciide - ok

23:46:01.0288 4296 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

23:46:01.0365 4296 pcmcia - ok

23:46:01.0394 4296 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

23:46:01.0476 4296 pcw - ok

23:46:01.0539 4296 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

23:46:01.0687 4296 PEAUTH - ok

23:46:01.0781 4296 PhnxBldr - ok

23:46:01.0859 4296 PhnxBuilder - ok

23:46:02.0065 4296 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll

23:46:02.0409 4296 pla - ok

23:46:02.0670 4296 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll

23:46:02.0827 4296 PlugPlay - ok

23:46:02.0860 4296 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll

23:46:02.0993 4296 PNRPAutoReg - ok

23:46:03.0041 4296 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

23:46:03.0137 4296 PNRPsvc - ok

23:46:03.0218 4296 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll

23:46:03.0351 4296 PolicyAgent - ok

23:46:03.0470 4296 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll

23:46:03.0607 4296 Power - ok

23:46:03.0678 4296 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

23:46:03.0833 4296 PptpMiniport - ok

23:46:03.0940 4296 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

23:46:04.0033 4296 Processor - ok

23:46:04.0111 4296 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll

23:46:04.0276 4296 ProfSvc - ok

23:46:04.0349 4296 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

23:46:04.0422 4296 ProtectedStorage - ok

23:46:04.0514 4296 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

23:46:04.0678 4296 Psched - ok

23:46:04.0802 4296 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

23:46:04.0928 4296 ql2300 - ok

23:46:05.0073 4296 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

23:46:05.0193 4296 ql40xx - ok

23:46:05.0244 4296 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll

23:46:05.0384 4296 QWAVE - ok

23:46:05.0415 4296 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

23:46:05.0523 4296 QWAVEdrv - ok

23:46:05.0553 4296 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

23:46:05.0755 4296 RasAcd - ok

23:46:05.0865 4296 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

23:46:06.0010 4296 RasAgileVpn - ok

23:46:06.0048 4296 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll

23:46:06.0198 4296 RasAuto - ok

23:46:06.0697 4296 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

23:46:06.0876 4296 Rasl2tp - ok

23:46:06.0994 4296 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll

23:46:07.0136 4296 RasMan - ok

23:46:07.0175 4296 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

23:46:07.0303 4296 RasPppoe - ok

23:46:07.0341 4296 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

23:46:07.0487 4296 RasSstp - ok

23:46:07.0556 4296 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

23:46:07.0680 4296 rdbss - ok

23:46:07.0696 4296 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

23:46:07.0790 4296 rdpbus - ok

23:46:07.0841 4296 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

23:46:07.0919 4296 RDPCDD - ok

23:46:07.0965 4296 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

23:46:08.0046 4296 RDPENCDD - ok

23:46:08.0091 4296 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

23:46:08.0177 4296 RDPREFMP - ok

23:46:08.0263 4296 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys

23:46:08.0462 4296 RDPWD - ok

23:46:08.0558 4296 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

23:46:08.0724 4296 rdyboost - ok

23:46:08.0783 4296 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll

23:46:08.0939 4296 RemoteAccess - ok

23:46:08.0985 4296 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll

23:46:09.0140 4296 RemoteRegistry - ok

23:46:09.0199 4296 Rezip (f85ae59a52885f4b09aadafb23001a3b) C:\windows\SYSTEM32\Rezip.exe

23:46:09.0608 4296 Rezip ( UnsignedFile.Multi.Generic ) - warning

23:46:09.0608 4296 Rezip - detected UnsignedFile.Multi.Generic (1)

23:46:09.0666 4296 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

23:46:09.0745 4296 RFCOMM - ok

23:46:09.0798 4296 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll

23:46:09.0919 4296 RpcEptMapper - ok

23:46:09.0960 4296 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe

23:46:10.0040 4296 RpcLocator - ok

23:46:10.0200 4296 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll

23:46:10.0356 4296 RpcSs - ok

23:46:10.0406 4296 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

23:46:10.0549 4296 rspndr - ok

23:46:10.0583 4296 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys

23:46:10.0720 4296 RTL8167 - ok

23:46:10.0767 4296 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys

23:46:10.0850 4296 SABI - ok

23:46:10.0883 4296 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

23:46:10.0956 4296 SamSs - ok

23:46:11.0022 4296 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

23:46:11.0141 4296 sbp2port - ok

23:46:11.0172 4296 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll

23:46:11.0313 4296 SCardSvr - ok

23:46:11.0375 4296 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

23:46:11.0484 4296 scfilter - ok

23:46:11.0588 4296 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll

23:46:11.0799 4296 Schedule - ok

23:46:11.0860 4296 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll

23:46:11.0983 4296 SCPolicySvc - ok

23:46:12.0037 4296 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll

23:46:12.0166 4296 SDRSVC - ok

23:46:12.0269 4296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

23:46:12.0395 4296 secdrv - ok

23:46:12.0430 4296 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll

23:46:12.0554 4296 seclogon - ok

23:46:12.0601 4296 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll

23:46:12.0739 4296 SENS - ok

23:46:12.0786 4296 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

23:46:12.0867 4296 Serenum - ok

23:46:12.0903 4296 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

23:46:13.0146 4296 Serial - ok

23:46:13.0286 4296 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

23:46:13.0357 4296 sermouse - ok

23:46:13.0454 4296 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll

23:46:13.0602 4296 SessionEnv - ok

23:46:13.0647 4296 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

23:46:13.0748 4296 sffdisk - ok

23:46:13.0775 4296 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

23:46:13.0855 4296 sffp_mmc - ok

23:46:13.0885 4296 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

23:46:13.0967 4296 sffp_sd - ok

23:46:14.0000 4296 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

23:46:14.0078 4296 sfloppy - ok

23:46:14.0130 4296 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll

23:46:14.0407 4296 SharedAccess - ok

23:46:14.0488 4296 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll

23:46:14.0647 4296 ShellHWDetection - ok

23:46:14.0741 4296 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

23:46:14.0850 4296 sisagp - ok

23:46:14.0897 4296 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

23:46:14.0975 4296 SiSRaid2 - ok

23:46:14.0996 4296 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

23:46:15.0090 4296 SiSRaid4 - ok

23:46:15.0119 4296 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

23:46:15.0286 4296 Smb - ok

23:46:15.0351 4296 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe

23:46:15.0447 4296 SNMPTRAP - ok

23:46:15.0476 4296 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

23:46:15.0536 4296 spldr - ok

23:46:15.0623 4296 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe

23:46:15.0776 4296 Spooler - ok

23:46:16.0000 4296 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe

23:46:16.0543 4296 sppsvc - ok

23:46:16.0696 4296 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll

23:46:16.0839 4296 sppuinotify - ok

23:46:16.0927 4296 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

23:46:17.0035 4296 srv - ok

23:46:17.0074 4296 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

23:46:17.0170 4296 srv2 - ok

23:46:17.0200 4296 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

23:46:17.0278 4296 srvnet - ok

23:46:17.0336 4296 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll

23:46:17.0472 4296 SSDPSRV - ok

23:46:17.0503 4296 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll

23:46:17.0624 4296 SstpSvc - ok

23:46:17.0661 4296 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

23:46:17.0724 4296 stexstor - ok

23:46:17.0808 4296 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll

23:46:17.0922 4296 StiSvc - ok

23:46:17.0989 4296 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

23:46:18.0048 4296 swenum - ok

23:46:18.0109 4296 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll

23:46:18.0287 4296 swprv - ok

23:46:18.0358 4296 SynTP (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys

23:46:18.0431 4296 SynTP - ok

23:46:18.0554 4296 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll

23:46:18.0741 4296 SysMain - ok

23:46:18.0802 4296 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll

23:46:18.0949 4296 TabletInputService - ok

23:46:19.0022 4296 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\windows\system32\DRIVERS\taphss.sys

23:46:19.0099 4296 taphss - ok

23:46:19.0178 4296 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll

23:46:19.0332 4296 TapiSrv - ok

23:46:19.0366 4296 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll

23:46:19.0522 4296 TBS - ok

23:46:19.0690 4296 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys

23:46:19.0828 4296 Tcpip - ok

23:46:19.0871 4296 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys

23:46:20.0004 4296 TCPIP6 - ok

23:46:20.0069 4296 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

23:46:20.0199 4296 tcpipreg - ok

23:46:20.0265 4296 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

23:46:20.0345 4296 TDPIPE - ok

23:46:20.0415 4296 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys

23:46:20.0492 4296 TDTCP - ok

23:46:20.0547 4296 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

23:46:20.0702 4296 tdx - ok

23:46:20.0771 4296 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

23:46:20.0902 4296 TermDD - ok

23:46:20.0979 4296 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll

23:46:21.0172 4296 TermService - ok

23:46:21.0243 4296 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll

23:46:21.0372 4296 Themes - ok

23:46:21.0418 4296 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

23:46:21.0531 4296 THREADORDER - ok

23:46:21.0585 4296 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll

23:46:21.0739 4296 TrkWks - ok

23:46:21.0818 4296 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys

23:46:21.0865 4296 TrueSight ( UnsignedFile.Multi.Generic ) - warning

23:46:21.0865 4296 TrueSight - detected UnsignedFile.Multi.Generic (1)

23:46:21.0969 4296 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe

23:46:22.0213 4296 TrustedInstaller - ok

23:46:22.0259 4296 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

23:46:22.0389 4296 tssecsrv - ok

23:46:22.0474 4296 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

23:46:22.0586 4296 TsUsbFlt - ok

23:46:22.0672 4296 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

23:46:22.0774 4296 tunnel - ok

23:46:22.0815 4296 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

23:46:22.0904 4296 uagp35 - ok

23:46:22.0981 4296 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

23:46:23.0098 4296 udfs - ok

23:46:23.0148 4296 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe

23:46:23.0280 4296 UI0Detect - ok

23:46:23.0343 4296 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

23:46:23.0443 4296 uliagpkx - ok

23:46:23.0514 4296 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

23:46:23.0614 4296 umbus - ok

23:46:23.0644 4296 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

23:46:23.0696 4296 UmPass - ok

23:46:23.0739 4296 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll

23:46:23.0896 4296 upnphost - ok

23:46:23.0974 4296 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys

23:46:24.0115 4296 usbaudio - ok

23:46:24.0175 4296 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

23:46:24.0319 4296 usbccgp - ok

23:46:24.0391 4296 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

23:46:24.0477 4296 usbcir - ok

23:46:24.0535 4296 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

23:46:24.0618 4296 usbehci - ok

23:46:24.0673 4296 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

23:46:24.0766 4296 usbhub - ok

23:46:24.0805 4296 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

23:46:24.0888 4296 usbohci - ok

23:46:24.0941 4296 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

23:46:25.0019 4296 usbprint - ok

23:46:25.0065 4296 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

23:46:25.0169 4296 usbscan - ok

23:46:25.0231 4296 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

23:46:25.0390 4296 USBSTOR - ok

23:46:25.0430 4296 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

23:46:25.0500 4296 usbuhci - ok

23:46:25.0583 4296 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

23:46:25.0664 4296 usbvideo - ok

23:46:25.0703 4296 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll

23:46:25.0830 4296 UxSms - ok

23:46:25.0874 4296 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

23:46:25.0969 4296 VaultSvc - ok

23:46:26.0009 4296 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys

23:46:26.0108 4296 VClone - ok

23:46:26.0170 4296 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

23:46:26.0246 4296 vdrvroot - ok

23:46:26.0348 4296 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe

23:46:26.0519 4296 vds - ok

23:46:26.0559 4296 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

23:46:26.0653 4296 vga - ok

23:46:26.0687 4296 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

23:46:26.0795 4296 VgaSave - ok

23:46:26.0852 4296 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

23:46:26.0926 4296 vhdmp - ok

23:46:26.0990 4296 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

23:46:27.0081 4296 viaagp - ok

23:46:27.0121 4296 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

23:46:27.0208 4296 ViaC7 - ok

23:46:27.0234 4296 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

23:46:27.0287 4296 viaide - ok

23:46:27.0320 4296 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

23:46:27.0409 4296 volmgr - ok

23:46:27.0449 4296 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

23:46:27.0534 4296 volmgrx - ok

23:46:27.0612 4296 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

23:46:27.0687 4296 volsnap - ok

23:46:27.0830 4296 vpnagent (d6653180d162cb3144fdbc8a651cebb1) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

23:46:28.0021 4296 vpnagent - ok

23:46:28.0093 4296 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\windows\system32\DRIVERS\vpnva.sys

23:46:28.0156 4296 vpnva - ok

23:46:28.0212 4296 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

23:46:28.0352 4296 vsmraid - ok

23:46:28.0467 4296 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe

23:46:28.0691 4296 VSS - ok

23:46:28.0737 4296 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

23:46:28.0826 4296 vwifibus - ok

23:46:28.0866 4296 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

23:46:28.0971 4296 vwififlt - ok

23:46:29.0027 4296 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys

23:46:29.0099 4296 vwifimp - ok

23:46:29.0165 4296 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll

23:46:29.0310 4296 W32Time - ok

23:46:29.0343 4296 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

23:46:29.0426 4296 WacomPen - ok

23:46:29.0486 4296 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

23:46:29.0632 4296 WANARP - ok

23:46:29.0645 4296 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

23:46:29.0776 4296 Wanarpv6 - ok

23:46:29.0901 4296 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe

23:46:30.0194 4296 wbengine - ok

23:46:30.0255 4296 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll

23:46:30.0370 4296 WbioSrvc - ok

23:46:30.0453 4296 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll

23:46:30.0582 4296 wcncsvc - ok

23:46:30.0614 4296 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll

23:46:30.0738 4296 WcsPlugInService - ok

23:46:30.0801 4296 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

23:46:30.0864 4296 Wd - ok

23:46:30.0912 4296 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

23:46:30.0987 4296 Wdf01000 - ok

23:46:31.0018 4296 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

23:46:31.0143 4296 WdiServiceHost - ok

23:46:31.0157 4296 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

23:46:31.0248 4296 WdiSystemHost - ok

23:46:31.0316 4296 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll

23:46:31.0441 4296 WebClient - ok

23:46:31.0492 4296 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll

23:46:31.0625 4296 Wecsvc - ok

23:46:31.0654 4296 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll

23:46:31.0771 4296 wercplsupport - ok

23:46:31.0812 4296 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll

23:46:31.0934 4296 WerSvc - ok

23:46:31.0984 4296 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

23:46:32.0088 4296 WfpLwf - ok

23:46:32.0120 4296 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

23:46:32.0184 4296 WIMMount - ok

23:46:32.0290 4296 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

23:46:32.0460 4296 WinDefend - ok

23:46:32.0482 4296 WinHttpAutoProxySvc - ok

23:46:32.0560 4296 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll

23:46:32.0704 4296 Winmgmt - ok

23:46:32.0827 4296 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll

23:46:33.0058 4296 WinRM - ok

23:46:33.0205 4296 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys

23:46:33.0299 4296 WinUsb - ok

23:46:33.0397 4296 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll

23:46:33.0550 4296 Wlansvc - ok

23:46:33.0613 4296 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

23:46:33.0693 4296 WmiAcpi - ok

23:46:33.0763 4296 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe

23:46:33.0946 4296 wmiApSrv - ok

23:46:34.0110 4296 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

23:46:34.0493 4296 WMPNetworkSvc - ok

23:46:34.0525 4296 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll

23:46:34.0626 4296 WPCSvc - ok

23:46:34.0691 4296 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll

23:46:34.0800 4296 WPDBusEnum - ok

23:46:34.0865 4296 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

23:46:34.0973 4296 ws2ifsl - ok

23:46:35.0021 4296 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll

23:46:35.0212 4296 wscsvc - ok

23:46:35.0226 4296 WSearch - ok

23:46:35.0406 4296 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll

23:46:35.0669 4296 wuauserv - ok

23:46:35.0846 4296 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

23:46:36.0020 4296 WudfPf - ok

23:46:36.0096 4296 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

23:46:36.0196 4296 WUDFRd - ok

23:46:36.0310 4296 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll

23:46:36.0446 4296 wudfsvc - ok

23:46:36.0533 4296 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll

23:46:36.0634 4296 WwanSvc - ok

23:46:36.0726 4296 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys

23:46:36.0857 4296 yukonw7 - ok

23:46:36.0975 4296 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0

23:46:37.0473 4296 \Device\Harddisk0\DR0 - ok

23:46:37.0482 4296 Boot (0x1200) (95099517972e5513e32c2d8ee0fc9e54) \Device\Harddisk0\DR0\Partition0

23:46:37.0485 4296 \Device\Harddisk0\DR0\Partition0 - ok

23:46:37.0511 4296 Boot (0x1200) (fae2ec81b7c69eb5164fce781bf3e03e) \Device\Harddisk0\DR0\Partition1

23:46:37.0514 4296 \Device\Harddisk0\DR0\Partition1 - ok

23:46:37.0546 4296 Boot (0x1200) (4385b450a436503a66ab30dec1a7a5b8) \Device\Harddisk0\DR0\Partition2

23:46:37.0549 4296 \Device\Harddisk0\DR0\Partition2 - ok

23:46:37.0550 4296 ============================================================

23:46:37.0550 4296 Scan finished

23:46:37.0550 4296 ============================================================

23:46:37.0580 5556 Detected object count: 2

23:46:37.0580 5556 Actual detected object count: 2

23:46:54.0426 5556 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user

23:46:54.0426 5556 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:46:54.0429 5556 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

23:46:54.0429 5556 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

That scan was clean...

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

<p> </p>

<div>ComboFix 12-04-25.01 - Arne 26.04.2012   0:08.1.2 - x86</div>

<div>Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1033.18.1013.427 [GMT 8:00]</div>

<div>ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe</div>

<div>AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}</div>

<div>SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}</div>

<div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\programdata\FullRemove.exe</div>

<div>c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\weave\toFetch</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((   Dateien erstellt von 2012-03-25 bis 2012-04-25  ))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2012-04-25 16:21 . 2012-04-25 16:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Local\temp</div>

<div>2012-04-25 16:21 . 2012-04-25 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2012-04-25 14:53 . 2012-04-25 14:53<span class="Apple-tab-span" style="white-space:pre"> </span>29904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys</div>

<div>2012-04-25 14:52 . 2012-04-25 14:52<span class="Apple-tab-span" style="white-space:pre"> </span>13824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\TrueSight.sys</div>

<div>2012-04-25 10:50 . 2012-04-13 07:36<span class="Apple-tab-span" style="white-space:pre"> </span>6734704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\mpengine.dll</div>

<div>2012-04-23 07:43 . 2012-04-23 07:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\igowin</div>

<div>2012-04-18 15:22 . 2012-04-19 04:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Anvisoft</div>

<div>2012-04-18 11:43 . 2012-04-18 11:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Roaming\Malwarebytes</div>

<div>2012-04-18 11:42 . 2012-04-18 11:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div>

<div>2012-04-18 11:42 . 2012-04-04 07:56<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-04-18 11:42 . 2012-04-18 11:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div>

<div>2012-04-18 07:14 . 2012-04-18 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\.FBReader</div>

<div>2012-04-18 07:09 . 2012-04-18 07:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\FBReader</div>

<div>2012-04-18 06:52 . 2012-04-18 07:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Roaming\calibre</div>

<div>2012-04-17 16:22 . 2012-03-01 05:46<span class="Apple-tab-span" style="white-space:pre"> </span>19824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fs_rec.sys</div>

<div>2012-04-17 16:22 . 2012-03-01 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>172544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div>

<div>2012-04-17 16:22 . 2012-03-01 05:29<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmi.dll</div>

<div>2012-04-17 16:22 . 2012-03-01 05:33<span class="Apple-tab-span" style="white-space:pre"> </span>159232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div>

<div>2012-04-17 16:21 . 2012-03-06 05:59<span class="Apple-tab-span" style="white-space:pre"> </span>3968368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div>

<div>2012-04-17 16:21 . 2012-03-06 05:59<span class="Apple-tab-span" style="white-space:pre"> </span>3913072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div>

<div>2012-04-17 16:18 . 2012-02-17 05:34<span class="Apple-tab-span" style="white-space:pre"> </span>826880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcore.dll</div>

<div>2012-04-09 16:20 . 2012-04-09 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>592824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\gkmedias.dll</div>

<div>2012-04-09 16:20 . 2012-04-09 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>44472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\mozglue.dll</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2012-04-13 07:36 . 2010-08-27 13:12<span class="Apple-tab-span" style="white-space:pre"> </span>6734704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll</div>

<div>2012-02-25 08:00 . 2012-02-25 08:00<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>

<div>2012-02-11 09:49 . 2012-02-11 09:50<span class="Apple-tab-span" style="white-space:pre"> </span>713784<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69CC0D8-4232-4E28-96E6-3CBF44FDAA19}\gapaengine.dll</div>

<div>2012-01-31 12:44 . 2010-08-25 15:07<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div>

<div>2012-04-09 16:20 . 2012-02-19 05:20<span class="Apple-tab-span" style="white-space:pre"> </span>97208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\browsercomps.dll</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-18 8092192]</div>

<div>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]</div>

<div>"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]</div>

<div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]</div>

<div>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]</div>

<div>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]</div>

<div>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]</div>

<div>"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]</div>

<div>"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]</div>

<div>"Google Pinyin 3 Autoupdater"="c:\program files\Google\Google Pinyin 3\GooglePinyinDaemon.exe" [2011-09-29 1181240]</div>

<div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]</div>

<div>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]</div>

<div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]</div>

<div>"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]</div>

<div>.</div>

<div>c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>Sticky Notes.lnk - c:\program files\Sticky Notes\StickyNotes.exe [2010-5-2 503808]</div>

<div>.</div>

<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div>

<div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]</div>

<div>   Ime File<span class="Apple-tab-span" style="white-space:pre"> </span>REG_SZ         <span class="Apple-tab-span" style="white-space:pre"> </span>GOOGLEPINYIN3.IME</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]</div>

<div>@="Service"</div>

<div>.</div>

<div>R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]</div>

<div>R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]</div>

<div>R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]</div>

<div>R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]</div>

<div>R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]</div>

<div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]</div>

<div>S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]</div>

<div>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]</div>

<div>.</div>

<div>.</div>

<div>--- Andere Dienste/Treiber im Speicher ---</div>

<div>.</div>

<div>*NewlyCreated* - 84100573</div>

<div>*NewlyCreated* - MPKSL649AFCB5</div>

<div>*NewlyCreated* - TRUESIGHT</div>

<div>*Deregistered* - 84100573</div>

<div>*Deregistered* - TrueSight</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div>

<div>LocalServiceAndNoImpersonation<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc</div>

<div>.</div>

<div>Inhalt des "geplante Tasks" Ordners</div>

<div>.</div>

<div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]</div>

<div>.</div>

<div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]</div>

<div>.</div>

<div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job</div>

<div>- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]</div>

<div>.</div>

<div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job</div>

<div>- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]</div>

<div>.</div>

<div>.</div>

<div>------- Zusätzlicher Suchlauf -------</div>

<div>.</div>

<div>uStart Page = hxxp://www.google.com/</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000</div>

<div>IE: Free YouTube to Mp3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm</div>

<div>IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html</div>

<div>IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm</div>

<div>IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm</div>

<div>TCP: DhcpNameServer = 10.0.0.1</div>

<div>FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\</div>

<div>FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)</div>

<div>FF - prefs.js: browser.startup.homepage - www.google.com</div>

<div>FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=</div>

<div>FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac</div>

<div>FF - prefs.js: network.proxy.type - 0</div>

<div>.</div>

<div>- - - - Entfernte verwaiste Registrierungseinträge - - - -</div>

<div>.</div>

<div>Toolbar-Locked - (no file)</div>

<div>SafeBoot-MCODS</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>--------------------- Gesperrte Registrierungsschluessel ---------------------</div>

<div>.</div>

<div>[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]</div>

<div>@Denied: (2) (LocalSystem)</div>

<div>"Progid"="WindowsLiveMail.Email.1"</div>

<div>.</div>

<div>[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]</div>

<div>@Denied: (2) (LocalSystem)</div>

<div>"Progid"="WindowsLiveMail.VCard.1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div>

<div>@Denied: (Full) (Everyone)</div>

<div>.</div>

<div>Zeit der Fertigstellung: 2012-04-26  00:27:54</div>

<div>ComboFix-quarantined-files.txt  2012-04-25 16:27</div>

<div>.</div>

<div>Vor Suchlauf: 96.187.310.080 bytes free</div>

<div>Nach Suchlauf: 96.988.626.944 bytes free</div>

<div>.</div>

<div>- - End Of File - - 1CAF1DBA8C5172C1532731C2AED11B0F</div>

<div> </div>

Link to post
Share on other sites

ComboFix 12-04-25.01 - Arne 26.04.2012 0:08.1.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.427 [GMT 8:00]

ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\weave\toFetch

.

.

((((((((((((((((((((((( Dateien erstellt von 2012-03-25 bis 2012-04-25 ))))))))))))))))))))))))))))))

.

.

2012-04-25 16:21 . 2012-04-25 16:22 -------- d-----w- c:\users\Arne\AppData\Local\temp

2012-04-25 16:21 . 2012-04-25 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-25 14:53 . 2012-04-25 14:53 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys

2012-04-25 14:52 . 2012-04-25 14:52 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-04-25 10:50 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\mpengine.dll

2012-04-23 07:43 . 2012-04-23 07:43 -------- d-----w- c:\program files\igowin

2012-04-18 15:22 . 2012-04-19 04:21 -------- d-----w- c:\program files\Anvisoft

2012-04-18 11:43 . 2012-04-18 11:43 -------- d-----w- c:\users\Arne\AppData\Roaming\Malwarebytes

2012-04-18 11:42 . 2012-04-18 11:42 -------- d-----w- c:\programdata\Malwarebytes

2012-04-18 11:42 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-18 11:42 . 2012-04-18 11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-18 07:14 . 2012-04-18 07:28 -------- d-----w- c:\users\Arne\.FBReader

2012-04-18 07:09 . 2012-04-18 07:09 -------- d-----w- c:\program files\FBReader

2012-04-18 06:52 . 2012-04-18 07:12 -------- d-----w- c:\users\Arne\AppData\Roaming\calibre

2012-04-17 16:22 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-17 16:22 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-17 16:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-17 16:22 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-17 16:21 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-17 16:21 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-17 16:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-04-09 16:20 . 2012-04-09 16:20 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-04-09 16:20 . 2012-04-09 16:20 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 07:36 . 2010-08-27 13:12 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-25 08:00 . 2012-02-25 08:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-11 09:49 . 2012-02-11 09:50 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69CC0D8-4232-4E28-96E6-3CBF44FDAA19}\gapaengine.dll

2012-01-31 12:44 . 2010-08-25 15:07 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-04-09 16:20 . 2012-02-19 05:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-18 8092192]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"Google Pinyin 3 Autoupdater"="c:\program files\Google\Google Pinyin 3\GooglePinyinDaemon.exe" [2011-09-29 1181240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Sticky Notes.lnk - c:\program files\Sticky Notes\StickyNotes.exe [2010-5-2 503808]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

Ime File REG_SZ GOOGLEPINYIN3.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 84100573

*NewlyCreated* - MPKSL649AFCB5

*NewlyCreated* - TRUESIGHT

*Deregistered* - 84100573

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job

- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job

- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=

FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

SafeBoot-MCODS

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-04-26 00:27:54

ComboFix-quarantined-files.txt 2012-04-25 16:27

.

Vor Suchlauf: 96.187.310.080 bytes free

Nach Suchlauf: 96.988.626.944 bytes free

.

- - End Of File - - 1CAF1DBA8C5172C1532731C2AED11B0F

Link to post
Share on other sites

Please let me know if there's any improvement as we go along.

Run this scan......

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Link to post
Share on other sites

Just as I was running the scan I had another pop up come up, this time not blocked by Malwarebytes (which I have re-enabled) :(

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-26 10:22:03

-----------------------------

10:22:03.377 OS Version: Windows 6.1.7601 Service Pack 1

10:22:03.377 Number of processors: 2 586 0x1C0A

10:22:03.439 ComputerName: ARNE-PC UserName: Arne

10:22:15.966 Initialize success

10:26:51.737 AVAST engine defs: 12042501

10:27:19.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

10:27:19.286 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3

10:27:19.349 Disk 0 MBR read successfully

10:27:19.349 Disk 0 MBR scan

10:27:19.442 Disk 0 unknown MBR code

10:27:19.489 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048

10:27:19.645 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328

10:27:19.832 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 153877 MB offset 31664128

10:27:19.957 Disk 0 Partition - 00 0F Extended LBA 69136 MB offset 346804224

10:27:20.004 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 69135 MB offset 346806272

10:27:20.160 Disk 0 scanning sectors +488395120

10:27:20.394 Disk 0 scanning C:\windows\system32\drivers

10:27:58.988 Service scanning

10:28:30.766 Service MpKslf19de2ff c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA898340-CC50-4996-8ECC-1C3A487DFD79}\MpKslf19de2ff.sys **LOCKED** 32

10:28:31.109 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

10:29:12.402 Modules scanning

10:29:33.602 Disk 0 trace - called modules:

10:29:33.649 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll

10:29:33.665 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e76268]

10:29:33.680 3 CLASSPNP.SYS[86d7759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83753028]

10:29:34.460 AVAST engine scan C:\windows

10:29:45.927 AVAST engine scan C:\windows\system32

10:38:55.462 AVAST engine scan C:\windows\system32\drivers

10:39:42.319 AVAST engine scan C:\Users\Arne

10:48:40.301 Disk 0 MBR has been saved successfully to "C:\Users\Arne\Desktop\MBR.dat"

10:48:40.391 The log file has been saved successfully to "C:\Users\Arne\Desktop\aswMBR.txt"

Link to post
Share on other sites

See if you can upload this file to VirusTotal for a free scan, let me know the results (just copy back the url)

c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA898340-CC50-4996-8ECC-1C3A487DFD79}\MpKslf19de2ff.sys

http://www.virustotal.com/

You may have to enable hidden files to see it:

http://www.bleepingc...s-in-windows-7/

MrC

Link to post
Share on other sites

Did you just install this program?

Skype™ 4.2

TCP: Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

----------------------------------------

Click on the link that pertains to your country and see if it comes up green.

http://www.dns-ok.us/ <--------for USA

http://www.dcwg.org/detect/ <---other countries

----------------------------------------

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes

---------------------------------------

Please update and run a Full Scan with Microsoft Security Essentials, let me know if it finds anything.

MrC

Link to post
Share on other sites

I have Skype 4.2, but it's been on my PC for a long time. I don't know how to check for the two parameters you mentioned in connection with Skype.

I tried every website and they all came back green. I am located in China, so I don't know if they work over here.

Listparts scan:

ListParts by Farbar Version: 12-03-2012 03

Ran by Arne (administrator) on 27-04-2012 at 00:13:43

Windows 7 (X86)

Running From: C:\Users\Arne\Downloads

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 76%

Total physical RAM: 1013.3 MB

Available physical RAM: 242.37 MB

Total Pagefile: 2037.3 MB

Available Pagefile: 497.63 MB

Total Virtual: 2047.88 MB

Available Virtual: 1956.37 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:150.27 GB) (Free:89.9 GB) NTFS

2 Drive d: () (Fixed) (Total:67.51 GB) (Free:65.42 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 1024 KB

Disk 1 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 15 GB 1024 KB

Partition 2 Primary 100 MB 15 GB

Partition 3 Primary 150 GB 15 GB

Partition 0 Extended 67 GB 165 GB

Partition 4 Logical 67 GB 165 GB

======================================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 RECOVERY NTFS Partition 15 GB Healthy Hidden

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 150 GB Healthy Boot

======================================================================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D NTFS Partition 67 GB Healthy

======================================================================================================

****** End Of Log ******

I will have to get back to you with the results of the Security Essentials scan tomorrow.

Thanks

Link to post
Share on other sites

OK, go to your control panels add/remove programs and uninstall this:

Java™ 6 Update 22

Then in your control panel >Java > Update Tab > Update Now

Java™ 6 Update 29 <---should be Java™ 6 Update 31

-------------------------------------

Next....

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL logfile created on: 4/27/2012 11:53:35 PM - Run 1

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Arne\Desktop

Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

1013.30 Mb Total Physical Memory | 157.65 Mb Available Physical Memory | 15.56% Memory free

2.10 Gb Paging File | 0.61 Gb Available in Paging File | 28.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 150.27 Gb Total Space | 90.28 Gb Free Space | 60.08% Space Free | Partition Type: NTFS

Drive D: | 67.51 Gb Total Space | 65.42 Gb Free Space | 96.90% Space Free | Partition Type: NTFS

Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/27 23:52:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/09/29 20:13:22 | 000,771,640 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe

PRC - [2011/09/29 20:13:19 | 001,181,240 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe

PRC - [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2011/01/17 18:37:40 | 000,307,200 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\scalc.exe

PRC - [2010/11/23 14:26:41 | 000,503,808 | ---- | M] (Author - Igor Vigdorchik) -- C:\Program Files\Sticky Notes\StickyNotes.exe

PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/11/20 12:01:36 | 002,247,168 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

PRC - [2009/10/26 19:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

PRC - [2009/10/02 23:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2009/10/02 23:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

PRC - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/12 15:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll

MOD - [2012/04/12 15:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll

MOD - [2012/04/12 15:36:18 | 000,544,240 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\libglesv2.dll

MOD - [2012/04/12 15:36:17 | 000,117,744 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\libegl.dll

MOD - [2012/04/12 15:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll

MOD - [2012/04/12 15:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll

MOD - [2012/04/12 15:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll

MOD - [2012/04/12 14:51:55 | 008,743,584 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll

MOD - [2011/09/29 20:13:22 | 000,771,640 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe

MOD - [2011/03/15 20:40:00 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2011/03/15 20:40:00 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/10/02 23:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Arne\AppData\Local\Temp\phoenix\PhnxBldr.sys -- (PhnxBuilder)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\HyperSpace\PhnxBldr.sys -- (PhnxBldr)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arne\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arne\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - [2012/04/27 08:15:47 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48200D8E-3AB9-437A-A139-7AE66C543B8C}\MpKsl61bf4070.sys -- (MpKsl61bf4070)

DRV - [2012/04/25 22:52:35 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2011/08/04 04:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)

DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/06/17 04:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)

DRV - [2009/09/28 17:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/02 04:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)

DRV - [2009/05/01 18:11:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{4C7AABE8-8045-4207-926A-F5EE06FA9BD6}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}

IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_en

IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{8B5AE1A3-BDD6-4CE8-8289-C5C05BBAAA7F}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "http://www.google.com/search?hl=en-GB&q="

FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.io8.org/autoproxy/e1.pac"

FF - prefs.js..network.proxy.http: "http://proxy.io8.org/autoproxy/e1.pac"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/10 00:20:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/27 23:42:54 | 000,000,000 | ---D | M]

[2010/07/02 20:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\Mozilla\Extensions

[2012/02/25 21:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions

[2012/02/19 14:49:05 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

[2012/02/25 21:55:52 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions\chineseperakun@gmail.com

[2010/10/24 00:05:57 | 000,001,632 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\firefox-add-ons.xml

[2010/10/24 00:09:28 | 000,001,330 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\wikipedia-en.xml

[2010/10/24 00:36:42 | 000,001,032 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\wikipedia-eng.xml

[2012/04/27 23:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/04/27 23:43:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

[2012/04/10 00:20:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/02/16 18:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/07/08 18:12:54 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2012/02/16 18:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: google.com (Default) (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?hl=en&source=hp&biw=1228&bih=610&q={searchTerms}&btnG=Google+Search&aq=1&aqi=g10&aql=&oq=cowboy

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: Offline Google Mail = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\

CHR - Extension: Google Calendar = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\

CHR - Extension: Zhongwen: A Chinese-English Popup Dictionary = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde\3.2.1_0\

CHR - Extension: Google Play Books = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\

O1 HOSTS File: ([2012/04/26 00:22:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [Google Pinyin 3 Autoupdater] C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe (Google Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk = C:\Program Files\Sticky Notes\StickyNotes.exe (Author - Igor Vigdorchik)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 23:52:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe

[2012/04/27 23:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/04/26 10:16:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Arne\Desktop\aswMBR.exe

[2012/04/26 00:28:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/04/26 00:27:57 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012/04/26 00:21:51 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\temp

[2012/04/26 00:05:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/04/26 00:05:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/04/26 00:05:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/04/26 00:05:10 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2012/04/26 00:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/25 23:56:45 | 004,475,034 | R--- | C] (Swearware) -- C:\Users\Arne\Desktop\ComboFix.exe

[2012/04/25 22:52:28 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\RK_Quarantine

[2012/04/23 15:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\igowin

[2012/04/18 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft

[2012/04/18 23:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft

[2012/04/18 19:43:48 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Malwarebytes

[2012/04/18 19:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/18 19:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/04/18 19:42:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012/04/18 19:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/04/18 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\Arne\Documents\China Reading

[2012/04/18 15:14:04 | 000,000,000 | ---D | C] -- C:\Users\Arne\.FBReader

[2012/04/18 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FBReader for Windows

[2012/04/18 15:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows

[2012/04/18 15:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\FBReader

[2012/04/18 14:52:12 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\calibre

[2012/04/12 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\German

[2012/04/12 21:24:05 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\English

[2012/04/11 19:48:59 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\bigword

[2012/04/05 20:29:36 | 000,000,000 | ---D | C] -- C:\windows\Minidump

========== Files - Modified Within 30 Days ==========

[2012/04/27 23:52:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe

[2012/04/27 23:43:10 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job

[2012/04/27 23:13:03 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/27 22:43:10 | 000,000,094 | -H-- | M] () -- C:\Users\Arne\Documents\.~lock.Plan.ods#

[2012/04/27 22:43:04 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job

[2012/04/27 20:13:01 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/27 18:28:19 | 000,037,637 | ---- | M] () -- C:\Users\Arne\Documents\Plan.ods

[2012/04/27 16:45:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/04/26 16:31:18 | 000,649,912 | ---- | M] () -- C:\Users\Arne\Desktop\02.jpg

[2012/04/26 16:29:54 | 000,301,135 | ---- | M] () -- C:\Users\Arne\Desktop\01.jpg

[2012/04/26 10:49:37 | 000,254,651 | ---- | M] () -- C:\Users\Arne\Desktop\malware still there.jpg

[2012/04/26 10:48:40 | 000,000,512 | ---- | M] () -- C:\Users\Arne\Desktop\MBR.dat

[2012/04/26 10:17:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Arne\Desktop\aswMBR.exe

[2012/04/26 00:22:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2012/04/25 23:57:15 | 004,475,034 | R--- | M] (Swearware) -- C:\Users\Arne\Desktop\ComboFix.exe

[2012/04/25 23:51:07 | 000,194,984 | ---- | M] () -- C:\Users\Arne\Desktop\most recent malware.jpg

[2012/04/25 22:52:35 | 000,013,824 | ---- | M] () -- C:\windows\System32\drivers\TrueSight.sys

[2012/04/25 18:45:36 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/25 18:45:36 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/25 18:38:06 | 796,889,088 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/24 19:42:28 | 000,038,593 | ---- | M] () -- C:\Users\Arne\Desktop\outgoing malware small.jpg

[2012/04/24 19:41:36 | 000,208,399 | ---- | M] () -- C:\Users\Arne\Desktop\outgoing malware.jpg

[2012/04/24 13:02:27 | 154,344,779 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012/04/19 00:03:58 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012/04/19 00:03:58 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012/04/18 19:43:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/18 15:09:40 | 000,001,835 | ---- | M] () -- C:\Users\Arne\Desktop\FBReader.lnk

[2012/04/18 11:31:05 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/04/18 11:07:08 | 000,349,848 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2012/04/14 01:14:56 | 000,002,358 | ---- | M] () -- C:\Users\Arne\Desktop\Google Chrome.lnk

[2012/04/08 23:14:32 | 011,364,790 | ---- | M] () -- C:\Users\Arne\Documents\671790WP0P127500China020300complete.pdf

[2012/04/04 18:44:35 | 000,726,148 | ---- | M] () -- C:\Users\Arne\Documents\chinas_12th_five-year_plan.pdf

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/27 22:43:10 | 000,000,094 | -H-- | C] () -- C:\Users\Arne\Documents\.~lock.Plan.ods#

[2012/04/26 16:24:36 | 000,301,135 | ---- | C] () -- C:\Users\Arne\Desktop\01.jpg

[2012/04/26 16:24:19 | 000,649,912 | ---- | C] () -- C:\Users\Arne\Desktop\02.jpg

[2012/04/26 10:49:36 | 000,254,651 | ---- | C] () -- C:\Users\Arne\Desktop\malware still there.jpg

[2012/04/26 10:48:40 | 000,000,512 | ---- | C] () -- C:\Users\Arne\Desktop\MBR.dat

[2012/04/26 00:05:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/04/26 00:05:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/04/26 00:05:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/04/26 00:05:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/04/26 00:05:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/04/25 23:51:07 | 000,194,984 | ---- | C] () -- C:\Users\Arne\Desktop\most recent malware.jpg

[2012/04/25 22:52:35 | 000,013,824 | ---- | C] () -- C:\windows\System32\drivers\TrueSight.sys

[2012/04/24 19:42:27 | 000,038,593 | ---- | C] () -- C:\Users\Arne\Desktop\outgoing malware small.jpg

[2012/04/24 19:41:35 | 000,208,399 | ---- | C] () -- C:\Users\Arne\Desktop\outgoing malware.jpg

[2012/04/18 19:43:13 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/18 15:09:40 | 000,001,835 | ---- | C] () -- C:\Users\Arne\Desktop\FBReader.lnk

[2012/04/08 23:19:19 | 011,364,790 | ---- | C] () -- C:\Users\Arne\Documents\671790WP0P127500China020300complete.pdf

[2012/04/05 20:29:31 | 154,344,779 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012/04/04 18:44:42 | 000,726,148 | ---- | C] () -- C:\Users\Arne\Documents\chinas_12th_five-year_plan.pdf

[2011/09/29 20:13:23 | 000,305,720 | ---- | C] () -- C:\windows\System32\GooglePinyin3EnRes.dll

[2011/09/25 15:47:48 | 000,018,760 | ---- | C] () -- C:\windows\System32\QQVistaHelper.dll

[2011/09/02 15:11:11 | 000,004,608 | ---- | C] () -- C:\Users\Arne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/08/17 17:27:18 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat

[2010/12/21 16:11:28 | 000,007,599 | ---- | C] () -- C:\Users\Arne\AppData\Local\Resmon.ResmonCfg

[2010/11/23 14:57:24 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat

[2010/11/23 14:57:24 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat

[2010/11/23 14:57:24 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat

[2010/11/23 14:57:23 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat

[2010/08/25 21:14:55 | 000,000,000 | ---- | C] () -- C:\Users\Arne\AppData\Roaming\wklnhst.dat

[2010/08/08 22:51:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/06/29 22:31:44 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini

========== LOP Check ==========

[2012/02/11 17:32:06 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\.anki

[2012/02/11 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\.matplotlib

[2012/02/17 11:00:39 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Azureus

[2012/04/18 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\calibre

[2010/10/20 05:25:17 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DataCast

[2010/10/03 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/01/19 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\mplayer

[2010/08/25 06:36:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\OpenOffice.org

[2010/08/11 20:04:09 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PDF reDirect

[2011/02/09 18:45:53 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PlayFirst

[2010/08/25 21:14:56 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Template

[2011/09/25 16:01:12 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Tencent

[2011/06/22 10:36:37 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Windows Live Writer

[2012/04/24 13:02:44 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2011/11/12 00:53:35 | 000,033,915 | ---- | M] ()(C:\Users\Arne\Documents\??????????????????????.docx) -- C:\Users\Arne\Documents\北京中医药大学国医堂中医门诊部专家出诊时间表.docx

[2011/11/12 00:53:24 | 000,033,915 | ---- | C] ()(C:\Users\Arne\Documents\??????????????????????.docx) -- C:\Users\Arne\Documents\北京中医药大学国医堂中医门诊部专家出诊时间表.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:A42A9F39

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

OTL Extras logfile created on: 4/27/2012 11:53:36 PM - Run 1

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Arne\Desktop

Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

1013.30 Mb Total Physical Memory | 157.65 Mb Available Physical Memory | 15.56% Memory free

2.10 Gb Paging File | 0.61 Gb Available in Paging File | 28.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 150.27 Gb Total Space | 90.28 Gb Free Space | 60.08% Space Free | Partition Type: NTFS

Drive D: | 67.51 Gb Total Space | 65.42 Gb Free Space | 96.90% Space Free | Partition Type: NTFS

Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{172585EC-A1E4-4B74-830F-2D7C4C2C3E2C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5E81CDA4-8FC7-4303-B7A7-E0909113DFEA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{668E2972-5AC1-42D4-B84C-5B1E4B780BC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{6AD63518-332F-4098-8F62-AE4ED8AD1BDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{076C08A2-71AB-45FF-A705-794B0EF82BBA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{2595AB1F-AC01-4C45-A751-58A1CA407403}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E5C6471B-A467-490A-B202-30760FFAFA80}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{0FE0F6EF-5EFF-4946-ABAF-5156CD6BBFC4}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"UDP Query User{73D83F21-1D89-4EBE-A2B6-3B61D17820C0}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client

"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager

"{4725E135-CF7D-4906-B4D0-D9F5FED44254}" = PreSetup HyperSpace

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB

"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax

"{C455C4E0-6D64-4CA8-9CE7-C50ADCE61674}" = Xtra Controller Pro

"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program

"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software

"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)

"7-Zip" = 7-Zip 4.65

"8461-7759-5462-8226" = Vuze

"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Anki" = Anki

"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

"FBReader for Windows" = FBReader for Windows

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8

"GooglePinyin3" = 谷歌拼音输入法 3.0

"HDMI" = Intel® Graphics Media Accelerator Driver

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"PokerStars" = PokerStars

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TIPP10_is1" = TIPP10 Version 2.0.3

"Uninstall_is1" = Uninstall 1.0.0.1

"VirtualCloneDrive" = VirtualCloneDrive

"VLC media player" = VLC media player 1.1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/11/2012 12:56:30 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 4/13/2012 12:52:02 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung

Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/13/2012 12:53:19 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/13/2012 12:55:04 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 4/13/2012 12:57:35 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/13/2012 12:57:41 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/13/2012 1:45:50 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung

Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/13/2012 1:47:21 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/16/2012 5:44:01 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung

Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/16/2012 9:14:17 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung

Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Cisco AnyConnect VPN Client Events ]

Error - 4/26/2012 7:44:21 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:

644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196

(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 4/26/2012 7:44:21 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:

190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)

Description:

ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866

Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp

Line:

2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866

Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:

2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp

Line:

7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196

(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:

5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196

(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321

Invoked

Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:

ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283

Invoked

Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:

ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp

Line:

5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)

Description:

ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:

4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)

Description:

ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

[ System Events ]

Error - 6/27/2011 2:38:53 AM | Computer Name = Arne-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 6/28/2011 12:28:51 AM | Computer Name = Arne-PC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.107.463.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 6/28/2011 6:36:30 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Netman service.

Error - 6/29/2011 7:56:51 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Netman service.

Error - 6/29/2011 8:00:55 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 7/3/2011 7:24:11 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the PlugPlay service.

Error - 7/3/2011 11:20:11 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Wlansvc service.

Error - 7/4/2011 5:10:33 AM | Computer Name = Arne-PC | Source = DCOM | ID = 10010

Description =

Error - 7/4/2011 5:13:03 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 7/4/2011 5:13:20 AM | Computer Name = Arne-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

< End of report >

Link to post
Share on other sites

Not much showing....please do this:

Download, upzip the attached file (flush.zip), don't run it yet.

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

This will reboot the computer.

Now right click on flush.bat and choose "Run as Administrator"

-------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

flush.zip

Link to post
Share on other sites

Hey, sorry I didn't see your last post, I will do it tomorrow.. btw. this is the last time Malwarebytes blocked anything:

2012/04/26 00:59:13 +0800 IP-BLOCK 60.190.222.181 (Type: outgoing, Port: 50196, Process: chrome.exe)

so fingers crossed, maybe something helped along the way :)

Link to post
Share on other sites

Ok, so I thought I was good, then I got the same thing again:

2012/05/02 10:52:53 +0800 IP-BLOCK 122.70.141.101 (Type: outgoing, Port: 59021, Process: chrome.exe)

Here is the OTL log:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Arne

->Java cache emptied: 10237700 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 10.00 mb

[EMPTYTEMP]

User: All Users

User: Arne

->Temp folder emptied: 56522282 bytes

->Temporary Internet Files folder emptied: 56483518 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 80288214 bytes

->Google Chrome cache emptied: 363081678 bytes

->Flash cache emptied: 112725 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 74464 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 531.00 mb

OTL by OldTimer - Version 3.2.42.1 log created on 05032012_122652

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Here is the MBAM, ran a full scan:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.03.01

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

[administrator]

Protection: Enabled

03.05.2012 13:29:15

mbam-log-2012-05-03 (13-29-15).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 293548

Time elapsed: 1 hour(s), 26 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.