Jump to content

Locked out. Desktop hangs, no icons, stuck on spinning wheel -Safe Mode OK


Recommended Posts

I am convinced I am infected ! This is my first time being shutdown like this... :(

1. The computer lags on the "Welcome" screen and desktop does not load... Wheel keeps on spinning and nothing else.

2. Safe Mode works. BUT, in safe mode, MBAM scan hangs on certain files....The computer just freezes. Same for Superantispyware and Bitdefender web scan. So I am pretty sure I am hosed...

3. Chameleon modes in MBAM also freeze the computer when scanner starts. Tried only first three steps in Chameleon help...

My logs are attached.

Thanks !

Attach.txt

DDS.txt

Link to post
Share on other sites

There is a network proxy set in Firefox, it locates to somewhere in Madras, India. Did you set that or know about it?

Download Farbar Recovery Scan Tool on a clean PC (if possible) and save to a flash drive (memory stick). Use which ever of the folllowing is applicable to your system. (32 or 64 bit)

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <--- 64 bit version Save to USB flash drive

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <--- 32 bit version Save to USB Flash drive

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012

Ran by SYSTEM at 29-12-2012 10:39:36

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet003

==================== Registry (Whitelisted) ===================

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ===================

4 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)

2 Crypkey License; crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.)

2 Jamcast; "C:\Program Files (x86)\Jamcast\jamcastsvc.exe" [64240 2012-07-09] (Software Development Solutions, Inc.)

2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)

2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation)

2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation)

2 M4LIC; "C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE" [205312 2010-07-20] (Mediafour Corporation)

4 MacDrive8Service; "C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe" [149504 2010-10-08] (Mediafour Corporation)

2 mxssvr; "C:\Program Files (x86)\National Instruments\MAX\nimxs.exe" [12696 2011-06-14] (National Instruments Corporation)

2 NIApplicationWebServer; "C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [50336 2011-05-27] (National Instruments Corporation)

4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [68256 2011-05-27] (National Instruments Corporation)

2 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [362104 2011-06-14] (National Instruments Corporation)

3 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1427688 2010-08-02] (Macrovision Corporation)

2 nimDNSResponder; "C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe" [194224 2011-06-01] (National Instruments Corporation)

2 niSvcLoc; "C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system [50328 2011-05-27] (National Instruments Corporation)

2 NITaggerService; "C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe" [676016 2011-06-14] (National Instruments Corporation)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-09-21] ()

2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()

2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)

==================== Drivers (Whitelisted) =====================

3 BTWUSB; C:\Windows\System32\Drivers\BTWUSB.sys [63744 2006-06-07] (Broadcom Corporation.)

1 CBDisk; C:\Windows\System32\Drivers\CBDisk.sys [70344 2010-05-12] (EldoS Corporation)

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-15] (DT Soft Ltd)

0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [307888 2010-10-07] (Mediafour Corporation)

0 MDPMGRNT; C:\Windows\System32\Drivers\MDPMGRNT.sys [32424 2010-10-21] (Mediafour Corporation)

1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()

3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] ()

3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2011-09-02] ()

1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

3 UBNRedir; C:\Windows\SysWow64\Drivers\UBNRedir.sys [6784 2011-12-31] (UniversalBox)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

2 MCSTRM; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-29 10:39 - 2012-12-29 10:39 - 00000000 ____D C:\FRST

2012-12-29 07:35 - 2012-12-29 07:35 - 01463381 ____A (Farbar) C:\Users\Dibbs\Downloads\FRST64.exe

2012-12-28 23:52 - 2012-12-28 23:52 - 00000000 __SHD C:\found.000

2012-12-28 22:06 - 2012-12-28 22:29 - 00000000 ____D C:\Windows\pss

2012-12-28 21:18 - 2012-12-28 21:21 - 105603488 ____A C:\Users\Dibbs\Downloads\avira_free_antivirus_en.exe

2012-12-28 20:41 - 2012-12-28 20:41 - 00003636 ____A C:\AdwCleaner[s2].txt

2012-12-28 20:40 - 2012-12-28 20:40 - 00550017 ____A C:\Users\Dibbs\Downloads\adwcleaner.exe

2012-12-28 20:40 - 2012-12-28 20:40 - 00039699 ____A C:\AdwCleaner[R1].txt

2012-12-28 19:11 - 2012-12-28 19:11 - 00028566 ____A C:\Users\Dibbs\Documents\Attach.txt

2012-12-28 19:11 - 2012-12-28 19:11 - 00018388 ____A C:\Users\Dibbs\Documents\DDS.txt

2012-12-28 19:10 - 2012-12-28 19:10 - 00028566 ____A C:\Users\Dibbs\Desktop\attach.txt

2012-12-28 19:10 - 2012-12-28 19:10 - 00018388 ____A C:\Users\Dibbs\Desktop\dds.txt

2012-12-28 18:37 - 2012-12-28 18:37 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\QuickScan

2012-12-28 18:02 - 2012-12-28 22:17 - 00001961 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2012-12-28 18:02 - 2012-12-28 18:02 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d986d00e-25d1-405b-96c2-dc3b8566477f.job

2012-12-28 18:02 - 2012-12-28 18:02 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 022ee9cf-c190-4db8-938c-6aec1c83e949.job

2012-12-28 18:02 - 2012-12-28 18:02 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\SUPERAntiSpyware.com

2012-12-28 18:02 - 2012-12-28 18:02 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com

2012-12-28 18:02 - 2012-12-28 18:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2012-12-28 17:53 - 2012-12-28 17:53 - 00001491 ____A C:\Users\Dibbs\Desktop\RKreport[3]_S_12282012_02d2053.txt

2012-12-28 17:53 - 2012-12-28 17:53 - 00001457 ____A C:\Users\Dibbs\Desktop\RKreport[4]_D_12282012_02d2053.txt

2012-12-28 17:51 - 2012-12-28 17:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-28 17:42 - 2012-12-28 17:42 - 00019990 ____A C:\ComboFix.txt

2012-12-28 17:20 - 2012-12-28 17:42 - 00000000 ____D C:\Qoobox

2012-12-28 17:20 - 2012-12-28 17:41 - 00000000 ____D C:\Windows\erdnt

2012-12-28 17:20 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-12-28 17:20 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-12-28 17:20 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-12-28 17:20 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-12-28 17:20 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-12-28 17:20 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-12-28 17:20 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-12-28 17:20 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-12-28 17:14 - 2012-12-28 17:14 - 00000132 ____A C:\Users\Dibbs\Documents\CFScript.txt

2012-12-28 17:01 - 2012-12-28 17:01 - 00002162 ____A C:\Users\Dibbs\Desktop\RKreport[2]_D_12282012_02d2001.txt

2012-12-28 17:00 - 2012-12-28 17:00 - 00002107 ____A C:\Users\Dibbs\Desktop\RKreport[1]_S_12282012_02d2000.txt

2012-12-28 16:59 - 2012-12-28 17:53 - 00000000 ____D C:\Users\Dibbs\Desktop\RK_Quarantine

2012-12-28 16:57 - 2012-12-28 21:07 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\EurekaLog

2012-12-28 16:54 - 2012-12-28 16:57 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7

2012-12-28 16:54 - 2012-12-28 16:54 - 00001072 ____A C:\Users\Dibbs\Desktop\Your Unin-staller!.lnk

2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\URSoft

2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\Babylon

2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Babylon

2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\All Users\Babylon

2012-12-28 16:36 - 2012-12-28 16:36 - 00000513 ____A C:\Users\Dibbs\Documents\WinZip TrialPzy.txt

2012-12-28 16:34 - 2012-12-28 16:34 - 00368856 ____A (WinZip Computing) C:\Users\Dibbs\Downloads\WinZip170.exe

2012-12-28 14:46 - 2012-12-28 15:20 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0

2012-12-28 11:47 - 2012-12-28 11:47 - 00001264 ____A C:\Users\Dibbs\Desktop\Revo Uninstaller.lnk

2012-12-28 11:47 - 2012-12-28 11:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2012-12-28 11:46 - 2012-12-28 11:47 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Dibbs\Downloads\revosetup.exe

2012-12-28 08:08 - 2012-12-28 08:08 - 00000000 ____D C:\Users\Dibbs\AppData\Local\RadonLabs

2012-12-28 08:03 - 2010-03-15 01:31 - 00165376 ____A C:\Windows\SysWOW64\unrar.dll

2012-12-28 08:00 - 2012-12-28 08:00 - 00000536 ____A C:\Windows\NLSDownlevelMapping.log

2012-12-28 07:59 - 2012-12-28 11:03 - 00000000 ____D C:\Users\Dibbs\Documents\Multisoft

2012-12-28 07:56 - 2012-12-28 07:56 - 00000000 ____D C:\Users\Dibbs\Downloads\CityCarDriving.v.1.2.Eng

2012-12-28 07:50 - 2012-12-28 07:55 - 408504248 ____A C:\Users\Dibbs\Downloads\CityCarDriving.v.1.2.Eng.rar

2012-12-27 19:52 - 2012-12-27 20:05 - 00000000 ____D C:\Users\Dibbs\Desktop\4GB USB DRIVE RED

2012-12-27 19:50 - 2012-12-27 19:53 - 00000000 ____D C:\Users\Dibbs\Downloads\imageusb

2012-12-27 19:49 - 2012-12-27 19:49 - 00432327 ___RA C:\Users\Dibbs\Downloads\imageusb.zip

2012-12-26 12:22 - 2012-12-26 12:22 - 00002055 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk

2012-12-08 08:09 - 2012-12-15 16:19 - 00000000 ____D C:\Users\All Users\Pure Networks

2012-12-08 08:09 - 2009-07-07 11:48 - 00035376 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\purendis.sys

2012-12-08 08:09 - 2009-07-07 11:48 - 00033328 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\pnarp.sys

2012-12-04 19:11 - 2012-12-04 19:11 - 00000000 ____D C:\Program Files (x86)\Pure Networks

2012-12-04 17:33 - 2012-12-04 18:41 - 00000000 ____D C:\Users\Dibbs\Downloads\Cisco Network Magic Pro 5.5.9195 incl.Patch{H33T}{Easypath}

2012-12-04 16:50 - 2012-12-04 16:50 - 00000000 ___AH C:\Users\Dibbs\Documents\Default.rdp

2012-12-03 14:21 - 2012-12-03 14:59 - 00000021 ____A C:\Users\Dibbs\Documents\hertz.txt

2012-11-29 17:52 - 2012-11-29 17:52 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

==================== One Month Modified Files and Folders =======

2012-12-29 07:37 - 2011-12-10 22:45 - 01117558 ____A C:\Windows\WindowsUpdate.log

2012-12-29 07:36 - 2009-07-13 21:13 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-29 07:35 - 2012-12-29 07:35 - 01463381 ____A (Farbar) C:\Users\Dibbs\Downloads\FRST64.exe

2012-12-29 07:35 - 2009-07-13 20:51 - 00117060 ____A C:\Windows\setupact.log

2012-12-29 07:33 - 2012-01-09 14:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1616424981-3898423210-350200610-1000UA.job

2012-12-29 03:33 - 2012-01-09 14:03 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1616424981-3898423210-350200610-1000Core.job

2012-12-28 23:52 - 2012-12-28 23:52 - 00000000 __SHD C:\found.000

2012-12-28 22:38 - 2009-07-13 20:45 - 00014592 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-28 22:38 - 2009-07-13 20:45 - 00014592 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-28 22:30 - 2011-12-11 00:50 - 00014136 ____A C:\Windows\error.log

2012-12-28 22:30 - 2011-12-11 00:50 - 00003276 ____A C:\Windows\errord.log

2012-12-28 22:30 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-28 22:29 - 2012-12-28 22:06 - 00000000 ____D C:\Windows\pss

2012-12-28 22:26 - 2011-12-27 19:10 - 00000000 ____D C:\Program Files (x86)\Steam

2012-12-28 22:19 - 2011-12-11 00:59 - 00406022 ____A C:\Windows\PFRO.log

2012-12-28 22:17 - 2012-12-28 18:02 - 00001961 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2012-12-28 21:21 - 2012-12-28 21:18 - 105603488 ____A C:\Users\Dibbs\Downloads\avira_free_antivirus_en.exe

2012-12-28 21:07 - 2012-12-28 16:57 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\EurekaLog

2012-12-28 20:41 - 2012-12-28 20:41 - 00003636 ____A C:\AdwCleaner[s2].txt

2012-12-28 20:40 - 2012-12-28 20:40 - 00550017 ____A C:\Users\Dibbs\Downloads\adwcleaner.exe

2012-12-28 20:40 - 2012-12-28 20:40 - 00039699 ____A C:\AdwCleaner[R1].txt

2012-12-28 19:11 - 2012-12-28 19:11 - 00028566 ____A C:\Users\Dibbs\Documents\Attach.txt

2012-12-28 19:11 - 2012-12-28 19:11 - 00018388 ____A C:\Users\Dibbs\Documents\DDS.txt

2012-12-28 19:10 - 2012-12-28 19:10 - 00028566 ____A C:\Users\Dibbs\Desktop\attach.txt

2012-12-28 19:10 - 2012-12-28 19:10 - 00018388 ____A C:\Users\Dibbs\Desktop\dds.txt

2012-12-28 19:09 - 2012-07-26 15:27 - 00000000 ____D C:\Users\Dibbs\Downloads\TOSHIBA

2012-12-28 18:37 - 2012-12-28 18:37 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\QuickScan

2012-12-28 18:02 - 2012-12-28 18:02 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d986d00e-25d1-405b-96c2-dc3b8566477f.job

2012-12-28 18:02 - 2012-12-28 18:02 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 022ee9cf-c190-4db8-938c-6aec1c83e949.job

2012-12-28 18:02 - 2012-12-28 18:02 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\SUPERAntiSpyware.com

2012-12-28 18:02 - 2012-12-28 18:02 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com

2012-12-28 18:02 - 2012-12-28 18:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2012-12-28 17:57 - 2012-12-28 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-28 17:57 - 2012-03-31 05:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-12-28 17:53 - 2012-12-28 17:53 - 00001491 ____A C:\Users\Dibbs\Desktop\RKreport[3]_S_12282012_02d2053.txt

2012-12-28 17:53 - 2012-12-28 17:53 - 00001457 ____A C:\Users\Dibbs\Desktop\RKreport[4]_D_12282012_02d2053.txt

2012-12-28 17:53 - 2012-12-28 16:59 - 00000000 ____D C:\Users\Dibbs\Desktop\RK_Quarantine

2012-12-28 17:42 - 2012-12-28 17:42 - 00019990 ____A C:\ComboFix.txt

2012-12-28 17:42 - 2012-12-28 17:20 - 00000000 ____D C:\Qoobox

2012-12-28 17:41 - 2012-12-28 17:20 - 00000000 ____D C:\Windows\erdnt

2012-12-28 17:40 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-12-28 17:14 - 2012-12-28 17:14 - 00000132 ____A C:\Users\Dibbs\Documents\CFScript.txt

2012-12-28 17:01 - 2012-12-28 17:01 - 00002162 ____A C:\Users\Dibbs\Desktop\RKreport[2]_D_12282012_02d2001.txt

2012-12-28 17:00 - 2012-12-28 17:00 - 00002107 ____A C:\Users\Dibbs\Desktop\RKreport[1]_S_12282012_02d2000.txt

2012-12-28 16:57 - 2012-12-28 16:54 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7

2012-12-28 16:54 - 2012-12-28 16:54 - 00001072 ____A C:\Users\Dibbs\Desktop\Your Unin-staller!.lnk

2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\URSoft

2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\Babylon

2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Babylon

2012-12-28 16:54 - 2012-12-28 16:54 - 00000000 ____D C:\Users\All Users\Babylon

2012-12-28 16:36 - 2012-12-28 16:36 - 00000513 ____A C:\Users\Dibbs\Documents\WinZip TrialPzy.txt

2012-12-28 16:34 - 2012-12-28 16:34 - 00368856 ____A (WinZip Computing) C:\Users\Dibbs\Downloads\WinZip170.exe

2012-12-28 15:20 - 2012-12-28 14:46 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0

2012-12-28 11:49 - 2012-05-06 17:36 - 00870128 ____A C:\Users\Dibbs\AppData\Roaming\mcs.rma

2012-12-28 11:47 - 2012-12-28 11:47 - 00001264 ____A C:\Users\Dibbs\Desktop\Revo Uninstaller.lnk

2012-12-28 11:47 - 2012-12-28 11:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2012-12-28 11:47 - 2012-12-28 11:46 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Dibbs\Downloads\revosetup.exe

2012-12-28 11:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources

2012-12-28 11:06 - 2012-06-02 11:25 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\DiskAid

2012-12-28 11:03 - 2012-12-28 07:59 - 00000000 ____D C:\Users\Dibbs\Documents\Multisoft

2012-12-28 08:08 - 2012-12-28 08:08 - 00000000 ____D C:\Users\Dibbs\AppData\Local\RadonLabs

2012-12-28 08:02 - 2011-12-23 12:32 - 00400029 ____A C:\Windows\DirectX.log

2012-12-28 08:00 - 2012-12-28 08:00 - 00000536 ____A C:\Windows\NLSDownlevelMapping.log

2012-12-28 07:56 - 2012-12-28 07:56 - 00000000 ____D C:\Users\Dibbs\Downloads\CityCarDriving.v.1.2.Eng

2012-12-28 07:56 - 2011-12-11 00:42 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\uTorrent

2012-12-28 07:55 - 2012-12-28 07:50 - 408504248 ____A C:\Users\Dibbs\Downloads\CityCarDriving.v.1.2.Eng.rar

2012-12-28 04:34 - 2011-12-27 16:52 - 00000000 ____D C:\Users\Dibbs\AppData\Local\CrashDumps

2012-12-28 04:14 - 2009-07-13 21:08 - 00029700 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-12-27 21:47 - 2011-12-10 22:18 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\Skype

2012-12-27 20:05 - 2012-12-27 19:52 - 00000000 ____D C:\Users\Dibbs\Desktop\4GB USB DRIVE RED

2012-12-27 19:53 - 2012-12-27 19:50 - 00000000 ____D C:\Users\Dibbs\Downloads\imageusb

2012-12-27 19:49 - 2012-12-27 19:49 - 00432327 ___RA C:\Users\Dibbs\Downloads\imageusb.zip

2012-12-26 12:23 - 2011-12-11 15:36 - 00000000 ____D C:\Users\All Users\Adobe

2012-12-26 12:22 - 2012-12-26 12:22 - 00002055 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk

2012-12-26 12:22 - 2011-12-11 15:36 - 00000000 ____D C:\Program Files (x86)\Adobe

2012-12-21 14:35 - 2012-01-21 15:19 - 00000000 ____D C:\Users\Dibbs\AppData\Roaming\Spotify

2012-12-21 13:52 - 2012-07-02 14:18 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-12-21 13:52 - 2011-12-11 00:18 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-12-20 04:14 - 2009-07-13 20:45 - 03021104 ____A C:\Windows\System32\FNTCACHE.DAT

2012-12-15 16:19 - 2012-12-08 08:09 - 00000000 ____D C:\Users\All Users\Pure Networks

2012-12-12 12:52 - 2012-01-09 14:04 - 00002445 ____A C:\Users\Dibbs\Desktop\Google Chrome.lnk

2012-12-08 08:42 - 2012-05-20 17:08 - 05020203 ____A C:\formatter.log

2012-12-08 08:30 - 2012-02-13 18:16 - 00000000 ____D C:\Users\Dibbs\AppData\Local\Corel

2012-12-08 08:28 - 2012-02-13 18:17 - 00000952 __ASH C:\Windows\SysWOW64\KGyGaAvL.sys

2012-12-08 08:28 - 2011-12-11 15:06 - 00110080 ____A C:\Users\Dibbs\AppData\Local\GDIPFONTCACHEV1.DAT

2012-12-08 07:53 - 2009-07-13 20:46 - 00002304 ____A C:\Windows\DtcInstall.log

2012-12-08 07:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2012-12-07 17:17 - 2011-12-17 06:32 - 00000000 ____D C:\Users\Dibbs\Documents\WBFS Manager Covers

2012-12-04 19:11 - 2012-12-04 19:11 - 00000000 ____D C:\Program Files (x86)\Pure Networks

2012-12-04 18:41 - 2012-12-04 17:33 - 00000000 ____D C:\Users\Dibbs\Downloads\Cisco Network Magic Pro 5.5.9195 incl.Patch{H33T}{Easypath}

2012-12-04 17:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2012-12-04 16:50 - 2012-12-04 16:50 - 00000000 ___AH C:\Users\Dibbs\Documents\Default.rdp

2012-12-03 14:59 - 2012-12-03 14:21 - 00000021 ____A C:\Users\Dibbs\Documents\hertz.txt

2012-11-29 17:52 - 2012-11-29 17:52 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

2012-11-29 17:52 - 2011-12-10 22:18 - 00000000 ___RD C:\Program Files (x86)\Skype

2012-11-29 17:52 - 2011-12-10 22:16 - 00000000 ____D C:\Users\All Users\Skype

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-28 22:59:06

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 3893.86 MB

Available physical RAM: 3274.33 MB

Total Pagefile: 3892.01 MB

Available Pagefile: 3258.38 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:337.41 GB) (Free:149.37 GB) NTFS

2 Drive e: (MACOS) (Fixed) (Total:128.21 GB) (Free:128.2 GB) FAT32 ==>[system with boot components (obtained from reading drive)]

4 Drive g: (USB20FD) (Removable) (Total:30.44 GB) (Free:30.44 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 8 MB

Disk 1 Online 30 GB 0 B

Disk 2 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 337 GB 101 MB

Partition 3 Primary 128 GB 337 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 337 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E MACOS FAT32 Partition 128 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 30 GB 18 MB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G USB20FD FAT32 Removable 30 GB Healthy

=========================================================

Last Boot: 2012-12-25 06:44

==================== End Of Log =============================

Link to post
Share on other sites

Well, well.......

A selective startup fixed my problem !!!!! :huh: :huh: So by power of elimination the offending startup item turned out to be ..........Malwarebytes itself!! This was way surpisng to me .... I installed SuperAntipspyware then Avira and then used a Kaspersky disk, and all saw minor Ad-cookies and nothing else. Each one run separately.

Since I never have two AV programs together, this seemed that MBAM had gotten corrupted. So I cleaned out all caches, temp folders etc., removed all AV programs, rebooted.. And things were swimmingly good !!!

I then reinstalled MBAM, and ...... well it got stuck again during scan, and the very same symptoms came back !!!!!!!!!!!!!

This very odd, since MBAM has been my workhorse. I saw a general thread where a reseller indicated that the recent updates of MBAM were causing his clients computers to freeze. Maybe he is very right afterall.

I cannot continue using MBAM now. THE SCAN ABOVE WAS DONE AFTER i UNINSTALLED MBAM, so it may not show as present, but Superantispyware will show.

PLEASE can you verufy this issue...>!! Also, still, I would like to continue a full virus troubleshoot if OK with you.

Link to post
Share on other sites

  • 2 weeks later...

Please advise if the "desktop hangs/no icons/stuck spinning" have been ALL cleared up ?

What "older version" are you referring to?

Please do a NEW run of DDS and this time, COPY all contents & Paste in-line within main-body of reply box.

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

On Vista/ Windows 7/ Windows 8 do a RIGHT-click on dds and select Run As Administrator :excl:

On Windows XP double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Link to post
Share on other sites

Thanks for your reply. Sorry, I did not check earlier.

Well the newest version has the Chameleon loader etc and blue icon. The earlier version is still with the red 'M' icon..!!!! Sorry, i am at work so I cannot give you exact version numbers.

Yes, the freezing still happens BUT when I try to scan.....it freezes even on quick scan and freezes the computer.

I can resend the log files when I get back home..... Thanks again.

Link to post
Share on other sites

Remarks:

You should only have 1 MBAM installed, version 1.70.0.1100

Your system should not have 2.

If MBAM is getting stuck, I need for you to do any other steps/tools I outlined.

Regarding the DDS tool, I need a new run and then for you to copy/paste the new logs.

p.s.s. When starting a reply, you do not need (and I'd prefer you not use) the Quote button.

Just press the More Reply Options button at the bottom of forum window.

Link to post
Share on other sites

Remarks:

You should only have 1 MBAM installed, version 1.70.0.1100

Your system should not have 2.

If MBAM is getting stuck, I need for you to do any other steps/tools I outlined.

Regarding the DDS tool, I need a new run and then for you to copy/paste the new logs.

p.s.s. When starting a reply, you do not need (and I'd prefer you not use) the Quote button.

Just press the More Reply Options button at the bottom of forum window.

Oh, come on now !! I am not that daft to have two versions of Malwarebytes installed on the same computer. :angry: I said "older version still works on my other computer". Installing the new version on any computer BY ITSELF gives the same problem.

Not every one who complains about any software is clueless......

Link to post
Share on other sites

Sure. My apologies again. I am very aware of the way this forum works. Just a screw loose there !

ATTACH.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/11/2011 2:36:43 AM

System Uptime: 12/28/2012 9:39:05 PM (1 hours ago)

.

Motherboard: Intel Corp. | | Base Board Product Name

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU | 2261/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 337 GiB total, 150.145 GiB free.

D: is CDROM ()

E: is FIXED (FAT32) - 128 GiB total, 128.196 GiB free.

F: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\QCI0701\2&DABA3FF&1

Manufacturer:

Name:

PNP Device ID: ACPI\QCI0701\2&DABA3FF&1

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

18 WoS Extreme Trucker 2 (v.1.0)

Adobe Acrobat X Pro

Adobe AIR

Adobe Anchor Service CS4

Adobe Anchor Service x64 CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CMaps x64 CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe Drive CS4 x64

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 11 ActiveX 64-bit

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Fonts All x64

Adobe Linguistics CS4

Adobe Linguistics CS4 x64

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe PDF Library Files x64 CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 (64 Bit)

Adobe Photoshop CS4 Support

Adobe Reader XI

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Type Support CS4

Adobe Type Support x64 CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe WinSoft Linguistics Plugin x64

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Akamai NetSession Interface

Android SDK Tools

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Android USB Drivers

ASUS Sync

ASUS WebStorage

Audials

Audials TV

BELKIN Bluetooth Software 6.0.1.4400

Bonjour

CamToPrint

CDBurnerXP

Cisco Network Magic

Conexant HD Audio

Connect

Corel Clip Art

Corel Photo Album 7

Cytoscape 2.8.2

DAEMON Tools Lite

DiskAid 5.12

EASEUS Data Recovery Wizard Professional 5.5.1

EGAN WebStart

EPSON Printer Software

FlatOut Ultimate Carnage

Ford Racing 3

Form Pilot Pro version 2.27

GenePattern

geWorkbench_2.2.2

GIMP 2.6.11

Google Chrome

Google Talk Plugin

GTI Racing

ImgBurn

Intel® Graphics Media Accelerator Driver

iPhoneBrowser

iTunes

J-Express 2011

Jamcast

Java 7 Update 7 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 7 (64-bit)

Java™ 6 Update 35

Java™ SE Development Kit 7 Update 2 (64-bit)

JavaFX 2.0.2 (64-bit)

JavaFX 2.0.2 SDK (64-bit)

kuler

LEGO MINDSTORMS NXT - English Language Pack

LEGO MINDSTORMS NXT Driver for x64

LEGO MINDSTORMS NXT Migration Package

LEGO MINDSTORMS NXT Patch v2.0f3

LEGO MINDSTORMS NXT Software v2.0

Logitech Vid HD

MacDrive 8

Malwarebytes Anti-Malware version 1.70.0.1100

MATLAB Component Runtime

MediaFACE

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC100_CRT_SP1_x64

Microsoft_VC100_CRT_SP1_x86

MiniTool Partition Wizard Home Edition 7.0

Mozilla Firefox 18.0 (x86 en-US)

Mozilla Maintenance Service

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSXML 4.0 SP3 Parser

National Instruments Software

NAVIGON Fresh 3.4.1

Need for Speed™ ProStreet

NI-RPC 4.2.2f0

NI-RPC 4.2.2f0 for 64 Bit Windows

NI-RPC 4.2.2f0 for Phar Lap ETS

NI Authentication 2.0

NI Authentication 2.0 (64-bit)

NI Curl 1.1

NI Curl 1.1 (64-bit)

NI DataSocket 4.9

NI DataSocket 4.9 (64-bit)

NI Error Reporting 2011

NI EulaDepot

NI GMP Windows 32-bit Installer 11.0.0

NI GMP Windows 64-bit Installer 11.0.0

NI Help Assistant

NI Help Assistant (64bit)

NI LabVIEW 2011 Deployable License

NI LabVIEW 2011 Deployment Framework

NI LabVIEW 2011 Real-Time NBFifo

NI LabVIEW 2011 Run-Time Engine Non-English Support.

NI LabVIEW Run-Time Engine 2011

NI LabVIEW Run-Time Engine Interop 2011

NI LabVIEW Web Server for Run-Time Engine

NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)

NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)

NI License Manager

NI Logos 5.3.0

NI Logos XT Support

NI Logos64 5.3.0

NI Logos64 XT Support

NI Math Kernel Libraries

NI Math Kernel Libraries (64-bit)

NI MDF Support

NI mDNS Responder 1.6 for Windows 64-bit

NI mDNS Responder 1.6.0

NI MXS 5.0.0

NI MXS 5.0.0 for 64 Bit Windows

NI OPC Support

NI SSL Support

NI SSL Support (64-bit)

NI System State Publisher

NI System State Publisher (64-bit)

NI System Web Server 2.0

NI System Web Server Base 2.0

NI System Web Server Base 2.0 (64-bit)

NI TDMS

NI TDMS (64-bit)

NI Trace Engine

NI Trace Engine (64-bit)

NI Uninstaller

NI USI 1.9.0

NI USI 1.9.0 64-Bit

NI Variable Engine (64-bit)

NI Variable Engine 2.5.0

NI VC2005MSMs x64

NI VC2005MSMs x86

NI VC2008MSMs x64

NI VC2008MSMs x86

NI Web Application Server 2.0

NI Web Application Server 2.0 (64-bit)

NI Xerces Delay Load 2.7.3

NI Xerces Delay Load 2.7.3 64-bit

Nokia Connectivity Cable Driver

Nokia Suite

OBO-Edit2 2.1.0

Octoshape add-in for Adobe Flash Player

Opera 12.00

PandoraRecovery (Remove Only)

PC Connectivity Solution

PDF Settings CS4

PFConfig 1.0.163

PhotoScape

Photoshop Camera Raw

Photoshop Camera Raw_x64

PowerISO

Pure Networks Platform

Realtek WLAN Driver

Revo Uninstaller 1.94

Rhapsody

RIM USB Driver 4.1.0

Router Screenshot Grabber 1.0.117

SAMSUNG USB Driver for Mobile Phones

SDFormatter

Skype Click to Call

Skype™ 6.0

Splashtop Streamer

Spotify

Steam

Stellar Phoenix Windows Data Recovery

Stellar Phoenix Windows v4.2

Suite Shared Configuration CS4

swMSM

Unity Web Player

UniversalBox

Universe Sandbox

WBFS Manager 3.0

WBFS Manager 4.0

WinDirStat 1.1.2

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Driver Package - UniversalBox Driver package (10/22/2009 2.06.00)

Windows Media Player Firefox Plugin

Windows Mobile Device Center

WinRAR 4.10 beta 5 (64-bit)

Xpand Rally

Your Uninstaller! 7

.

==== Event Viewer Messages From Past Week ========

.

12/28/2012 9:42:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

12/28/2012 9:42:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

12/28/2012 9:40:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 9:40:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/28/2012 9:40:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/28/2012 9:40:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/28/2012 9:39:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/28/2012 9:39:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CBDisk discache MDFSYSNT NetworkX SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6

12/28/2012 9:37:11 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

12/28/2012 9:23:36 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

12/28/2012 8:57:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CBDisk discache MDFSYSNT NetworkX SCDEmu spldr Wanarpv6

12/28/2012 8:40:56 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/28/2012 8:40:26 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/28/2012 8:20:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

12/28/2012 7:57:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/28/2012 7:36:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/28/2012 7:24:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}

12/28/2012 7:16:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

12/28/2012 7:16:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

12/28/2012 7:16:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Extensible Authentication Protocol service, but this action failed with the following error: An instance of the service is already running.

12/28/2012 7:16:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

12/28/2012 7:15:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

12/28/2012 7:15:45 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.

12/28/2012 7:14:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Jamcast service to connect.

12/28/2012 7:14:54 PM, Error: Service Control Manager [7000] - The Jamcast service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/28/2012 7:14:45 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/28/2012 7:14:40 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

12/28/2012 7:14:40 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:40 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:40 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/28/2012 7:14:40 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/28/2012 7:14:40 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/28/2012 7:14:40 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:40 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/28/2012 7:14:40 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:40 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:14:40 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/28/2012 7:12:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

12/28/2012 7:12:18 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

12/28/2012 2:56:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

12/28/2012 2:49:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WcesComm with arguments "" in order to run the server: {FF4C4832-2BEA-4472-98A3-F931BEB8F62B}

12/28/2012 2:38:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:34:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/28/2012 2:34:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/28/2012 2:24:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CBDisk DfsC discache MDFSYSNT NetBIOS NetBT NetworkX nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf

12/28/2012 2:24:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:24:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2012 2:24:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2012 2:24:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:24:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:24:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2012 2:24:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:24:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 2:24:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2012 2:24:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/28/2012 11:36:10 AM, Error: Service Control Manager [7022] - The Windows Mobile-2003-based device connectivity service hung on starting.

12/28/2012 11:34:10 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/28/2012 11:33:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

12/28/2012 11:32:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

12/28/2012 11:32:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

12/28/2012 11:31:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.

12/28/2012 11:31:27 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

12/28/2012 11:31:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

12/28/2012 11:30:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.

12/28/2012 10:10:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2012 1:57:23 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

12/28/2012 1:49:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

12/28/2012 1:49:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SplashtopRemoteService service.

12/28/2012 1:47:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.

12/28/2012 1:46:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

12/28/2012 1:46:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/28/2012 1:28:05 AM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).

12/21/2012 9:08:25 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.104. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.

12/21/2012 3:14:30 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HP-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C708EEA2-D231-465D-BF71-4884588D68A5}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_35

Run by Dibbs at 22:09:57 on 2012-12-28

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2900 [GMT -5:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [spotify] "C:\Users\Dibbs\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [spotify Web Helper] "C:\Users\Dibbs\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Akamai NetSession Interface] "C:\Users\Dibbs\AppData\Local\Akamai\netsession_win.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.110.223\AsusWSPanel.exe /S

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 5.0\SetHook.exe

mRun: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" -startup

mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Photo Album 7\CorelIOMonitor.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [Jamcast System Tray Utility] "C:\Program Files (x86)\Jamcast\jctray.exe"

mRun: [ASUS Sync Loader] "C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe" -startup

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NIERRO~1.LNK - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{C708EEA2-D231-465D-BF71-4884588D68A5} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{C708EEA2-D231-465D-BF71-4884588D68A5}\F6074796D657D677966696 : DHCPNameServer = 10.240.205.161 10.240.205.162

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"

x64-Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto

x64-Run: [Form Pilot Pro virtual printer agent] "C:\Program Files\Form Pilot Pro\fppragent.exe"

x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe

x64-Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" -startup

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dibbs\AppData\Roaming\Mozilla\Firefox\Profiles\zpncz643.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/

FF - prefs.js: network.proxy.ftp - 122.165.59.98

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.http - 122.165.59.98

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - 122.165.59.98

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl - 122.165.59.98

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv2011win32.dll

FF - plugin: C:\Users\Dibbs\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Dibbs\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Dibbs\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Dibbs\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\System32\drivers\MDPMGRNT.SYS [2011-12-17 32424]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-15 283200]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-12-11 946688]

S0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2010-10-7 307888]

S1 CBDisk;CBDisk;C:\Windows\System32\drivers\CBDisk.sys [2011-12-17 70344]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Jamcast;Jamcast;C:\Program Files (x86)\Jamcast\jamcastsvc.exe [2012-7-9 64240]

S2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-7-20 205312]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-27 398184]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-27 682344]

S2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 50336]

S2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-6-1 194224]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-6-15 548264]

S2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-10 1038088]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

S3 LVUVC64;Logitech Webcam C260(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2012-12-28 36680]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-11 24176]

S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-11-1 12800]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-11-1 171008]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-12-17 19936]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-12-17 13280]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S4 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-8 149504]

S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 68256]

.

=============== Created Last 30 ================

.

2012-12-29 02:37:00 -------- d-----w- C:\Users\Dibbs\AppData\Roaming\QuickScan

2012-12-29 02:16:59 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-12-29 02:02:30 -------- d-----w- C:\Users\Dibbs\AppData\Roaming\SUPERAntiSpyware.com

2012-12-29 02:02:14 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-12-29 02:02:14 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-12-29 01:57:24 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-29 01:20:28 98816 ----a-w- C:\Windows\sed.exe

2012-12-29 01:20:28 256000 ----a-w- C:\Windows\PEV.exe

2012-12-29 01:20:28 208896 ----a-w- C:\Windows\MBR.exe

2012-12-29 00:57:36 -------- d-----w- C:\Users\Dibbs\AppData\Roaming\EurekaLog

2012-12-29 00:54:42 -------- d-----w- C:\Users\Dibbs\AppData\Roaming\URSoft

2012-12-29 00:54:39 -------- d-----w- C:\Program Files (x86)\Your Uninstaller! 7

2012-12-29 00:54:28 -------- d-----w- C:\Users\Dibbs\AppData\Local\Babylon

2012-12-29 00:54:27 -------- d-----w- C:\Users\Dibbs\AppData\Roaming\Babylon

2012-12-29 00:54:27 -------- d-----w- C:\ProgramData\Babylon

2012-12-29 00:36:56 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAFC8448-AE01-4C5C-863D-ABFF87C948AC}\mpengine.dll

2012-12-28 19:47:15 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2012-12-28 19:04:42 -------- d-----w- C:\Users\Dibbs\AppData\Local\Programs

2012-12-28 16:08:02 -------- d-----w- C:\Users\Dibbs\AppData\Local\RadonLabs

2012-12-28 16:03:20 165376 ----a-w- C:\Windows\SysWow64\unrar.dll

2012-12-08 16:09:27 33328 ----a-w- C:\Windows\System32\drivers\pnarp.sys

2012-12-08 16:09:20 35376 ----a-w- C:\Windows\System32\drivers\purendis.sys

2012-12-08 16:09:20 -------- d-----w- C:\Program Files (x86)\Common Files\Pure Networks Shared

2012-12-08 16:09:10 -------- d-----w- C:\ProgramData\Pure Networks

2012-12-05 03:11:29 -------- d-----w- C:\Program Files (x86)\Pure Networks

.

==================== Find3M ====================

.

2012-12-21 21:52:34 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-21 21:52:34 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-08 16:28:38 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys

2012-10-02 20:55:22 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-10-02 20:55:22 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-10-02 20:55:22 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll

.

============= FINISH: 22:10:44.18 ===============

Edited by Maurice Naggar
Link to post
Share on other sites

Your logs showed some peer-to-peer filesharing apps: µTorrent. I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwar...showtopic=97700

Confirm for me that you have removed µTorrent & any other peer-to-peer app.

2

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear

Click the Disable button to disable your CD Emulation drivers.

Click Yes to continue

A 'Finished!' message will appear

Click OK

DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

3

Unless I have mis-read the logs, this system does NOT have an installed & active Antivirus program :excl:

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Link to post
Share on other sites

OK.

1. No P2P - all removed.

2. I ran Defogger. It finished successfully. I then reinstalled MBAM. It again got stuck in middle of scan and computer froze. REbooted and uninstalled MBAM. Reboot was very slow and sluggish, until MBAM removed. Computer recovers.

3. The ran DDS.com.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/11/2011 2:36:43 AM

System Uptime: 1/18/2013 6:06:02 PM (0 hours ago)

.

Motherboard: Intel Corp. | | Base Board Product Name

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU | 2130/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 337 GiB total, 134.685 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\QCI0701\2&DABA3FF&1

Manufacturer:

Name:

PNP Device ID: ACPI\QCI0701\2&DABA3FF&1

Service:

.

==== System Restore Points ===================

.

RP161: 1/15/2013 6:53:42 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

«3D Èíñòðóêòîð 2.2.0 Äîìàøíÿÿ âåðñèÿ»

18 WoS Extreme Trucker 2 (v.1.0)

Adobe Acrobat X Pro

Adobe AIR

Adobe Anchor Service CS4

Adobe Anchor Service x64 CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CMaps x64 CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe Drive CS4 x64

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 11 ActiveX 64-bit

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Fonts All x64

Adobe Linguistics CS4

Adobe Linguistics CS4 x64

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe PDF Library Files x64 CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 (64 Bit)

Adobe Photoshop CS4 Support

Adobe Reader XI

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Type Support CS4

Adobe Type Support x64 CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe WinSoft Linguistics Plugin x64

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Akamai NetSession Interface

Android SDK Tools

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Android USB Drivers

ASUS Sync

ASUS WebStorage

Audials

Audials TV

BELKIN Bluetooth Software 6.0.1.4400

Bonjour

Burnout Paradise The Ultimate Box

CamToPrint

CDBurnerXP

Cisco Network Magic

Conexant HD Audio

Connect

Corel Clip Art

Corel Photo Album 7

Cytoscape 2.8.2

DAEMON Tools Lite

DiskAid 5.12

EASEUS Data Recovery Wizard Professional 5.5.1

EGAN WebStart

eMusic Download Manager 6

EPSON Printer Software

FlatOut Ultimate Carnage

Ford Racing 3

Form Pilot Pro version 2.27

GenePattern

geWorkbench_2.2.2

GIMP 2.6.11

Google Chrome

Google Talk Plugin

GTI Racing

HP Officejet 4620 series Basic Device Software

HP Officejet 4620 series Help

HP Update

I.R.I.S. OCR

ImgBurn

Intel® Graphics Media Accelerator Driver

iPhoneBrowser

iTunes

J-Express 2011

Java 7 Update 7 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 7 (64-bit)

Java 6 Update 35

Java SE Development Kit 7 Update 2 (64-bit)

JavaFX 2.0.2 (64-bit)

JavaFX 2.0.2 SDK (64-bit)

K-Lite Codec Pack 5.9.0 (Basic)

Kaspersky Internet Security 2013

kuler

LEGO MINDSTORMS NXT - English Language Pack

LEGO MINDSTORMS NXT Driver for x64

LEGO MINDSTORMS NXT Migration Package

LEGO MINDSTORMS NXT Patch v2.0f3

LEGO MINDSTORMS NXT Software v2.0

Logitech Vid HD

MacDrive 8

MATLAB Component Runtime

MediaFACE

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC100_CRT_SP1_x64

Microsoft_VC100_CRT_SP1_x86

MiniTool Partition Wizard Home Edition 7.0

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSXML 4.0 SP3 Parser

National Instruments Software

NAVIGON Fresh 3.4.1

Need for Speed™ ProStreet

NI-RPC 4.2.2f0

NI-RPC 4.2.2f0 for 64 Bit Windows

NI-RPC 4.2.2f0 for Phar Lap ETS

NI Authentication 2.0

NI Authentication 2.0 (64-bit)

NI Curl 1.1

NI Curl 1.1 (64-bit)

NI DataSocket 4.9

NI DataSocket 4.9 (64-bit)

NI Error Reporting 2011

NI EulaDepot

NI GMP Windows 32-bit Installer 11.0.0

NI GMP Windows 64-bit Installer 11.0.0

NI Help Assistant

NI Help Assistant (64bit)

NI LabVIEW 2011 Deployable License

NI LabVIEW 2011 Deployment Framework

NI LabVIEW 2011 Real-Time NBFifo

NI LabVIEW 2011 Run-Time Engine Non-English Support.

NI LabVIEW Run-Time Engine 2011

NI LabVIEW Run-Time Engine Interop 2011

NI LabVIEW Web Server for Run-Time Engine

NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)

NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)

NI License Manager

NI Logos 5.3.0

NI Logos XT Support

NI Logos64 5.3.0

NI Logos64 XT Support

NI Math Kernel Libraries

NI Math Kernel Libraries (64-bit)

NI MDF Support

NI mDNS Responder 1.6 for Windows 64-bit

NI mDNS Responder 1.6.0

NI MXS 5.0.0

NI MXS 5.0.0 for 64 Bit Windows

NI OPC Support

NI SSL Support

NI SSL Support (64-bit)

NI System State Publisher

NI System State Publisher (64-bit)

NI System Web Server 2.0

NI System Web Server Base 2.0

NI System Web Server Base 2.0 (64-bit)

NI TDMS

NI TDMS (64-bit)

NI Trace Engine

NI Trace Engine (64-bit)

NI Uninstaller

NI USI 1.9.0

NI USI 1.9.0 64-Bit

NI Variable Engine (64-bit)

NI Variable Engine 2.5.0

NI VC2005MSMs x64

NI VC2005MSMs x86

NI VC2008MSMs x64

NI VC2008MSMs x86

NI Web Application Server 2.0

NI Web Application Server 2.0 (64-bit)

NI Xerces Delay Load 2.7.3

NI Xerces Delay Load 2.7.3 64-bit

Nokia Connectivity Cable Driver

Nokia Suite

OBO-Edit2 2.1.0

Octoshape add-in for Adobe Flash Player

Opera 12.12

PandoraRecovery (Remove Only)

PC Connectivity Solution

PDF Settings CS4

PFConfig 1.0.163

PhotoScape

Photoshop Camera Raw

Photoshop Camera Raw_x64

PowerISO

Pure Networks Platform

Realtek WLAN Driver

Revo Uninstaller 1.94

Rhapsody

RIM USB Driver 4.1.0

Router Screenshot Grabber 1.0.117

SAMSUNG USB Driver for Mobile Phones

SDFormatter

Skype Click to Call

Skype™ 6.0

Splashtop Streamer

Spotify

Steam

Stellar Phoenix Windows Data Recovery

Stellar Phoenix Windows v4.2

Suite Shared Configuration CS4

swMSM

Unity Web Player

UniversalBox

Universe Sandbox

VLC media player 2.0.5

WBFS Manager 3.0

WBFS Manager 4.0

WinDirStat 1.1.2

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Driver Package - UniversalBox Driver package (10/22/2009 2.06.00)

Windows Media Player Firefox Plugin

Windows Mobile Device Center

WinRAR 4.10 beta 5 (64-bit)

Xpand Rally

Your Uninstaller! 7

.

==== Event Viewer Messages From Past Week ========

.

1/18/2013 6:06:25 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

1/18/2013 6:04:54 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

1/14/2013 11:20:39 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

1/13/2013 9:35:36 AM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_35

Run by Dibbs at 18:14:16 on 2013-01-18

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1727 [GMT -5:00]

.

AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\crypserv.exe

C:\Windows\SysWOW64\lkads.exe

C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE

C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe

C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PSIService.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\SysWOW64\lkcitdl.exe

C:\Windows\SysWOW64\lktsrv.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe

C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Corel\Corel Photo Album 7\Corel Photo Downloader.exe

C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Corel\Corel Photo Album 7\CorelIOMonitor.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe

C:\Windows\system32\RunDll32.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Akamai NetSession Interface] "C:\Users\Dibbs\AppData\Local\Akamai\netsession_win.exe"

uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29S215PP05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Photo Album 7\CorelIOMonitor.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

StartupFolder: C:\Users\Dibbs\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NIERRO~1.LNK - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{C708EEA2-D231-465D-BF71-4884588D68A5} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{C708EEA2-D231-465D-BF71-4884588D68A5}\F6074796D657D677966696 : DHCPNameServer = 10.240.205.161 10.240.205.162

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"

x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" -startup

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dibbs\AppData\Roaming\Mozilla\Firefox\Profiles\zpncz643.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic602.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv2011win32.dll

FF - plugin: C:\Users\Dibbs\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Dibbs\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Dibbs\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Dibbs\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-12-29 19:33; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF - ExtSQL: 2012-12-29 19:33; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF - ExtSQL: 2012-12-29 19:33; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF - ExtSQL: 2012-12-29 19:33; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF - ExtSQL: 2012-12-29 19:33; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

.

============= SERVICES / DRIVERS ===============

.

R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2010-10-7 307888]

R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\System32\drivers\MDPMGRNT.SYS [2011-12-17 32424]

R1 CBDisk;CBDisk;C:\Windows\System32\drivers\CBDisk.sys [2011-12-17 70344]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-15 283200]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]

R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104]

R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r [?]

R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-7-20 205312]

R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 50336]

R2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-6-1 194224]

R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-6-15 548264]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-12-11 946688]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-10 1038088]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

S3 LVUVC64;Logitech Webcam C260(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-11-1 12800]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-11-1 171008]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-12-17 19936]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-12-17 13280]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S4 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-8 149504]

S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-5-27 68256]

.

=============== Created Last 30 ================

.

2013-01-11 13:27:53 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAFC8448-AE01-4C5C-863D-ABFF87C948AC}\offreg.dll

2013-01-04 13:30:02 3712 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg

2013-01-04 13:07:47 -------- d-----w- C:\Users\Dibbs\AppData\Local\Criterion Games

2012-12-30 19:46:49 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-12-30 00:55:03 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2012-12-30 00:42:48 -------- d-----w- C:\Program Files (x86)\3D Instructor 2.2 Home

2012-12-30 00:33:58 64856 ----a-w- C:\Windows\System32\klfphc.dll

2012-12-30 00:33:20 -------- d-----w- C:\Windows\ELAMBKUP

2012-12-30 00:02:58 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2012-12-30 00:02:57 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-12-29 20:11:31 -------- d-----w- C:\Users\Dibbs\AppData\Local\eMusic

2012-12-29 20:11:20 -------- d-----w- C:\Program Files (x86)\eMusic Download Manager 6

2012-12-29 19:18:18 -------- d-----w- C:\Users\Dibbs\AppData\Roaming\HpUpdate

2012-12-29 19:18:12 741480 ------w- C:\Windows\System32\HPDiscoPM6412.dll

2012-12-29 19:17:49 -------- d-----w- C:\Program Files (x86)\HP

2012-12-29 19:17:48 -------- d-----w- C:\Program Files\HP

2012-12-29 19:17:25 -------- d-----w- C:\Users\Dibbs\AppData\Local\HP

2012-12-29 18:39:29 -------- d-----w- C:\FRST

2012-12-29 15:50:39 -------- d-----w- C:\Users\Dibbs\AppData\Local\Adobe

2012-12-29 07:52:07 -------- d-sh--w- C:\found.000

2012-12-29 06:06:27 -------- d-----w- C:\Windows\pss

2012-12-29 02:37:00 -------- d-----w- C:\Users\Dibbs\AppData\Roaming\QuickScan

2012-12-29 02:02:14 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-12-29 01:57:24 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-29 01:20:28 98816 ----a-w- C:\Windows\sed.exe

2012-12-29 01:20:28 256000 ----a-w- C:\Windows\PEV.exe

2012-12-29 01:20:28 208896 ----a-w- C:\Windows\MBR.exe

2012-12-29 00:57:36 -------- d-----w- C:\Users\Dibbs\AppData\Roaming\EurekaLog

2012-12-29 00:54:42 -------- d-----w- C:\Users\Dibbs\AppData\Roaming\URSoft

2012-12-29 00:54:39 -------- d-----w- C:\Program Files (x86)\Your Uninstaller! 7

2012-12-29 00:54:28 -------- d-----w- C:\Users\Dibbs\AppData\Local\Babylon

2012-12-29 00:54:27 -------- d-----w- C:\Users\Dibbs\AppData\Roaming\Babylon

2012-12-29 00:54:27 -------- d-----w- C:\ProgramData\Babylon

2012-12-29 00:36:56 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAFC8448-AE01-4C5C-863D-ABFF87C948AC}\mpengine.dll

2012-12-28 22:46:25 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-12-28 19:47:15 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2012-12-28 19:04:42 -------- d-----w- C:\Users\Dibbs\AppData\Local\Programs

2012-12-28 16:08:02 -------- d-----w- C:\Users\Dibbs\AppData\Local\RadonLabs

2012-12-28 16:03:20 165376 ----a-w- C:\Windows\SysWow64\unrar.dll

.

==================== Find3M ====================

.

2013-01-06 16:24:16 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys

2012-12-30 02:22:15 54104 ----a-w- C:\Windows\System32\drivers\kltdi.sys

2012-12-21 21:52:34 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-21 21:52:34 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-25 22:23:06 29528 ----a-w- C:\Windows\System32\drivers\klmouflt.sys

2012-10-25 22:23:06 29016 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys

.

============= FINISH: 18:15:24.67 ===============

Link to post
Share on other sites

Remarks on MBAM & the "freeze":

We will get back to MBAM, later. Note that if you do not have a license, and because we do not want it to be in auto-start, next time you install it, Decline the Trial option. That way it does not auto-start with Windows.

For now, do the following.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Thanks for your reply.

IThe three logs are as 3 separate posts:

AdwCleaner:

# AdwCleaner v2.106 - Logfile created 01/19/2013 at 13:25:12

# Updated 17/01/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Dibbs - DIBBS-PC

# Boot Mode : Normal

# Running from : C:\Users\Dibbs\Downloads\adwcleaner(1).exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Users\Dibbs\AppData\Local\Babylon

Folder Found : C:\Users\Dibbs\AppData\Roaming\Babylon

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Dibbs\AppData\Roaming\Mozilla\Firefox\Profiles\zpncz643.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Dibbs\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.12.1707.0

File : C:\Users\Dibbs\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [39699 octets] - [28/12/2012 23:40:55]

AdwCleaner[R2].txt - [1245 octets] - [19/01/2013 13:25:12]

AdwCleaner[s2].txt - [3636 octets] - [28/12/2012 23:41:46]

########## EOF - C:\AdwCleaner[R2].txt - [1365 octets] ##########

Link to post
Share on other sites

13:26:03.0513 7504 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

13:26:04.0043 7504 ============================================================

13:26:04.0043 7504 Current date / time: 2013/01/19 13:26:04.0043

13:26:04.0043 7504 SystemInfo:

13:26:04.0043 7504

13:26:04.0043 7504 OS Version: 6.1.7600 ServicePack: 0.0

13:26:04.0043 7504 Product type: Workstation

13:26:04.0043 7504 ComputerName: DIBBS-PC

13:26:04.0043 7504 UserName: Dibbs

13:26:04.0043 7504 Windows directory: C:\Windows

13:26:04.0043 7504 System windows directory: C:\Windows

13:26:04.0043 7504 Running under WOW64

13:26:04.0043 7504 Processor architecture: Intel x64

13:26:04.0043 7504 Number of processors: 4

13:26:04.0043 7504 Page size: 0x1000

13:26:04.0043 7504 Boot type: Normal boot

13:26:04.0043 7504 ============================================================

13:26:05.0373 7504 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:26:05.0383 7504 ============================================================

13:26:05.0383 7504 \Device\Harddisk0\DR0:

13:26:05.0383 7504 MBR partitions:

13:26:05.0383 7504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

13:26:05.0383 7504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2A2D2800

13:26:05.0383 7504 ============================================================

13:26:05.0403 7504 C: <-> \Device\Harddisk0\DR0\Partition2

13:26:05.0403 7504 ============================================================

13:26:05.0403 7504 Initialize success

13:26:05.0403 7504 ============================================================

13:26:06.0643 2636 ============================================================

13:26:06.0643 2636 Scan started

13:26:06.0643 2636 Mode: Manual;

13:26:06.0643 2636 ============================================================

13:26:07.0974 2636 ================ Scan system memory ========================

13:26:07.0974 2636 System memory - ok

13:26:07.0974 2636 ================ Scan services =============================

13:26:08.0134 2636 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

13:26:08.0144 2636 1394ohci - ok

13:26:08.0194 2636 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

13:26:08.0204 2636 ACPI - ok

13:26:08.0234 2636 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

13:26:08.0234 2636 AcpiPmi - ok

13:26:08.0294 2636 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys

13:26:08.0304 2636 adfs - ok

13:26:08.0394 2636 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:26:08.0394 2636 AdobeARMservice - ok

13:26:08.0434 2636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

13:26:08.0454 2636 adp94xx - ok

13:26:08.0474 2636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

13:26:08.0484 2636 adpahci - ok

13:26:08.0484 2636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

13:26:08.0494 2636 adpu320 - ok

13:26:08.0514 2636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

13:26:08.0524 2636 AeLookupSvc - ok

13:26:08.0554 2636 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys

13:26:08.0554 2636 AFD - ok

13:26:08.0574 2636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

13:26:08.0574 2636 agp440 - ok

13:26:08.0594 2636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

13:26:08.0594 2636 ALG - ok

13:26:08.0614 2636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

13:26:08.0614 2636 aliide - ok

13:26:08.0624 2636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys

13:26:08.0624 2636 amdide - ok

13:26:08.0634 2636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

13:26:08.0644 2636 AmdK8 - ok

13:26:08.0654 2636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

13:26:08.0654 2636 AmdPPM - ok

13:26:08.0674 2636 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys

13:26:08.0674 2636 amdsata - ok

13:26:08.0684 2636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

13:26:08.0684 2636 amdsbs - ok

13:26:08.0694 2636 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys

13:26:08.0694 2636 amdxata - ok

13:26:08.0714 2636 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys

13:26:08.0724 2636 AppID - ok

13:26:08.0734 2636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

13:26:08.0744 2636 AppIDSvc - ok

13:26:08.0754 2636 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll

13:26:08.0754 2636 Appinfo - ok

13:26:08.0814 2636 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:26:08.0824 2636 Apple Mobile Device - ok

13:26:08.0844 2636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

13:26:08.0844 2636 arc - ok

13:26:08.0864 2636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

13:26:08.0864 2636 arcsas - ok

13:26:08.0994 2636 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

13:26:08.0994 2636 aspnet_state - ok

13:26:09.0014 2636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

13:26:09.0014 2636 AsyncMac - ok

13:26:09.0034 2636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys

13:26:09.0034 2636 atapi - ok

13:26:09.0064 2636 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:26:09.0074 2636 AudioEndpointBuilder - ok

13:26:09.0094 2636 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll

13:26:09.0094 2636 AudioSrv - ok

13:26:09.0154 2636 AVP - ok

13:26:09.0164 2636 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

13:26:09.0164 2636 AxInstSV - ok

13:26:09.0184 2636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

13:26:09.0194 2636 b06bdrv - ok

13:26:09.0214 2636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

13:26:09.0214 2636 b57nd60a - ok

13:26:09.0224 2636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

13:26:09.0234 2636 BDESVC - ok

13:26:09.0244 2636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

13:26:09.0244 2636 Beep - ok

13:26:09.0264 2636 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll

13:26:09.0274 2636 BFE - ok

13:26:09.0314 2636 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll

13:26:09.0324 2636 BITS - ok

13:26:09.0364 2636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

13:26:09.0364 2636 blbdrive - ok

13:26:09.0434 2636 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

13:26:09.0434 2636 Bonjour Service - ok

13:26:09.0454 2636 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

13:26:09.0454 2636 bowser - ok

13:26:09.0474 2636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:26:09.0474 2636 BrFiltLo - ok

13:26:09.0484 2636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:26:09.0494 2636 BrFiltUp - ok

13:26:09.0524 2636 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

13:26:09.0534 2636 BridgeMP - ok

13:26:09.0554 2636 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll

13:26:09.0554 2636 Browser - ok

13:26:09.0584 2636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

13:26:09.0584 2636 Brserid - ok

13:26:09.0594 2636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

13:26:09.0594 2636 BrSerWdm - ok

13:26:09.0614 2636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

13:26:09.0614 2636 BrUsbMdm - ok

13:26:09.0624 2636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

13:26:09.0624 2636 BrUsbSer - ok

13:26:09.0654 2636 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys

13:26:09.0654 2636 BthEnum - ok

13:26:09.0664 2636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

13:26:09.0664 2636 BTHMODEM - ok

13:26:09.0684 2636 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

13:26:09.0684 2636 BthPan - ok

13:26:09.0744 2636 [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

13:26:09.0754 2636 BTHPORT - ok

13:26:09.0784 2636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

13:26:09.0794 2636 bthserv - ok

13:26:09.0804 2636 [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

13:26:09.0814 2636 BTHUSB - ok

13:26:09.0844 2636 [ 3A75A1FB8E752911CE14E1CC41478055 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

13:26:09.0844 2636 btwaudio - ok

13:26:09.0884 2636 [ 765AF0B72B9CE0CAA821B86E12B73C58 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys

13:26:09.0884 2636 btwavdt - ok

13:26:09.0914 2636 [ 11E80DA0A0698C203115610AD19DB410 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

13:26:09.0914 2636 btwrchid - ok

13:26:09.0934 2636 [ AE34BE2969A5D42266746B68370BA97C ] BTWUSB C:\Windows\system32\Drivers\btwusb.sys

13:26:09.0934 2636 BTWUSB - ok

13:26:09.0944 2636 catchme - ok

13:26:09.0974 2636 [ B99D91E4CD9017F213645AA2E80EB425 ] CBDisk C:\Windows\system32\drivers\CBDisk.sys

13:26:09.0974 2636 CBDisk - ok

13:26:10.0004 2636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

13:26:10.0004 2636 cdfs - ok

13:26:10.0044 2636 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

13:26:10.0044 2636 cdrom - ok

13:26:10.0074 2636 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll

13:26:10.0074 2636 CertPropSvc - ok

13:26:10.0104 2636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

13:26:10.0104 2636 circlass - ok

13:26:10.0144 2636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

13:26:10.0154 2636 CLFS - ok

13:26:10.0224 2636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:26:10.0224 2636 clr_optimization_v2.0.50727_32 - ok

13:26:10.0264 2636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:26:10.0264 2636 clr_optimization_v2.0.50727_64 - ok

13:26:10.0364 2636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:26:10.0364 2636 clr_optimization_v4.0.30319_32 - ok

13:26:10.0384 2636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:26:10.0384 2636 clr_optimization_v4.0.30319_64 - ok

13:26:10.0414 2636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

13:26:10.0414 2636 CmBatt - ok

13:26:10.0434 2636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

13:26:10.0434 2636 cmdide - ok

13:26:10.0464 2636 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys

13:26:10.0464 2636 CNG - ok

13:26:10.0524 2636 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys

13:26:10.0534 2636 CnxtHdAudService - ok

13:26:10.0604 2636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

13:26:10.0604 2636 Compbatt - ok

13:26:10.0624 2636 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

13:26:10.0624 2636 CompositeBus - ok

13:26:10.0634 2636 COMSysApp - ok

13:26:10.0644 2636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

13:26:10.0654 2636 crcdisk - ok

13:26:10.0654 2636 Crypkey License - ok

13:26:10.0704 2636 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll

13:26:10.0714 2636 CryptSvc - ok

13:26:10.0754 2636 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll

13:26:10.0754 2636 DcomLaunch - ok

13:26:10.0784 2636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

13:26:10.0784 2636 defragsvc - ok

13:26:10.0804 2636 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

13:26:10.0804 2636 DfsC - ok

13:26:10.0844 2636 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

13:26:10.0854 2636 dg_ssudbus - ok

13:26:10.0874 2636 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll

13:26:10.0874 2636 Dhcp - ok

13:26:10.0894 2636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

13:26:10.0894 2636 discache - ok

13:26:10.0914 2636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

13:26:10.0914 2636 Disk - ok

13:26:10.0934 2636 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll

13:26:10.0934 2636 Dnscache - ok

13:26:10.0954 2636 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll

13:26:10.0964 2636 dot3svc - ok

13:26:10.0984 2636 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll

13:26:10.0984 2636 DPS - ok

13:26:11.0004 2636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

13:26:11.0004 2636 drmkaud - ok

13:26:11.0064 2636 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:26:11.0064 2636 dtsoftbus01 - ok

13:26:11.0104 2636 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

13:26:11.0144 2636 DXGKrnl - ok

13:26:11.0164 2636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

13:26:11.0174 2636 EapHost - ok

13:26:11.0244 2636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

13:26:11.0344 2636 ebdrv - ok

13:26:11.0384 2636 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe

13:26:11.0424 2636 EFS - ok

13:26:11.0604 2636 [ 3D69FAE60EDE442E004611A4EE4DB44C ] ehRecvr C:\Windows\ehome\ehRecvr.exe

13:26:11.0624 2636 ehRecvr - ok

13:26:11.0644 2636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

13:26:11.0644 2636 ehSched - ok

13:26:11.0664 2636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

13:26:11.0674 2636 elxstor - ok

13:26:11.0684 2636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

13:26:11.0684 2636 ErrDev - ok

13:26:11.0724 2636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

13:26:11.0734 2636 EventSystem - ok

13:26:11.0754 2636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

13:26:11.0754 2636 exfat - ok

13:26:11.0775 2636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

13:26:11.0775 2636 fastfat - ok

13:26:11.0805 2636 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe

13:26:11.0815 2636 Fax - ok

13:26:11.0865 2636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

13:26:11.0865 2636 fdc - ok

13:26:11.0885 2636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

13:26:11.0885 2636 fdPHost - ok

13:26:11.0905 2636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

13:26:11.0905 2636 FDResPub - ok

13:26:11.0915 2636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

13:26:11.0915 2636 FileInfo - ok

13:26:11.0925 2636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

13:26:11.0925 2636 Filetrace - ok

13:26:11.0975 2636 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:26:11.0985 2636 FLEXnet Licensing Service - ok

13:26:12.0025 2636 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

13:26:12.0045 2636 FLEXnet Licensing Service 64 - ok

13:26:12.0065 2636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

13:26:12.0065 2636 flpydisk - ok

13:26:12.0085 2636 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

13:26:12.0085 2636 FltMgr - ok

13:26:12.0115 2636 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll

13:26:12.0135 2636 FontCache - ok

13:26:12.0175 2636 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:26:12.0185 2636 FontCache3.0.0.0 - ok

13:26:12.0205 2636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

13:26:12.0205 2636 FsDepends - ok

13:26:12.0235 2636 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

13:26:12.0235 2636 Fs_Rec - ok

13:26:12.0255 2636 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

13:26:12.0255 2636 fvevol - ok

13:26:12.0265 2636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

13:26:12.0265 2636 gagp30kx - ok

13:26:12.0305 2636 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:26:12.0305 2636 GEARAspiWDM - ok

13:26:12.0335 2636 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll

13:26:12.0345 2636 gpsvc - ok

13:26:12.0365 2636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

13:26:12.0365 2636 hcw85cir - ok

13:26:12.0385 2636 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

13:26:12.0395 2636 HdAudAddService - ok

13:26:12.0405 2636 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

13:26:12.0415 2636 HDAudBus - ok

13:26:12.0435 2636 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

13:26:12.0435 2636 HECIx64 - ok

13:26:12.0455 2636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

13:26:12.0455 2636 HidBatt - ok

13:26:12.0465 2636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

13:26:12.0465 2636 HidBth - ok

13:26:12.0485 2636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

13:26:12.0485 2636 HidIr - ok

13:26:12.0505 2636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

13:26:12.0505 2636 hidserv - ok

13:26:12.0525 2636 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

13:26:12.0525 2636 HidUsb - ok

13:26:12.0535 2636 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

13:26:12.0535 2636 hkmsvc - ok

13:26:12.0555 2636 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

13:26:12.0555 2636 HomeGroupListener - ok

13:26:12.0585 2636 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

13:26:12.0595 2636 HomeGroupProvider - ok

13:26:12.0605 2636 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

13:26:12.0605 2636 HpSAMD - ok

13:26:12.0635 2636 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

13:26:12.0635 2636 HTTP - ok

13:26:12.0675 2636 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

13:26:12.0675 2636 hwpolicy - ok

13:26:12.0685 2636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

13:26:12.0685 2636 i8042prt - ok

13:26:12.0715 2636 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys

13:26:12.0715 2636 iaStorV - ok

13:26:12.0825 2636 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

13:26:12.0825 2636 IDriverT - ok

13:26:12.0875 2636 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:26:12.0895 2636 idsvc - ok

13:26:13.0095 2636 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

13:26:13.0265 2636 igfx - ok

13:26:13.0275 2636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

13:26:13.0275 2636 iirsp - ok

13:26:13.0315 2636 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll

13:26:13.0325 2636 IKEEXT - ok

13:26:13.0355 2636 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys

13:26:13.0355 2636 Impcd - ok

13:26:13.0385 2636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys

13:26:13.0385 2636 intelide - ok

13:26:13.0395 2636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

13:26:13.0395 2636 intelppm - ok

13:26:13.0405 2636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

13:26:13.0415 2636 IPBusEnum - ok

13:26:13.0425 2636 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:26:13.0425 2636 IpFilterDriver - ok

13:26:13.0455 2636 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

13:26:13.0465 2636 iphlpsvc - ok

13:26:13.0475 2636 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

13:26:13.0485 2636 IPMIDRV - ok

13:26:13.0495 2636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

13:26:13.0505 2636 IPNAT - ok

13:26:13.0545 2636 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

13:26:13.0555 2636 iPod Service - ok

13:26:13.0575 2636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

13:26:13.0575 2636 IRENUM - ok

13:26:13.0585 2636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

13:26:13.0595 2636 isapnp - ok

13:26:13.0605 2636 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

13:26:13.0615 2636 iScsiPrt - ok

13:26:13.0625 2636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

13:26:13.0625 2636 kbdclass - ok

13:26:13.0645 2636 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

13:26:13.0645 2636 kbdhid - ok

13:26:13.0665 2636 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe

13:26:13.0665 2636 KeyIso - ok

13:26:13.0725 2636 [ 8B5219318DF5895ABD230C373F2DF18A ] KL1 C:\Windows\system32\DRIVERS\kl1.sys

13:26:13.0725 2636 KL1 - ok

13:26:13.0795 2636 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys

13:26:13.0805 2636 KLIF - ok

13:26:13.0855 2636 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys

13:26:13.0855 2636 KLIM6 - ok

13:26:13.0905 2636 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys

13:26:13.0905 2636 klkbdflt - ok

13:26:13.0915 2636 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys

13:26:13.0915 2636 klmouflt - ok

13:26:13.0955 2636 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys

13:26:13.0955 2636 kltdi - ok

13:26:13.0965 2636 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys

13:26:13.0965 2636 kneps - ok

13:26:13.0995 2636 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

13:26:13.0995 2636 KSecDD - ok

13:26:14.0025 2636 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

13:26:14.0025 2636 KSecPkg - ok

13:26:14.0035 2636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

13:26:14.0035 2636 ksthunk - ok

13:26:14.0065 2636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

13:26:14.0075 2636 KtmRm - ok

13:26:14.0125 2636 [ 655A5D8E80869781CCE23760ADA7E695 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

13:26:14.0125 2636 L1C - ok

13:26:14.0165 2636 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll

13:26:14.0165 2636 LanmanServer - ok

13:26:14.0185 2636 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:26:14.0195 2636 LanmanWorkstation - ok

13:26:14.0365 2636 [ 20CDB07017497C94A0BAD253C4BAFCBC ] LkCitadelServer C:\Windows\SysWOW64\lkcitdl.exe

13:26:14.0385 2636 LkCitadelServer - ok

13:26:14.0395 2636 [ B07D786736E7B1719A90365911BC2D0A ] lkClassAds C:\Windows\SysWOW64\lkads.exe

13:26:14.0395 2636 lkClassAds - ok

13:26:14.0405 2636 [ AB1FAA47332EC2EE43BBFED7A6F0EA09 ] lkTimeSync C:\Windows\SysWOW64\lktsrv.exe

13:26:14.0415 2636 lkTimeSync - ok

13:26:14.0435 2636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

13:26:14.0435 2636 lltdio - ok

13:26:14.0455 2636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

13:26:14.0465 2636 lltdsvc - ok

13:26:14.0485 2636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

13:26:14.0495 2636 lmhosts - ok

13:26:14.0515 2636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

13:26:14.0525 2636 LSI_FC - ok

13:26:14.0545 2636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

13:26:14.0545 2636 LSI_SAS - ok

13:26:14.0565 2636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:26:14.0565 2636 LSI_SAS2 - ok

13:26:14.0585 2636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:26:14.0585 2636 LSI_SCSI - ok

13:26:14.0605 2636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

13:26:14.0605 2636 luafv - ok

13:26:14.0645 2636 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

13:26:14.0655 2636 LVRS64 - ok

13:26:14.0785 2636 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

13:26:14.0885 2636 LVUVC64 - ok

13:26:14.0925 2636 [ 543080D7653128B1FA7CD8F7DB22BADB ] M4LIC C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE

13:26:14.0925 2636 M4LIC - ok

13:26:14.0975 2636 [ 95C395FDEAF6813A1DC974DDB7EE04B4 ] MacDrive8Service C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe

13:26:14.0985 2636 MacDrive8Service - ok

13:26:14.0985 2636 MCSTRM - ok

13:26:15.0035 2636 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

13:26:15.0035 2636 Mcx2Svc - ok

13:26:15.0075 2636 [ 99875732A0C1373316AF28ED79C168CC ] MDFSYSNT C:\Windows\system32\drivers\MDFSYSNT.sys

13:26:15.0075 2636 MDFSYSNT - ok

13:26:15.0105 2636 [ 8D3B834090836A01F49B97F22AE9C83C ] MDPMGRNT C:\Windows\system32\DRIVERS\MDPMGRNT.SYS

13:26:15.0105 2636 MDPMGRNT - ok

13:26:15.0125 2636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

13:26:15.0125 2636 megasas - ok

13:26:15.0145 2636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

13:26:15.0155 2636 MegaSR - ok

13:26:15.0265 2636 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

13:26:15.0265 2636 Microsoft Office Groove Audit Service - ok

13:26:15.0285 2636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

13:26:15.0295 2636 MMCSS - ok

13:26:15.0305 2636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

13:26:15.0305 2636 Modem - ok

13:26:15.0325 2636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

13:26:15.0325 2636 monitor - ok

13:26:15.0365 2636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

13:26:15.0365 2636 mouclass - ok

13:26:15.0385 2636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

13:26:15.0385 2636 mouhid - ok

13:26:15.0405 2636 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

13:26:15.0405 2636 mountmgr - ok

13:26:15.0435 2636 [ C8619D099F8149149045772B60DB09AC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:26:15.0435 2636 MozillaMaintenance - ok

13:26:15.0455 2636 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys

13:26:15.0465 2636 mpio - ok

13:26:15.0475 2636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

13:26:15.0475 2636 mpsdrv - ok

13:26:15.0525 2636 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll

13:26:15.0535 2636 MpsSvc - ok

13:26:15.0555 2636 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

13:26:15.0555 2636 MRxDAV - ok

13:26:15.0575 2636 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

13:26:15.0575 2636 mrxsmb - ok

13:26:15.0605 2636 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:26:15.0605 2636 mrxsmb10 - ok

13:26:15.0625 2636 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:26:15.0625 2636 mrxsmb20 - ok

13:26:15.0645 2636 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

13:26:15.0645 2636 msahci - ok

13:26:15.0665 2636 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

13:26:15.0665 2636 msdsm - ok

13:26:15.0685 2636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

13:26:15.0685 2636 MSDTC - ok

13:26:15.0705 2636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

13:26:15.0705 2636 Msfs - ok

13:26:15.0715 2636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

13:26:15.0725 2636 mshidkmdf - ok

13:26:15.0735 2636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

13:26:15.0735 2636 msisadrv - ok

13:26:15.0765 2636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

13:26:15.0775 2636 MSiSCSI - ok

13:26:15.0775 2636 msiserver - ok

13:26:15.0785 2636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

13:26:15.0795 2636 MSKSSRV - ok

13:26:15.0806 2636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

13:26:15.0806 2636 MSPCLOCK - ok

13:26:15.0816 2636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

13:26:15.0816 2636 MSPQM - ok

13:26:15.0826 2636 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

13:26:15.0836 2636 MsRPC - ok

13:26:15.0886 2636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

13:26:15.0886 2636 mssmbios - ok

13:26:15.0896 2636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

13:26:15.0896 2636 MSTEE - ok

13:26:15.0906 2636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

13:26:15.0916 2636 MTConfig - ok

13:26:15.0926 2636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

13:26:15.0926 2636 Mup - ok

13:26:16.0036 2636 [ A3BA8A14490FDBF106939C37A125E82C ] mxssvr C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

13:26:16.0036 2636 mxssvr - ok

13:26:16.0076 2636 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll

13:26:16.0086 2636 napagent - ok

13:26:16.0116 2636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

13:26:16.0116 2636 NativeWifiP - ok

13:26:16.0146 2636 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys

13:26:16.0166 2636 NDIS - ok

13:26:16.0176 2636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

13:26:16.0176 2636 NdisCap - ok

13:26:16.0196 2636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

13:26:16.0196 2636 NdisTapi - ok

13:26:16.0206 2636 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

13:26:16.0206 2636 Ndisuio - ok

13:26:16.0216 2636 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

13:26:16.0226 2636 NdisWan - ok

13:26:16.0236 2636 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

13:26:16.0236 2636 NDProxy - ok

13:26:16.0256 2636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

13:26:16.0256 2636 NetBIOS - ok

13:26:16.0266 2636 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

13:26:16.0276 2636 NetBT - ok

13:26:16.0286 2636 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe

13:26:16.0286 2636 Netlogon - ok

13:26:16.0306 2636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

13:26:16.0316 2636 Netman - ok

13:26:16.0406 2636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:26:16.0416 2636 NetMsmqActivator - ok

13:26:16.0416 2636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:26:16.0426 2636 NetPipeActivator - ok

13:26:16.0456 2636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

13:26:16.0466 2636 netprofm - ok

13:26:16.0466 2636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:26:16.0476 2636 NetTcpActivator - ok

13:26:16.0476 2636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:26:16.0476 2636 NetTcpPortSharing - ok

13:26:16.0496 2636 [ 2263727032E9B19231A706046B8C82D3 ] NetworkX C:\Windows\system32\ckldrv.sys

13:26:16.0506 2636 NetworkX - ok

13:26:16.0526 2636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

13:26:16.0536 2636 nfrd960 - ok

13:26:16.0666 2636 [ F0E38750822EECC47B9913C55990F86A ] NIApplicationWebServer C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

13:26:16.0666 2636 NIApplicationWebServer - ok

13:26:16.0816 2636 [ 633CDF3EF922DD438F82468DE1C10700 ] NIApplicationWebServer64 C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe

13:26:16.0816 2636 NIApplicationWebServer64 - ok

13:26:16.0876 2636 [ 908B9667F2FD7453CBCF3A2A0444DCC1 ] NIDomainService C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

13:26:16.0876 2636 NIDomainService - ok

13:26:16.0976 2636 [ AA8896BCD689851665EFC02DC41181AC ] NILM License Manager C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe

13:26:17.0006 2636 NILM License Manager - ok

13:26:17.0046 2636 [ 8FED4893CB017F81CD1769448AD567E5 ] nimDNSResponder C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe

13:26:17.0046 2636 nimDNSResponder - ok

13:26:17.0056 2636 [ FC87856060BD0B667D2086B7050240A3 ] niSvcLoc C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe

13:26:17.0056 2636 niSvcLoc - ok

13:26:17.0116 2636 [ 4DC8C4EC1F9637110142C7D65FFB40E5 ] NITaggerService C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

13:26:17.0126 2636 NITaggerService - ok

13:26:17.0156 2636 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

13:26:17.0156 2636 NlaSvc - ok

13:26:17.0226 2636 [ CD569FA91EC6F59D045C19D0D3850F44 ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

13:26:17.0226 2636 nmservice - ok

13:26:17.0266 2636 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys

13:26:17.0266 2636 nmwcd - ok

13:26:17.0276 2636 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys

13:26:17.0286 2636 nmwcdc - ok

13:26:17.0316 2636 [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys

13:26:17.0326 2636 nmwcdnsucx64 - ok

13:26:17.0366 2636 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys

13:26:17.0376 2636 nmwcdnsux64 - ok

13:26:17.0396 2636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

13:26:17.0396 2636 Npfs - ok

13:26:17.0426 2636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

13:26:17.0436 2636 nsi - ok

13:26:17.0456 2636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

13:26:17.0456 2636 nsiproxy - ok

13:26:17.0506 2636 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

13:26:17.0556 2636 Ntfs - ok

13:26:17.0576 2636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

13:26:17.0586 2636 Null - ok

13:26:17.0606 2636 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys

13:26:17.0606 2636 nvraid - ok

13:26:17.0626 2636 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys

13:26:17.0626 2636 nvstor - ok

13:26:17.0636 2636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

13:26:17.0636 2636 nv_agp - ok

13:26:17.0716 2636 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:26:17.0726 2636 odserv - ok

13:26:17.0756 2636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

13:26:17.0756 2636 ohci1394 - ok

13:26:17.0866 2636 [ EAE6208900E2986F66F68B30AEF86E4D ] OpcEnum C:\Windows\SysWOW64\OpcEnum.exe

13:26:17.0876 2636 OpcEnum - ok

13:26:17.0916 2636 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:26:17.0916 2636 ose - ok

13:26:17.0966 2636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

13:26:17.0976 2636 p2pimsvc - ok

13:26:18.0016 2636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

13:26:18.0016 2636 p2psvc - ok

13:26:18.0036 2636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

13:26:18.0036 2636 Parport - ok

13:26:18.0056 2636 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys

13:26:18.0056 2636 partmgr - ok

13:26:18.0066 2636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

13:26:18.0076 2636 PcaSvc - ok

13:26:18.0106 2636 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

13:26:18.0106 2636 pccsmcfd - ok

13:26:18.0126 2636 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

13:26:18.0126 2636 pci - ok

13:26:18.0136 2636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

13:26:18.0136 2636 pciide - ok

13:26:18.0156 2636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

13:26:18.0156 2636 pcmcia - ok

13:26:18.0166 2636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

13:26:18.0166 2636 pcw - ok

13:26:18.0196 2636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

13:26:18.0196 2636 PEAUTH - ok

13:26:18.0236 2636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

13:26:18.0236 2636 PerfHost - ok

13:26:18.0286 2636 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

13:26:18.0326 2636 pla - ok

13:26:18.0366 2636 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

13:26:18.0366 2636 PlugPlay - ok

13:26:18.0406 2636 [ FB83B6C62DFF5ABE36304351D2BED581 ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys

13:26:18.0406 2636 pnarp - ok

13:26:18.0416 2636 PnkBstrA - ok

13:26:18.0426 2636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

13:26:18.0436 2636 PNRPAutoReg - ok

13:26:18.0446 2636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

13:26:18.0456 2636 PNRPsvc - ok

13:26:18.0476 2636 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

13:26:18.0486 2636 PolicyAgent - ok

13:26:18.0516 2636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

13:26:18.0516 2636 Power - ok

13:26:18.0546 2636 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

13:26:18.0546 2636 PptpMiniport - ok

13:26:18.0566 2636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

13:26:18.0566 2636 Processor - ok

13:26:18.0596 2636 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll

13:26:18.0606 2636 ProfSvc - ok

13:26:18.0616 2636 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe

13:26:18.0616 2636 ProtectedStorage - ok

13:26:18.0656 2636 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe

13:26:18.0666 2636 ProtexisLicensing - ok

13:26:18.0676 2636 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

13:26:18.0676 2636 Psched - ok

13:26:18.0716 2636 [ 1B3434642CE3C26E6F24D3A76D749C2A ] purendis C:\Windows\system32\DRIVERS\purendis.sys

13:26:18.0726 2636 purendis - ok

13:26:18.0746 2636 [ 595A22C4CCE855E72D475835F3DF2D53 ] pwdrvio C:\Windows\system32\pwdrvio.sys

13:26:18.0746 2636 pwdrvio - ok

13:26:18.0776 2636 [ 70EB529F6FEDAC79D0A8E3BB79999277 ] pwdspio C:\Windows\system32\pwdspio.sys

13:26:18.0776 2636 pwdspio - ok

13:26:18.0836 2636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

13:26:18.0876 2636 ql2300 - ok

13:26:18.0886 2636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

13:26:18.0896 2636 ql40xx - ok

13:26:18.0916 2636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

13:26:18.0926 2636 QWAVE - ok

13:26:18.0936 2636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

13:26:18.0946 2636 QWAVEdrv - ok

13:26:18.0986 2636 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll

13:26:18.0986 2636 RapiMgr - ok

13:26:18.0996 2636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

13:26:18.0996 2636 RasAcd - ok

13:26:19.0016 2636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

13:26:19.0016 2636 RasAgileVpn - ok

13:26:19.0036 2636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

13:26:19.0046 2636 RasAuto - ok

13:26:19.0056 2636 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

13:26:19.0056 2636 Rasl2tp - ok

13:26:19.0076 2636 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

13:26:19.0076 2636 RasMan - ok

13:26:19.0096 2636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

13:26:19.0096 2636 RasPppoe - ok

13:26:19.0106 2636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

13:26:19.0106 2636 RasSstp - ok

13:26:19.0126 2636 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

13:26:19.0136 2636 rdbss - ok

13:26:19.0156 2636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

13:26:19.0156 2636 rdpbus - ok

13:26:19.0166 2636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

13:26:19.0166 2636 RDPCDD - ok

13:26:19.0186 2636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

13:26:19.0196 2636 RDPENCDD - ok

13:26:19.0206 2636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

13:26:19.0216 2636 RDPREFMP - ok

13:26:19.0226 2636 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

13:26:19.0236 2636 RDPWD - ok

13:26:19.0246 2636 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

13:26:19.0256 2636 rdyboost - ok

13:26:19.0306 2636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

13:26:19.0316 2636 RemoteAccess - ok

13:26:19.0346 2636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

13:26:19.0346 2636 RemoteRegistry - ok

13:26:19.0396 2636 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

13:26:19.0396 2636 RFCOMM - ok

13:26:19.0436 2636 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

13:26:19.0436 2636 RimUsb - ok

13:26:19.0486 2636 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

13:26:19.0486 2636 RimVSerPort - ok

13:26:19.0506 2636 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

13:26:19.0506 2636 ROOTMODEM - ok

13:26:19.0536 2636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

13:26:19.0536 2636 RpcEptMapper - ok

13:26:19.0556 2636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

13:26:19.0566 2636 RpcLocator - ok

13:26:19.0586 2636 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll

13:26:19.0586 2636 RpcSs - ok

13:26:19.0606 2636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

13:26:19.0606 2636 rspndr - ok

13:26:19.0656 2636 [ A8ED9726734D403217A4861A6788B144 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys

13:26:19.0666 2636 rtl8192se - ok

13:26:19.0676 2636 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe

13:26:19.0676 2636 SamSs - ok

13:26:19.0716 2636 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

13:26:19.0716 2636 sbp2port - ok

13:26:19.0736 2636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

13:26:19.0746 2636 SCardSvr - ok

13:26:19.0786 2636 [ EFD61BD67E5CE72CA5CE8BB6AD3E1FDB ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys

13:26:19.0786 2636 SCDEmu - ok

13:26:19.0806 2636 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

13:26:19.0806 2636 scfilter - ok

13:26:19.0846 2636 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll

13:26:19.0876 2636 Schedule - ok

13:26:19.0916 2636 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

13:26:19.0926 2636 SCPolicySvc - ok

13:26:19.0926 2636 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

13:26:19.0936 2636 SDRSVC - ok

13:26:19.0946 2636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

13:26:19.0956 2636 secdrv - ok

13:26:19.0966 2636 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

13:26:19.0966 2636 seclogon - ok

13:26:19.0996 2636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

13:26:19.0996 2636 SENS - ok

13:26:20.0006 2636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

13:26:20.0006 2636 SensrSvc - ok

13:26:20.0016 2636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

13:26:20.0026 2636 Serenum - ok

13:26:20.0046 2636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

13:26:20.0046 2636 Serial - ok

13:26:20.0066 2636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

13:26:20.0066 2636 sermouse - ok

13:26:20.0136 2636 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

13:26:20.0146 2636 ServiceLayer - ok

13:26:20.0186 2636 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

13:26:20.0186 2636 SessionEnv - ok

13:26:20.0206 2636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

13:26:20.0206 2636 sffdisk - ok

13:26:20.0216 2636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

13:26:20.0216 2636 sffp_mmc - ok

13:26:20.0226 2636 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

13:26:20.0226 2636 sffp_sd - ok

13:26:20.0236 2636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

13:26:20.0236 2636 sfloppy - ok

13:26:20.0296 2636 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

13:26:20.0306 2636 SharedAccess - ok

13:26:20.0376 2636 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:26:20.0386 2636 ShellHWDetection - ok

13:26:20.0416 2636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:26:20.0426 2636 SiSRaid2 - ok

13:26:20.0446 2636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

13:26:20.0446 2636 SiSRaid4 - ok

13:26:20.0506 2636 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

13:26:20.0506 2636 SkypeUpdate - ok

13:26:20.0526 2636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

13:26:20.0526 2636 Smb - ok

13:26:20.0546 2636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

13:26:20.0546 2636 SNMPTRAP - ok

13:26:20.0626 2636 [ 5FA669007BD7874FBB70199211FFF64D ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

13:26:20.0636 2636 SplashtopRemoteService - ok

13:26:20.0656 2636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

13:26:20.0656 2636 spldr - ok

13:26:20.0676 2636 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe

13:26:20.0686 2636 Spooler - ok

13:26:20.0756 2636 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

13:26:20.0827 2636 sppsvc - ok

13:26:20.0837 2636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

13:26:20.0847 2636 sppuinotify - ok

13:26:20.0867 2636 [ 43067A65522EAEC33D31A12D6FA8E3F4 ] srv C:\Windows\system32\DRIVERS\srv.sys

13:26:20.0877 2636 srv - ok

13:26:20.0887 2636 [ 03715CF9C30B563DA35FC5F2B8F7B8E0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

13:26:20.0897 2636 srv2 - ok

13:26:20.0907 2636 [ FBD09635227A8026C0F7790F604343C6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

13:26:20.0917 2636 srvnet - ok

13:26:20.0957 2636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

13:26:20.0957 2636 SSDPSRV - ok

13:26:20.0977 2636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

13:26:20.0977 2636 SstpSvc - ok

13:26:21.0017 2636 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

13:26:21.0017 2636 ssudmdm - ok

13:26:21.0067 2636 [ 1CFA4A1F3C7BB4C8F299E00428EB8677 ] SSUService C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

13:26:21.0077 2636 SSUService - ok

13:26:21.0107 2636 Steam Client Service - ok

13:26:21.0127 2636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

13:26:21.0127 2636 stexstor - ok

13:26:21.0187 2636 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

13:26:21.0187 2636 StillCam - ok

13:26:21.0237 2636 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

13:26:21.0247 2636 stisvc - ok

13:26:21.0267 2636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

13:26:21.0267 2636 swenum - ok

13:26:21.0307 2636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

13:26:21.0317 2636 swprv - ok

13:26:21.0357 2636 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

13:26:21.0397 2636 SysMain - ok

13:26:21.0407 2636 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:26:21.0407 2636 TabletInputService - ok

13:26:21.0437 2636 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

13:26:21.0447 2636 TapiSrv - ok

13:26:21.0477 2636 [ 93F0F5EF8A4CA261372DF98B31B2BD05 ] tbhsd C:\Windows\system32\drivers\tbhsd.sys

13:26:21.0477 2636 tbhsd - ok

13:26:21.0507 2636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

13:26:21.0507 2636 TBS - ok

13:26:21.0577 2636 [ 90A2D722CF64D911879D6C4A4F802A4D ] Tcpip C:\Windows\system32\drivers\tcpip.sys

13:26:21.0607 2636 Tcpip - ok

13:26:21.0647 2636 [ 90A2D722CF64D911879D6C4A4F802A4D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

13:26:21.0657 2636 TCPIP6 - ok

13:26:21.0667 2636 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

13:26:21.0677 2636 tcpipreg - ok

13:26:21.0687 2636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

13:26:21.0687 2636 TDPIPE - ok

13:26:21.0707 2636 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

13:26:21.0707 2636 TDTCP - ok

13:26:21.0727 2636 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

13:26:21.0727 2636 tdx - ok

13:26:21.0737 2636 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

13:26:21.0747 2636 TermDD - ok

13:26:21.0777 2636 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

13:26:21.0787 2636 TermService - ok

13:26:21.0847 2636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

13:26:21.0857 2636 Themes - ok

13:26:21.0887 2636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

13:26:21.0887 2636 THREADORDER - ok

13:26:21.0907 2636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

13:26:21.0907 2636 TrkWks - ok

13:26:21.0957 2636 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:26:21.0957 2636 TrustedInstaller - ok

13:26:21.0987 2636 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

13:26:21.0997 2636 tssecsrv - ok

13:26:22.0007 2636 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

13:26:22.0007 2636 tunnel - ok

13:26:22.0047 2636 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS

13:26:22.0047 2636 TVALZ - ok

13:26:22.0067 2636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

13:26:22.0077 2636 uagp35 - ok

13:26:22.0077 2636 UBNRedir - ok

13:26:22.0107 2636 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys

13:26:22.0117 2636 udfs - ok

13:26:22.0147 2636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

13:26:22.0147 2636 UI0Detect - ok

13:26:22.0177 2636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

13:26:22.0177 2636 uliagpkx - ok

13:26:22.0187 2636 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

13:26:22.0187 2636 umbus - ok

13:26:22.0197 2636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

13:26:22.0197 2636 UmPass - ok

13:26:22.0217 2636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

13:26:22.0227 2636 upnphost - ok

13:26:22.0267 2636 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

13:26:22.0267 2636 USBAAPL64 - ok

13:26:22.0307 2636 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

13:26:22.0307 2636 usbaudio - ok

13:26:22.0327 2636 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

13:26:22.0327 2636 usbccgp - ok

13:26:22.0337 2636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

13:26:22.0347 2636 usbcir - ok

13:26:22.0367 2636 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

13:26:22.0377 2636 usbehci - ok

13:26:22.0407 2636 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

13:26:22.0417 2636 usbhub - ok

13:26:22.0437 2636 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

13:26:22.0437 2636 usbohci - ok

13:26:22.0447 2636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

13:26:22.0457 2636 usbprint - ok

13:26:22.0487 2636 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

13:26:22.0487 2636 usbscan - ok

13:26:22.0507 2636 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:26:22.0507 2636 USBSTOR - ok

13:26:22.0517 2636 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

13:26:22.0517 2636 usbuhci - ok

13:26:22.0557 2636 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

13:26:22.0557 2636 usbvideo - ok

13:26:22.0607 2636 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys

13:26:22.0607 2636 usb_rndisx - ok

13:26:22.0637 2636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

13:26:22.0637 2636 UxSms - ok

13:26:22.0647 2636 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe

13:26:22.0647 2636 VaultSvc - ok

13:26:22.0677 2636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

13:26:22.0677 2636 vdrvroot - ok

13:26:22.0707 2636 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

13:26:22.0717 2636 vds - ok

13:26:22.0717 2636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

13:26:22.0717 2636 vga - ok

13:26:22.0757 2636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

13:26:22.0757 2636 VgaSave - ok

13:26:22.0807 2636 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

13:26:22.0807 2636 vhdmp - ok

13:26:22.0837 2636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

13:26:22.0837 2636 viaide - ok

13:26:22.0857 2636 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

13:26:22.0857 2636 volmgr - ok

13:26:22.0887 2636 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

13:26:22.0897 2636 volmgrx - ok

13:26:22.0957 2636 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

13:26:22.0967 2636 volsnap - ok

13:26:22.0987 2636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

13:26:22.0987 2636 vsmraid - ok

13:26:23.0057 2636 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

13:26:23.0087 2636 VSS - ok

13:26:23.0137 2636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

13:26:23.0137 2636 vwifibus - ok

13:26:23.0157 2636 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

13:26:23.0157 2636 vwififlt - ok

13:26:23.0177 2636 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

13:26:23.0177 2636 vwifimp - ok

13:26:23.0187 2636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

13:26:23.0197 2636 W32Time - ok

13:26:23.0207 2636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

13:26:23.0207 2636 WacomPen - ok

13:26:23.0227 2636 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

13:26:23.0227 2636 WANARP - ok

13:26:23.0227 2636 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

13:26:23.0227 2636 Wanarpv6 - ok

13:26:23.0277 2636 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

13:26:23.0327 2636 wbengine - ok

13:26:23.0357 2636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

13:26:23.0357 2636 WbioSrvc - ok

13:26:23.0407 2636 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll

13:26:23.0417 2636 WcesComm - ok

13:26:23.0437 2636 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll

13:26:23.0447 2636 wcncsvc - ok

13:26:23.0467 2636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:26:23.0467 2636 WcsPlugInService - ok

13:26:23.0497 2636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

13:26:23.0497 2636 Wd - ok

13:26:23.0517 2636 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

13:26:23.0527 2636 Wdf01000 - ok

13:26:23.0537 2636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

13:26:23.0537 2636 WdiServiceHost - ok

13:26:23.0547 2636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

13:26:23.0547 2636 WdiSystemHost - ok

13:26:23.0557 2636 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll

13:26:23.0567 2636 WebClient - ok

13:26:23.0577 2636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

13:26:23.0587 2636 Wecsvc - ok

13:26:23.0597 2636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

13:26:23.0607 2636 wercplsupport - ok

13:26:23.0617 2636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

13:26:23.0617 2636 WerSvc - ok

13:26:23.0647 2636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

13:26:23.0647 2636 WfpLwf - ok

13:26:23.0667 2636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

13:26:23.0667 2636 WIMMount - ok

13:26:23.0697 2636 WinDefend - ok

13:26:23.0697 2636 WinHttpAutoProxySvc - ok

13:26:23.0767 2636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

13:26:23.0777 2636 Winmgmt - ok

13:26:23.0837 2636 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

13:26:23.0897 2636 WinRM - ok

13:26:23.0937 2636 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

13:26:23.0937 2636 WinUsb - ok

13:26:23.0977 2636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

13:26:23.0997 2636 Wlansvc - ok

13:26:24.0017 2636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

13:26:24.0027 2636 WmiAcpi - ok

13:26:24.0057 2636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

13:26:24.0057 2636 wmiApSrv - ok

13:26:24.0077 2636 WMPNetworkSvc - ok

13:26:24.0087 2636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

13:26:24.0097 2636 WPCSvc - ok

13:26:24.0107 2636 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

13:26:24.0107 2636 WPDBusEnum - ok

13:26:24.0117 2636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

13:26:24.0127 2636 ws2ifsl - ok

13:26:24.0137 2636 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

13:26:24.0137 2636 wscsvc - ok

13:26:24.0147 2636 WSearch - ok

13:26:24.0227 2636 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll

13:26:24.0297 2636 wuauserv - ok

13:26:24.0317 2636 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

13:26:24.0317 2636 WudfPf - ok

13:26:24.0337 2636 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

13:26:24.0337 2636 WUDFRd - ok

13:26:24.0357 2636 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll

13:26:24.0357 2636 wudfsvc - ok

13:26:24.0377 2636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

13:26:24.0377 2636 WwanSvc - ok

13:26:24.0407 2636 ================ Scan global ===============================

13:26:24.0437 2636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

13:26:24.0467 2636 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll

13:26:24.0477 2636 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll

13:26:24.0497 2636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

13:26:24.0537 2636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

13:26:24.0537 2636 [Global] - ok

13:26:24.0537 2636 ================ Scan MBR ==================================

13:26:24.0557 2636 [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0

13:26:24.0607 2636 \Device\Harddisk0\DR0 - ok

13:26:24.0607 2636 ================ Scan VBR ==================================

13:26:24.0617 2636 [ FB91A2245085D1EFB5639B1EC3A0DE9D ] \Device\Harddisk0\DR0\Partition1

13:26:24.0617 2636 \Device\Harddisk0\DR0\Partition1 - ok

13:26:24.0637 2636 [ FD677C4947BB8B313760B7C5B5F05B2C ] \Device\Harddisk0\DR0\Partition2

13:26:24.0637 2636 \Device\Harddisk0\DR0\Partition2 - ok

13:26:24.0637 2636 ============================================================

13:26:24.0637 2636 Scan finished

13:26:24.0637 2636 ============================================================

13:26:24.0657 6536 Detected object count: 0

13:26:24.0657 6536 Actual detected object count: 0

13:27:26.0684 6828 Deinitialize success

Link to post
Share on other sites

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Dibbs [Admin rights]

Mode : Scan -- Date : 01/19/2013 13:28:55

¤¤¤ Bad processes : 1 ¤¤¤

[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Dibbs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPVT-00HXZT3 ATA Device +++++

--- User ---

[MBR] fede1a3f111c563547d8f5d09ae11300

[bSP] 86c639b09967ec76f8f44519cf44c738 : Linux MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 345509 Mo

2 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 707809280 | Size: 120504 Mo

3 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 954601472 | Size: 10825 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[5]_S_01192013_02d1328.txt >>

RKreport[1]_S_12282012_02d2000.txt ; RKreport[2]_D_12282012_02d2001.txt ; RKreport[3]_S_12282012_02d2053.txt ; RKreport[4]_D_12282012_02d2053.txt ; RKreport[5]_S_01192013_02d1328.txt

Link to post
Share on other sites

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes. i_arrow-l.gif
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Dibbs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 3

Turn off your Kaspersky antivirus and then run a Full scan with MalwareBytes MBAM.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Notes & remarks FYI

Your Windows 7 is lacking Service pack 1. Getting that should be a goal of yours, once after I give you the all clear & we close this case.

For the duration of this case, do -not- do any websurfing, nor play online games,etc

Just only go to this forum & the websites I guide you to.

Also, note that the Java runtime currently on this system is out-of-date & poses a security risk.

And if you do not need Java for the programs that you use, keep Java off your system .

How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse

Also see No, Seriously, Just Disable Java in Your Browser Right Now

If you -do- need Java on your system, see Oracle releases new Java update to close security holes

Next, report:

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

My apologies I am slow to reply back. I am quite swamped..... and thanks for your time and patience.

Step 1. Nothing showed up. So nothing to delete/fix.

Step 2. Rkill log below.

Step 3. MBAM freezes and computer hangs. Cannot run MBAM even in safe mode, still freezes and hangs computer needing to restart.

I had to uninstall MBAM to proceed to next step.

Step 4. Security check log in next reply.

Rkill 2.4.6 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/23/2013 08:09:12 PM in x64 mode.

Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\crypserv.exe (PID: 1684) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/23/2013 08:09:33 PM

Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.57

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Kaspersky Internet Security

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 35

Java version out of Date!

Adobe Flash Player 11.5.502.135

Adobe Reader XI

Mozilla Firefox (19.0)

Google Chrome 23.0.1271.97

Google Chrome 24.0.1312.52

````````Process Check: objlist.exe by Laurent````````

Kaspersky Lab Kaspersky Internet Security 2013 avp.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

I understand you are swamped. We all can get quite busy at times.

Just keep me advised if you will be delayed, by just taking a minute and letting me know on the forum.

How long did you wait before judging MBAM to be in "freeze"?

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member disinfectPL only. If you are a casual viewer, do NOT try this on your system!

If you are not disinfectPL and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.