Jump to content

PC sluggish recently. Am I infected? MBAM freeze/Failing HDD hardware very possible


Pardew

Recommended Posts

Hi - Over the last couple of weeks or so, the PC has become a little slow.

With the fantastic help of Noknojon at BC, we both recommended I post my ills to this forum to acquire more specialist assistance.

After running various tools to try and rid me of the suspected cause(may not be): a pup.funmoods, pc 'seemed' ok again.

After recently d/l latest Windows updates, I ran MBAM(trial) and it froze after about a minute into QS on - HKLM\SOFTWARE\Microsoft\Installer\User Data\S-1-5-18\Components\0002109511090400000E0239E6F5E85 so had to 'naughty' reboot.

This happened about six months ago also before I first posted to BC. It was this exact item MBAM froze on back then also.

Your help is much appreciated.

Pardew

Link to post
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Hello Pardew and welcome aboard.

Windows version is ?? Antivirus program version ??

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

On Vista/ Windows 7/ Windows 8 do a RIGHT-click on DDS and select Run As Administrator :excl:

On Windows XP double click DDS to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Do -not- attach files. Always Copy all contents and Paste into main-body of reply.

Get me the 2 reports so we can get going further. This is just the beginning.

Link to post
Share on other sites

Hi Maurice. Thank you.

Sorry - Vista Home Premium sp2 & MBAM 2013.01.12.05

The logs -

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457

Run by popster at 17:34:49 on 2013-01-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1151 [GMT 0:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

C:\Windows\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\taskeng.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\System32\mobsync.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmprph.exe

C:\Program Files\AVG\AVG2012\avgcfgex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\popster\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://training.k2ms.com/WebPlayer/authorware_web_player_installers/cab/awswaxd.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://217.41.63.194:65531/img/NetCamPlayerWeb11g.ocx

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{19FD4D38-5258-444F-B48D-F367539B2C4F} : DHCPNameServer = 192.168.1.254

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

AppInit_DLLs= c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-12-26 116608]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-9 21504]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-5 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-5 682344]

R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]

R2 NMSCore;Intel® NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]

R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]

R2 QualityManager;Intel® Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\homecinema\tv enhance\kernel\tv\TVECapSvc.exe [2007-10-31 290909]

R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\homecinema\tv enhance\kernel\tv\TVESched.exe [2007-10-31 114779]

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-9-26 1242976]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-11-8 5632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-5 21104]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-11-21 569344]

R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-10-8 13976]

S?2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 DHTRACE;Intel® DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-17 30192]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 12872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-01-12 11:26:53 -------- d-----w- c:\users\popster\appdata\local\{23C1E158-874F-4017-96F2-0E1C8B1D42CA}

2013-01-09 23:50:16 1400832 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 23:50:14 2048000 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 23:50:12 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 23:38:43 -------- d-----w- c:\users\popster\appdata\local\{D20BAF27-7F5F-440C-AF77-9AA13B13A4D7}

2013-01-07 15:39:45 -------- d-----w- c:\users\popster\appdata\local\{FE3B78B2-A1B9-4BC9-AA25-137CC6DCDB2A}

2013-01-06 20:45:32 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-06 20:12:22 -------- d-----w- c:\users\popster\appdata\local\{0353B84D-8359-4634-864F-A403B401BBA7}

2013-01-05 22:35:55 -------- d-----w- c:\users\popster\appdata\local\{DA73D36E-14ED-47FD-BAAB-B205E02B3B5A}

2013-01-05 14:18:07 -------- d-----w- c:\windows\ERUNT

2013-01-05 14:10:18 -------- d-----w- c:\users\popster\appdata\roaming\Malwarebytes

2013-01-05 14:10:04 -------- d-----w- c:\programdata\Malwarebytes

2013-01-05 14:10:03 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-05 14:10:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-05 07:11:32 -------- d-----w- c:\users\popster\appdata\local\{8C91E7AA-C83C-49FC-A8F9-4819E04A6D39}

2013-01-04 11:08:32 -------- d-----w- C:\JRT

2013-01-04 10:21:36 -------- d-----w- c:\users\popster\appdata\local\{7B251A9B-91BE-4847-AC53-8909C5291605}

2013-01-03 14:21:05 -------- d-----w- c:\users\popster\appdata\local\{EFAF88C7-DAD1-4AFF-BE5E-03708A3D951A}

2013-01-02 15:42:38 -------- d-----w- c:\users\popster\appdata\local\{664603AF-1C2B-4DC2-A7B5-95D82C2A31AE}

2013-01-01 20:36:23 -------- d-----w- c:\users\popster\appdata\local\{8D96743C-6F86-47ED-9980-9B0C8D0EDC07}

2012-12-27 14:23:22 -------- d-----w- c:\users\popster\appdata\local\{A7683EE8-9CBB-475A-8BD1-07D2FB9809F0}

2012-12-26 09:22:20 -------- d-----w- c:\users\popster\appdata\local\{49B0C7F6-90A8-494A-A317-42B5C56AE07D}

2012-12-25 17:14:33 -------- d-----w- c:\users\popster\appdata\local\{FDB3203C-EAF7-49AA-AFEB-1CD828948855}

2012-12-24 14:53:24 -------- d-----w- c:\users\popster\appdata\local\{065BF280-6BE1-43C0-8C85-4C106D879DE9}

2012-12-23 17:44:25 -------- d-----w- c:\users\popster\appdata\local\{2B807B29-0FE1-443C-9881-E1524ECF504D}

2012-12-23 03:19:48 -------- d-----w- c:\users\popster\appdata\local\{2E544CA1-4145-41FA-845C-C6C67D7FCD5E}

2012-12-23 03:12:40 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-23 03:12:40 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 14:26:32 -------- d-----w- c:\users\popster\appdata\local\{D87E5F51-E2A4-40CB-B3B4-6208405AC528}

2012-12-21 11:16:23 -------- d-----w- c:\users\popster\appdata\local\{57E3105D-2A38-4AA9-9851-AF375FAAC393}

2012-12-20 12:12:32 -------- d-----w- c:\users\popster\appdata\local\{41F54AF3-A858-4651-A60B-678974846643}

2012-12-20 00:50:51 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-20 00:50:29 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-20 00:50:29 16896 ----a-w- c:\windows\system32\winusb.dll

2012-12-20 00:50:29 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-20 00:50:28 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-20 00:50:28 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-20 00:50:26 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-20 00:50:26 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-20 00:50:25 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-20 00:50:25 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-20 00:50:24 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-20 00:47:22 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-20 00:47:16 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-20 00:47:13 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-12-20 00:47:13 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2012-12-19 12:35:28 -------- d-----w- c:\users\popster\appdata\local\{60F237C6-5D8C-4808-806A-CC6F47FD4206}

2012-12-18 16:41:34 -------- d-----w- c:\users\popster\appdata\local\{C155CC2D-8CA2-4CA6-B775-311BFE3C2987}

2012-12-15 11:05:57 -------- d-----w- c:\users\popster\appdata\local\{5EBA6C58-7D89-4A4A-8992-FC8148B66805}

2012-12-14 23:05:32 -------- d-----w- c:\users\popster\appdata\local\{9CDAF7DE-87A9-47C8-B352-3B0EF886463C}

.

==================== Find3M ====================

.

2013-01-10 00:10:16 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-10 00:10:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 17:35:32.46 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 17/07/2008 16:25:03

System Uptime: 12/01/2013 11:23:51 (6 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7502

Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 1992/332mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 446 GiB total, 105.992 GiB free.

D: is FIXED (FAT32) - 20 GiB total, 10.383 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1956: 19/12/2012 13:37:42 - Scheduled Checkpoint

RP1957: 20/12/2012 00:48:08 - Windows Update

RP1958: 20/12/2012 14:03:31 - Scheduled Checkpoint

RP1959: 21/12/2012 12:20:42 - Scheduled Checkpoint

RP1960: 22/12/2012 16:02:37 - Scheduled Checkpoint

RP1961: 23/12/2012 03:09:15 - Windows Update

RP1962: 23/12/2012 03:12:29 - Windows Update

RP1963: 24/12/2012 16:39:22 - Scheduled Checkpoint

RP1964: 25/12/2012 18:09:53 - Scheduled Checkpoint

RP1965: 26/12/2012 10:09:41 - Scheduled Checkpoint

RP1966: 27/12/2012 00:00:05 - Scheduled Checkpoint

RP1967: 27/12/2012 15:27:33 - Scheduled Checkpoint

RP1968: 30/12/2012 08:35:36 - Scheduled Checkpoint

RP1969: 01/01/2013 19:53:53 - Scheduled Checkpoint

RP1970: 02/01/2013 16:37:58 - Scheduled Checkpoint

RP1972: 03/01/2013 03:21:24 - Removed Samsung PC Studio 3

RP1973: 03/01/2013 14:34:04 - Windows Update

RP1974: 04/01/2013 12:59:38 - Scheduled Checkpoint

RP1975: 05/01/2013 15:46:21 - Scheduled Checkpoint

RP1976: 06/01/2013 20:43:09 - Installed Java 7 Update 10

RP1977: 06/01/2013 21:37:49 - Removed Java 6 Update 3

RP1978: 06/01/2013 21:41:29 - Removed Java 6 Update 3

RP1979: 06/01/2013 21:47:45 - Removed Java 6 Update 3

RP1980: 06/01/2013 21:48:00 - Removed Java 6 Update 4

RP1981: 06/01/2013 21:48:54 - Removed Java 6 Update 7

RP1982: 06/01/2013 21:49:29 - Removed Java 6 Update 3

RP1983: 06/01/2013 22:02:51 - Removed Java 6 Update 3

RP1984: 07/01/2013 22:15:53 - Scheduled Checkpoint

RP1985: 09/01/2013 23:51:02 - Windows Update

RP1986: 10/01/2013 00:15:15 - Windows Update

RP1987: 10/01/2013 00:21:08 - Windows Update

RP1988: 10/01/2013 01:26:26 - Removed Java 6 Update 3

RP1989: 12/01/2013 15:25:24 - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

AAC Decoder

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.5

Alcatel SpeedTouch USB Software

Apple Application Support

Apple Mobile Device Support

Apple Software Update

µTorrent

Audacity 1.2.6

AVG 2012

Bonjour

BT Broadband Desktop Help

BT Yahoo! Applications

BTHomeHub

Compatibility Pack for the 2007 Office system

D3DX10

DivX Codec

DivX Plus DirectShow Filters

DivX Version Checker

DivX Web Player

Epson Easy Photo Print 2

EPSON Printer Software

Epson Stylus SX210_SX410_TX210_TX410 Manual

EPSON SX410 Series Printer Uninstall

Google Chrome

Google Desktop

Google Earth

Google Update Helper

Google Updater

H.264 Decoder

Highlight Viewer (Windows Live Toolbar)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iCloud

Intel® Matrix Storage Manager

Intel® PRO Network Connections 12.2.41.0

Intel® Viiv Software

iTunes

Java 7 Update 10

Java Auto Updater

Java 6 Update 3

Junk Mail filter update

MakeDisc

Malwarebytes Anti-Malware version 1.70.0.1100

Map Button (Windows Live Toolbar)

MCE Software Encoder 1.1

MediaShow

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher 2007

Microsoft Office Publisher 2007 Trial

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MKV Splitter

MobileMe Control Panel

MSVCRT

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Premium

neroxml

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OpenOffice.org 3.3

Opera 12.12

PHOTOfunSTUDIO

PhotoNow! 1.0

PIF DESIGNER2.1

PowerDirector

PowerProducer

QuickTime

Real Alternative 1.9.0

Realtek High Definition Audio Driver

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio 3 USB Driver Installer

ScanToWeb

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Segoe UI

Smart Menus (Windows Live Toolbar)

Spelling Dictionaries Support For Adobe Reader 8

SSC Service Utility v4.30

SUPERAntiSpyware Free Edition

TV Enhance

Ulead PhotoImpact 12

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.762

VCRedistSetup

Windows Live Communications Platform

Windows Live Essentials

Windows Live Favorites for Windows Live Toolbar

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

WMPTagSupportExtender

X10 Hardware

.

==== Event Viewer Messages From Past Week ========

.

12/01/2013 17:09:26, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.

12/01/2013 11:27:16, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).

12/01/2013 11:25:56, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

12/01/2013 11:25:56, Error: Service Control Manager [7023] - The Intel® Viiv Media Server service terminated with the following error: Catastrophic failure

10/01/2013 00:33:29, Error: EventLog [6008] - The previous system shutdown at 00:28:18 on 10/01/2013 was unexpected.

10/01/2013 00:00:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/01/2013 00:00:34, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/01/2013 00:00:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

09/01/2013 23:54:48, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2756919).

09/01/2013 23:54:43, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2756919 (Security Update) into Staging(Staging) state

09/01/2013 23:54:43, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2756919 (Security Update) into Resolved(Resolved) state

06/01/2013 20:13:47, Error: Microsoft-Windows-SharedAccess_NAT [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.1.254 on the same network as the interface with IP address 192.168.0.1. The allocator has disabled itself on the interface to avoid confusing DHCP clients.

05/01/2013 14:33:45, Error: EventLog [6008] - The previous system shutdown at 14:28:57 on 05/01/2013 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites

Your logs showed some peer-to-peer filesharing apps: µTorrent :excl: I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
    On Windows 7, press Windows-key, then start typing in text box
Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]
Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)
If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon[/b] at the top
Press any key to continue as it says in the window {space-bar will do}
If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
Have infinite patience during this process
Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
Once the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue :excl:
Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]
If prompted to restart your computer to complete the removal process, click [b]Yes[/b] :excl:
If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last Quick scan to verify that there are no remaining threats

Reply with copy of the MBAM scan log for review.

Link to post
Share on other sites

How long did you give it -before- you judged it to be frozen? Less than 15 minutes?

I always advise "infinite patience" when trying to hunt & remove malware.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

I left the MBAM scan only 10 mins approximately.

There were no threats found. The scan did not prompt a reboot but unable to copy and paste 'report'. (Can highlight text but unable on right-click to copy and paste)

Is there an alternative way of doing this.

Sorry.

Link to post
Share on other sites

At the end of the MBAM run, the report should have automatically popped up & showed in Notepad.

If it really found nothing, then I do not need a copy of the MBAM scan log.

I need for you to get & run TDSSKILLER as I outlined earlier. Please proceed forward.

Link to post
Share on other sites

I'm sorry.

As regards this issue, in post 10 it was the TDSSKiller report I was referring to. The TDS Killer reported no threats found. I could not copy and paste the report resulting from the TDSS scan.

I am used to copying and pasting right-clicking the mouse. I've only recently discovered the Ctrl+C > Ctrl+V method.

14:19:43.0911 1268 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

14:19:44.0270 1268 ============================================================

14:19:44.0270 1268 Current date / time: 2013/01/16 14:19:44.0270

14:19:44.0270 1268 SystemInfo:

14:19:44.0270 1268

14:19:44.0270 1268 OS Version: 6.0.6002 ServicePack: 2.0

14:19:44.0270 1268 Product type: Workstation

14:19:44.0270 1268 ComputerName: DAVE

14:19:44.0270 1268 UserName: popster

14:19:44.0270 1268 Windows directory: C:\Windows

14:19:44.0270 1268 System windows directory: C:\Windows

14:19:44.0270 1268 Processor architecture: Intel x86

14:19:44.0270 1268 Number of processors: 2

14:19:44.0270 1268 Page size: 0x1000

14:19:44.0270 1268 Boot type: Normal boot

14:19:44.0270 1268 ============================================================

14:19:44.0597 1268 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:19:44.0629 1268 ============================================================

14:19:44.0629 1268 \Device\Harddisk0\DR0:

14:19:44.0629 1268 MBR partitions:

14:19:44.0629 1268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37B8418F

14:19:44.0644 1268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8420D, BlocksNum 0x2800A34

14:19:44.0644 1268 ============================================================

14:19:44.0675 1268 C: <-> \Device\Harddisk0\DR0\Partition1

14:19:44.0707 1268 D: <-> \Device\Harddisk0\DR0\Partition2

14:19:44.0707 1268 ============================================================

14:19:44.0707 1268 Initialize success

14:19:44.0707 1268 ============================================================

14:19:54.0301 1796 ============================================================

14:19:54.0301 1796 Scan started

14:19:54.0301 1796 Mode: Manual;

14:19:54.0301 1796 ============================================================

14:19:54.0410 1796 ================ Scan system memory ========================

14:19:54.0410 1796 System memory - ok

14:19:54.0410 1796 ================ Scan services =============================

14:19:54.0566 1796 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

14:19:54.0566 1796 !SASCORE - ok

14:19:54.0789 1796 [ 53A3664BCA7BBC1C09744455BF2EA136 ] 3xHybrid C:\Windows\system32\DRIVERS\3xHybrid.sys

14:19:54.0805 1796 3xHybrid - ok

14:19:54.0852 1796 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

14:19:54.0852 1796 ACPI - ok

14:19:54.0961 1796 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

14:19:54.0961 1796 AdobeARMservice - ok

14:19:55.0054 1796 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:19:55.0054 1796 AdobeFlashPlayerUpdateSvc - ok

14:19:55.0086 1796 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

14:19:55.0086 1796 adp94xx - ok

14:19:55.0101 1796 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys

14:19:55.0101 1796 adpahci - ok

14:19:55.0117 1796 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

14:19:55.0117 1796 adpu160m - ok

14:19:55.0132 1796 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys

14:19:55.0132 1796 adpu320 - ok

14:19:55.0148 1796 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

14:19:55.0148 1796 AeLookupSvc - ok

14:19:55.0210 1796 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

14:19:55.0210 1796 AFD - ok

14:19:55.0226 1796 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

14:19:55.0226 1796 aic78xx - ok

14:19:55.0257 1796 [ 235CED68762538AAE388CCA5CDC0441A ] alcan5wn C:\Windows\system32\DRIVERS\alcan5wn.sys

14:19:55.0257 1796 alcan5wn - ok

14:19:55.0288 1796 [ D6652432D103B4228FFAD7A754A374B5 ] alcaudsl C:\Windows\system32\DRIVERS\alcaudsl.sys

14:19:55.0288 1796 alcaudsl - ok

14:19:55.0351 1796 [ CF86F64A1AEA27E5FA97E697BF70346D ] AlertService C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

14:19:55.0351 1796 AlertService - ok

14:19:55.0382 1796 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

14:19:55.0382 1796 ALG - ok

14:19:55.0398 1796 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys

14:19:55.0398 1796 aliide - ok

14:19:55.0413 1796 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys

14:19:55.0413 1796 amdagp - ok

14:19:55.0429 1796 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys

14:19:55.0429 1796 amdide - ok

14:19:55.0444 1796 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

14:19:55.0444 1796 AmdK7 - ok

14:19:55.0460 1796 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

14:19:55.0460 1796 AmdK8 - ok

14:19:55.0476 1796 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

14:19:55.0476 1796 Appinfo - ok

14:19:55.0543 1796 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:19:55.0543 1796 Apple Mobile Device - ok

14:19:55.0559 1796 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys

14:19:55.0559 1796 arc - ok

14:19:55.0590 1796 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys

14:19:55.0590 1796 arcsas - ok

14:19:55.0621 1796 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

14:19:55.0621 1796 AsyncMac - ok

14:19:55.0637 1796 [ 78620BDA3EC87816E5D1FA86F920BC3A ] atapi C:\Windows\system32\drivers\atapi.sys

14:19:55.0637 1796 atapi - ok

14:19:55.0699 1796 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

14:19:55.0699 1796 AudioEndpointBuilder - ok

14:19:55.0715 1796 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

14:19:55.0715 1796 Audiosrv - ok

14:19:55.0777 1796 [ C46BA2C177DF0B84F9C0BFC1E4574DC7 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys

14:19:55.0777 1796 Avgfwfd - ok

14:19:55.0902 1796 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe

14:19:55.0917 1796 avgfws - ok

14:19:56.0073 1796 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

14:19:56.0105 1796 AVGIDSAgent - ok

14:19:56.0167 1796 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys

14:19:56.0167 1796 AVGIDSDriver - ok

14:19:56.0183 1796 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys

14:19:56.0183 1796 AVGIDSFilter - ok

14:19:56.0214 1796 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys

14:19:56.0214 1796 AVGIDSHX - ok

14:19:56.0229 1796 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys

14:19:56.0229 1796 AVGIDSShim - ok

14:19:56.0276 1796 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys

14:19:56.0276 1796 Avgldx86 - ok

14:19:56.0323 1796 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys

14:19:56.0323 1796 Avgmfx86 - ok

14:19:56.0370 1796 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys

14:19:56.0370 1796 Avgrkx86 - ok

14:19:56.0417 1796 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys

14:19:56.0417 1796 Avgtdix - ok

14:19:56.0432 1796 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe

14:19:56.0432 1796 avgwd - ok

14:19:56.0463 1796 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

14:19:56.0463 1796 Beep - ok

14:19:56.0510 1796 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

14:19:56.0510 1796 BFE - ok

14:19:56.0573 1796 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll

14:19:56.0573 1796 BITS - ok

14:19:56.0588 1796 blbdrive - ok

14:19:56.0635 1796 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

14:19:56.0635 1796 Bonjour Service - ok

14:19:56.0697 1796 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

14:19:56.0697 1796 bowser - ok

14:19:56.0713 1796 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

14:19:56.0713 1796 BrFiltLo - ok

14:19:56.0729 1796 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

14:19:56.0729 1796 BrFiltUp - ok

14:19:56.0744 1796 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

14:19:56.0744 1796 Browser - ok

14:19:56.0760 1796 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

14:19:56.0760 1796 Brserid - ok

14:19:56.0775 1796 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

14:19:56.0775 1796 BrSerWdm - ok

14:19:56.0775 1796 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

14:19:56.0775 1796 BrUsbMdm - ok

14:19:56.0791 1796 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

14:19:56.0791 1796 BrUsbSer - ok

14:19:56.0791 1796 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

14:19:56.0807 1796 BTHMODEM - ok

14:19:56.0838 1796 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

14:19:56.0838 1796 cdfs - ok

14:19:56.0869 1796 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

14:19:56.0869 1796 cdrom - ok

14:19:56.0900 1796 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

14:19:56.0900 1796 CertPropSvc - ok

14:19:56.0916 1796 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys

14:19:56.0916 1796 circlass - ok

14:19:56.0978 1796 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

14:19:56.0978 1796 CLFS - ok

14:19:57.0041 1796 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:19:57.0041 1796 clr_optimization_v2.0.50727_32 - ok

14:19:57.0087 1796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:19:57.0087 1796 clr_optimization_v4.0.30319_32 - ok

14:19:57.0119 1796 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys

14:19:57.0119 1796 cmdide - ok

14:19:57.0134 1796 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

14:19:57.0134 1796 Compbatt - ok

14:19:57.0134 1796 COMSysApp - ok

14:19:57.0165 1796 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

14:19:57.0165 1796 crcdisk - ok

14:19:57.0165 1796 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys

14:19:57.0165 1796 Crusoe - ok

14:19:57.0197 1796 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll

14:19:57.0197 1796 CryptSvc - ok

14:19:57.0243 1796 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

14:19:57.0259 1796 DcomLaunch - ok

14:19:57.0290 1796 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

14:19:57.0290 1796 DfsC - ok

14:19:57.0384 1796 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

14:19:57.0399 1796 DFSR - ok

14:19:57.0446 1796 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

14:19:57.0446 1796 Dhcp - ok

14:19:57.0477 1796 [ 2C56880D37785CF2C07B0309CEBB0A7D ] DHTRACE C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

14:19:57.0477 1796 DHTRACE - ok

14:19:57.0509 1796 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

14:19:57.0509 1796 disk - ok

14:19:57.0555 1796 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

14:19:57.0555 1796 Dnscache - ok

14:19:57.0602 1796 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

14:19:57.0602 1796 dot3svc - ok

14:19:57.0633 1796 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

14:19:57.0633 1796 DPS - ok

14:19:57.0665 1796 [ 28B42D80CE943A98C6BCEA67263CBDFF ] DQLWinService C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

14:19:57.0665 1796 DQLWinService - ok

14:19:57.0696 1796 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

14:19:57.0696 1796 drmkaud - ok

14:19:57.0743 1796 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

14:19:57.0758 1796 DXGKrnl - ok

14:19:57.0789 1796 [ 476D9F2F0789CDE89ACEE2A2FB21EC5A ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys

14:19:57.0789 1796 e1express - ok

14:19:57.0805 1796 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

14:19:57.0805 1796 E1G60 - ok

14:19:57.0821 1796 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

14:19:57.0821 1796 EapHost - ok

14:19:57.0852 1796 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

14:19:57.0852 1796 Ecache - ok

14:19:57.0899 1796 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

14:19:57.0914 1796 ehRecvr - ok

14:19:57.0930 1796 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

14:19:57.0930 1796 ehSched - ok

14:19:57.0945 1796 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

14:19:57.0945 1796 ehstart - ok

14:19:57.0961 1796 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys

14:19:57.0961 1796 elxstor - ok

14:19:58.0023 1796 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

14:19:58.0023 1796 EMDMgmt - ok

14:19:58.0086 1796 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

14:19:58.0086 1796 EventSystem - ok

14:19:58.0117 1796 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

14:19:58.0133 1796 exfat - ok

14:19:58.0179 1796 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

14:19:58.0179 1796 fastfat - ok

14:19:58.0195 1796 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

14:19:58.0195 1796 fdc - ok

14:19:58.0211 1796 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

14:19:58.0211 1796 fdPHost - ok

14:19:58.0226 1796 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

14:19:58.0242 1796 FDResPub - ok

14:19:58.0257 1796 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys

14:19:58.0257 1796 FETNDIS - ok

14:19:58.0289 1796 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

14:19:58.0289 1796 FileInfo - ok

14:19:58.0320 1796 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

14:19:58.0320 1796 Filetrace - ok

14:19:58.0335 1796 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

14:19:58.0335 1796 flpydisk - ok

14:19:58.0382 1796 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

14:19:58.0382 1796 FltMgr - ok

14:19:58.0460 1796 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll

14:19:58.0460 1796 FontCache - ok

14:19:58.0538 1796 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:19:58.0538 1796 FontCache3.0.0.0 - ok

14:19:58.0554 1796 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

14:19:58.0554 1796 Fs_Rec - ok

14:19:58.0585 1796 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

14:19:58.0585 1796 gagp30kx - ok

14:19:58.0632 1796 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys

14:19:58.0632 1796 GEARAspiWDM - ok

14:19:58.0694 1796 [ F0187E45268E86AAAA932CBD9087BEA8 ] GoogleDesktopManager-110309-193829 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

14:19:58.0694 1796 GoogleDesktopManager-110309-193829 - ok

14:19:58.0741 1796 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

14:19:58.0757 1796 gpsvc - ok

14:19:58.0819 1796 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

14:19:58.0819 1796 gupdate - ok

14:19:58.0850 1796 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

14:19:58.0850 1796 gupdatem - ok

14:19:58.0897 1796 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

14:19:58.0897 1796 gusvc - ok

14:19:58.0944 1796 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

14:19:58.0944 1796 HdAudAddService - ok

14:19:58.0991 1796 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

14:19:59.0006 1796 HDAudBus - ok

14:19:59.0022 1796 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

14:19:59.0022 1796 HidBth - ok

14:19:59.0037 1796 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

14:19:59.0037 1796 HidIr - ok

14:19:59.0084 1796 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll

14:19:59.0084 1796 hidserv - ok

14:19:59.0115 1796 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

14:19:59.0115 1796 HidUsb - ok

14:19:59.0147 1796 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

14:19:59.0147 1796 hkmsvc - ok

14:19:59.0162 1796 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

14:19:59.0162 1796 HpCISSs - ok

14:19:59.0193 1796 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

14:19:59.0193 1796 HTTP - ok

14:19:59.0193 1796 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys

14:19:59.0193 1796 i2omp - ok

14:19:59.0225 1796 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

14:19:59.0225 1796 i8042prt - ok

14:19:59.0256 1796 [ 9BCF5972C941B4B5CB60DED03CB9E300 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

14:19:59.0271 1796 IAANTMON - ok

14:19:59.0287 1796 [ 28AAE599496B4930B3F19026F2083BC4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

14:19:59.0287 1796 iaStor - ok

14:19:59.0303 1796 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

14:19:59.0303 1796 iaStorV - ok

14:19:59.0365 1796 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:19:59.0365 1796 idsvc - ok

14:19:59.0381 1796 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

14:19:59.0381 1796 iirsp - ok

14:19:59.0427 1796 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

14:19:59.0443 1796 IKEEXT - ok

14:19:59.0505 1796 [ 9F5898EBD3BBE82EADF2EFA595F02A72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

14:19:59.0521 1796 IntcAzAudAddService - ok

14:19:59.0552 1796 [ 7F440F8CED849FCDFA85BB3521B4F048 ] IntelDH C:\Windows\system32\Drivers\IntelDH.sys

14:19:59.0552 1796 IntelDH - ok

14:19:59.0568 1796 [ E5EA1C17DA5065032E346591FF64F3AF ] intelide C:\Windows\system32\drivers\intelide.sys

14:19:59.0568 1796 intelide - ok

14:19:59.0599 1796 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

14:19:59.0599 1796 intelppm - ok

14:19:59.0630 1796 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

14:19:59.0630 1796 IPBusEnum - ok

14:19:59.0646 1796 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:19:59.0646 1796 IpFilterDriver - ok

14:19:59.0693 1796 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

14:19:59.0693 1796 iphlpsvc - ok

14:19:59.0693 1796 IpInIp - ok

14:19:59.0724 1796 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

14:19:59.0724 1796 IPMIDRV - ok

14:19:59.0755 1796 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

14:19:59.0755 1796 IPNAT - ok

14:19:59.0786 1796 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

14:19:59.0802 1796 iPod Service - ok

14:19:59.0833 1796 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

14:19:59.0833 1796 IRENUM - ok

14:19:59.0833 1796 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys

14:19:59.0833 1796 isapnp - ok

14:19:59.0880 1796 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

14:19:59.0880 1796 iScsiPrt - ok

14:19:59.0942 1796 [ 50ADB2883F8874AA6632A67CD410F27F ] ISSM C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

14:19:59.0942 1796 ISSM - ok

14:19:59.0973 1796 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

14:19:59.0973 1796 iteatapi - ok

14:19:59.0989 1796 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

14:19:59.0989 1796 iteraid - ok

14:20:00.0005 1796 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

14:20:00.0005 1796 kbdclass - ok

14:20:00.0051 1796 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

14:20:00.0051 1796 kbdhid - ok

14:20:00.0098 1796 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

14:20:00.0098 1796 KeyIso - ok

14:20:00.0114 1796 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

14:20:00.0129 1796 KSecDD - ok

14:20:00.0161 1796 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

14:20:00.0176 1796 KtmRm - ok

14:20:00.0207 1796 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

14:20:00.0207 1796 LanmanServer - ok

14:20:00.0239 1796 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

14:20:00.0254 1796 LanmanWorkstation - ok

14:20:00.0270 1796 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

14:20:00.0270 1796 lltdio - ok

14:20:00.0317 1796 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

14:20:00.0317 1796 lltdsvc - ok

14:20:00.0348 1796 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

14:20:00.0363 1796 lmhosts - ok

14:20:00.0379 1796 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

14:20:00.0379 1796 LSI_FC - ok

14:20:00.0395 1796 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

14:20:00.0395 1796 LSI_SAS - ok

14:20:00.0426 1796 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

14:20:00.0426 1796 LSI_SCSI - ok

14:20:00.0457 1796 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

14:20:00.0457 1796 luafv - ok

14:20:00.0473 1796 [ 9A3741D5412AB81B86992915E3ECD3E9 ] M1 Server C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

14:20:00.0473 1796 M1 Server - ok

14:20:00.0504 1796 [ D6767D36902E4B9F9EBB2DDD3BBF1A35 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys

14:20:00.0504 1796 mbamchameleon - ok

14:20:00.0535 1796 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

14:20:00.0535 1796 MBAMProtector - ok

14:20:00.0566 1796 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

14:20:00.0582 1796 MBAMScheduler - ok

14:20:00.0597 1796 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

14:20:00.0597 1796 MBAMService - ok

14:20:00.0629 1796 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe

14:20:00.0629 1796 McciCMService - ok

14:20:00.0660 1796 [ 6AD27B01272F966C9611A398961FCF15 ] MCLServiceATL C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

14:20:00.0660 1796 MCLServiceATL - ok

14:20:00.0691 1796 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

14:20:00.0691 1796 Mcx2Svc - ok

14:20:00.0707 1796 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys

14:20:00.0707 1796 megasas - ok

14:20:00.0722 1796 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

14:20:00.0722 1796 MMCSS - ok

14:20:00.0738 1796 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

14:20:00.0738 1796 Modem - ok

14:20:00.0769 1796 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

14:20:00.0769 1796 monitor - ok

14:20:00.0769 1796 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

14:20:00.0769 1796 mouclass - ok

14:20:00.0816 1796 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

14:20:00.0816 1796 mouhid - ok

14:20:00.0831 1796 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

14:20:00.0831 1796 MountMgr - ok

14:20:00.0847 1796 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys

14:20:00.0847 1796 mpio - ok

14:20:00.0878 1796 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

14:20:00.0878 1796 mpsdrv - ok

14:20:00.0925 1796 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

14:20:00.0941 1796 MpsSvc - ok

14:20:00.0941 1796 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

14:20:00.0941 1796 Mraid35x - ok

14:20:00.0972 1796 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

14:20:00.0972 1796 MREMP50 - ok

14:20:00.0972 1796 MREMP50a64 - ok

14:20:00.0972 1796 MREMPR5 - ok

14:20:00.0987 1796 MRENDIS5 - ok

14:20:00.0987 1796 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

14:20:00.0987 1796 MRESP50 - ok

14:20:01.0003 1796 MRESP50a64 - ok

14:20:01.0050 1796 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

14:20:01.0050 1796 MRxDAV - ok

14:20:01.0097 1796 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

14:20:01.0097 1796 mrxsmb - ok

14:20:01.0112 1796 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:20:01.0128 1796 mrxsmb10 - ok

14:20:01.0143 1796 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:20:01.0143 1796 mrxsmb20 - ok

14:20:01.0143 1796 [ 86068B8B54A5EB092F51657F00B2222A ] msahci C:\Windows\system32\drivers\msahci.sys

14:20:01.0143 1796 msahci - ok

14:20:01.0190 1796 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys

14:20:01.0190 1796 msdsm - ok

14:20:01.0206 1796 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

14:20:01.0206 1796 MSDTC - ok

14:20:01.0237 1796 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

14:20:01.0237 1796 Msfs - ok

14:20:01.0253 1796 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

14:20:01.0253 1796 msisadrv - ok

14:20:01.0284 1796 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

14:20:01.0284 1796 MSiSCSI - ok

14:20:01.0284 1796 msiserver - ok

14:20:01.0299 1796 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

14:20:01.0299 1796 MSKSSRV - ok

14:20:01.0331 1796 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

14:20:01.0331 1796 MSPCLOCK - ok

14:20:01.0346 1796 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

14:20:01.0346 1796 MSPQM - ok

14:20:01.0377 1796 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

14:20:01.0377 1796 MsRPC - ok

14:20:01.0409 1796 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

14:20:01.0409 1796 mssmbios - ok

14:20:01.0409 1796 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

14:20:01.0409 1796 MSTEE - ok

14:20:01.0471 1796 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

14:20:01.0471 1796 Mup - ok

14:20:01.0518 1796 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

14:20:01.0518 1796 napagent - ok

14:20:01.0565 1796 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

14:20:01.0565 1796 NativeWifiP - ok

14:20:01.0643 1796 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

14:20:01.0643 1796 NBService - ok

14:20:01.0705 1796 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

14:20:01.0705 1796 NDIS - ok

14:20:01.0736 1796 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

14:20:01.0736 1796 NdisTapi - ok

14:20:01.0752 1796 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

14:20:01.0752 1796 Ndisuio - ok

14:20:01.0783 1796 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

14:20:01.0783 1796 NdisWan - ok

14:20:01.0814 1796 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

14:20:01.0814 1796 NDProxy - ok

14:20:01.0830 1796 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

14:20:01.0830 1796 NetBIOS - ok

14:20:01.0877 1796 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

14:20:01.0877 1796 netbt - ok

14:20:01.0892 1796 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

14:20:01.0892 1796 Netlogon - ok

14:20:01.0923 1796 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

14:20:01.0923 1796 Netman - ok

14:20:01.0955 1796 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

14:20:01.0955 1796 netprofm - ok

14:20:01.0986 1796 [ DF938648626332E830A9BD153110AA75 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys

14:20:02.0001 1796 netr28u - ok

14:20:02.0033 1796 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:20:02.0048 1796 NetTcpPortSharing - ok

14:20:02.0064 1796 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

14:20:02.0064 1796 nfrd960 - ok

14:20:02.0095 1796 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

14:20:02.0095 1796 NlaSvc - ok

14:20:02.0189 1796 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

14:20:02.0189 1796 NMIndexingService - ok

14:20:02.0220 1796 [ 5384D7A64E7B6011E98D68F69DCFC980 ] NMSCore C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

14:20:02.0220 1796 NMSCore - ok

14:20:02.0251 1796 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] nmsunidr C:\Windows\system32\DRIVERS\nmsunidr.sys

14:20:02.0251 1796 nmsunidr - ok

14:20:02.0282 1796 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

14:20:02.0282 1796 Npfs - ok

14:20:02.0313 1796 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

14:20:02.0313 1796 nsi - ok

14:20:02.0329 1796 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

14:20:02.0329 1796 nsiproxy - ok

14:20:02.0391 1796 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

14:20:02.0407 1796 Ntfs - ok

14:20:02.0438 1796 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

14:20:02.0438 1796 ntrigdigi - ok

14:20:02.0438 1796 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

14:20:02.0438 1796 Null - ok

14:20:02.0657 1796 [ 68BA207655B6CD6BBDCB8917C8F241F5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:20:02.0703 1796 nvlddmkm - ok

14:20:02.0719 1796 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys

14:20:02.0719 1796 nvraid - ok

14:20:02.0735 1796 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys

14:20:02.0750 1796 nvstor - ok

14:20:02.0766 1796 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

14:20:02.0766 1796 nv_agp - ok

14:20:02.0766 1796 NwlnkFlt - ok

14:20:02.0766 1796 NwlnkFwd - ok

14:20:02.0813 1796 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:20:02.0813 1796 odserv - ok

14:20:02.0859 1796 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

14:20:02.0859 1796 ohci1394 - ok

14:20:02.0875 1796 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:20:02.0875 1796 ose - ok

14:20:02.0937 1796 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

14:20:02.0937 1796 p2pimsvc - ok

14:20:02.0969 1796 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

14:20:02.0969 1796 p2psvc - ok

14:20:03.0015 1796 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\DRIVERS\parport.sys

14:20:03.0015 1796 Parport - ok

14:20:03.0062 1796 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

14:20:03.0062 1796 partmgr - ok

14:20:03.0062 1796 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

14:20:03.0062 1796 Parvdm - ok

14:20:03.0093 1796 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

14:20:03.0093 1796 PcaSvc - ok

14:20:03.0140 1796 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

14:20:03.0140 1796 pci - ok

14:20:03.0171 1796 [ 304048C2565A803D091CCA1AC945F593 ] pciide C:\Windows\system32\drivers\pciide.sys

14:20:03.0171 1796 pciide - ok

14:20:03.0187 1796 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

14:20:03.0187 1796 pcmcia - ok

14:20:03.0218 1796 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

14:20:03.0218 1796 PEAUTH - ok

14:20:03.0312 1796 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

14:20:03.0327 1796 pla - ok

14:20:03.0390 1796 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

14:20:03.0390 1796 PlugPlay - ok

14:20:03.0421 1796 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

14:20:03.0421 1796 PNRPAutoReg - ok

14:20:03.0437 1796 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

14:20:03.0452 1796 PNRPsvc - ok

14:20:03.0468 1796 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

14:20:03.0468 1796 PolicyAgent - ok

14:20:03.0468 1796 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

14:20:03.0468 1796 PptpMiniport - ok

14:20:03.0483 1796 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys

14:20:03.0483 1796 Processor - ok

14:20:03.0499 1796 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

14:20:03.0515 1796 ProfSvc - ok

14:20:03.0515 1796 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

14:20:03.0515 1796 ProtectedStorage - ok

14:20:03.0561 1796 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

14:20:03.0577 1796 PSched - ok

14:20:03.0608 1796 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys

14:20:03.0624 1796 ql2300 - ok

14:20:03.0639 1796 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

14:20:03.0639 1796 ql40xx - ok

14:20:03.0686 1796 [ 938A882B718866E24CA5F71DFC925866 ] QualityManager C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

14:20:03.0686 1796 QualityManager - ok

14:20:03.0702 1796 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

14:20:03.0717 1796 QWAVE - ok

14:20:03.0733 1796 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

14:20:03.0733 1796 QWAVEdrv - ok

14:20:03.0795 1796 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

14:20:03.0795 1796 R300 - ok

14:20:03.0827 1796 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

14:20:03.0827 1796 RasAcd - ok

14:20:03.0842 1796 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

14:20:03.0842 1796 RasAuto - ok

14:20:03.0873 1796 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

14:20:03.0873 1796 Rasl2tp - ok

14:20:03.0920 1796 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

14:20:03.0920 1796 RasMan - ok

14:20:03.0967 1796 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

14:20:03.0967 1796 RasPppoe - ok

14:20:03.0998 1796 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

14:20:04.0014 1796 RasSstp - ok

14:20:04.0045 1796 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

14:20:04.0061 1796 rdbss - ok

14:20:04.0092 1796 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

14:20:04.0092 1796 RDPCDD - ok

14:20:04.0107 1796 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

14:20:04.0107 1796 rdpdr - ok

14:20:04.0123 1796 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

14:20:04.0123 1796 RDPENCDD - ok

14:20:04.0154 1796 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

14:20:04.0170 1796 RDPWD - ok

14:20:04.0185 1796 [ A8430231E1A06828210248C79755BF9C ] Remote UI Service C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

14:20:04.0185 1796 Remote UI Service - ok

14:20:04.0217 1796 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

14:20:04.0217 1796 RemoteAccess - ok

14:20:04.0279 1796 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

14:20:04.0279 1796 RemoteRegistry - ok

14:20:04.0310 1796 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe

14:20:04.0310 1796 RichVideo - ok

14:20:04.0341 1796 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys

14:20:04.0341 1796 RimUsb - ok

14:20:04.0373 1796 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

14:20:04.0373 1796 RpcLocator - ok

14:20:04.0404 1796 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll

14:20:04.0404 1796 RpcSs - ok

14:20:04.0435 1796 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

14:20:04.0435 1796 rspndr - ok

14:20:04.0435 1796 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

14:20:04.0435 1796 SamSs - ok

14:20:04.0497 1796 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

14:20:04.0497 1796 SASDIFSV - ok

14:20:04.0529 1796 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

14:20:04.0529 1796 SASENUM - ok

14:20:04.0544 1796 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

14:20:04.0544 1796 SASKUTIL - ok

14:20:04.0575 1796 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

14:20:04.0575 1796 sbp2port - ok

14:20:04.0607 1796 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

14:20:04.0622 1796 SCardSvr - ok

14:20:04.0669 1796 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

14:20:04.0669 1796 Schedule - ok

14:20:04.0685 1796 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

14:20:04.0685 1796 SCPolicySvc - ok

14:20:04.0700 1796 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

14:20:04.0700 1796 SDRSVC - ok

14:20:04.0778 1796 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

14:20:04.0778 1796 SeaPort - ok

14:20:04.0809 1796 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

14:20:04.0809 1796 secdrv - ok

14:20:04.0825 1796 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

14:20:04.0825 1796 seclogon - ok

14:20:04.0856 1796 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

14:20:04.0856 1796 SENS - ok

14:20:04.0872 1796 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

14:20:04.0872 1796 Serenum - ok

14:20:04.0903 1796 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys

14:20:04.0903 1796 Serial - ok

14:20:04.0934 1796 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

14:20:04.0934 1796 sermouse - ok

14:20:04.0965 1796 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

14:20:04.0965 1796 SessionEnv - ok

14:20:04.0981 1796 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

14:20:04.0981 1796 sffdisk - ok

14:20:04.0997 1796 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

14:20:04.0997 1796 sffp_mmc - ok

14:20:04.0997 1796 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

14:20:04.0997 1796 sffp_sd - ok

14:20:05.0012 1796 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

14:20:05.0012 1796 sfloppy - ok

14:20:05.0028 1796 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

14:20:05.0043 1796 SharedAccess - ok

14:20:05.0090 1796 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

14:20:05.0090 1796 ShellHWDetection - ok

14:20:05.0106 1796 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

14:20:05.0106 1796 SiSRaid2 - ok

14:20:05.0121 1796 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

14:20:05.0121 1796 SiSRaid4 - ok

14:20:05.0231 1796 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

14:20:05.0262 1796 slsvc - ok

14:20:05.0293 1796 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

14:20:05.0309 1796 SLUINotify - ok

14:20:05.0340 1796 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

14:20:05.0340 1796 Smb - ok

14:20:05.0371 1796 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

14:20:05.0371 1796 SNMPTRAP - ok

14:20:05.0402 1796 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

14:20:05.0402 1796 spldr - ok

14:20:05.0433 1796 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

14:20:05.0433 1796 Spooler - ok

14:20:05.0480 1796 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

14:20:05.0480 1796 srv - ok

14:20:05.0511 1796 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

14:20:05.0527 1796 srv2 - ok

14:20:05.0527 1796 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

14:20:05.0527 1796 srvnet - ok

14:20:05.0558 1796 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

14:20:05.0558 1796 SSDPSRV - ok

14:20:05.0574 1796 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

14:20:05.0589 1796 SstpSvc - ok

14:20:05.0605 1796 [ 5A1D0CA8A5F1E7B4EC50B9D76C001F0E ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys

14:20:05.0605 1796 ss_bus - ok

14:20:05.0621 1796 [ F0A85580E36A3A85059037D39A9CF079 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys

14:20:05.0621 1796 ss_mdfl - ok

14:20:05.0621 1796 [ 84C3DBFD1BFA4ADC0A950B3D5506CB00 ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys

14:20:05.0636 1796 ss_mdm - ok

14:20:05.0652 1796 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys

14:20:05.0652 1796 StarOpen - ok

14:20:05.0699 1796 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

14:20:05.0714 1796 stisvc - ok

14:20:05.0730 1796 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

14:20:05.0730 1796 swenum - ok

14:20:05.0761 1796 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

14:20:05.0777 1796 swprv - ok

14:20:05.0792 1796 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

14:20:05.0792 1796 Symc8xx - ok

14:20:05.0808 1796 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

14:20:05.0808 1796 Sym_hi - ok

14:20:05.0808 1796 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

14:20:05.0823 1796 Sym_u3 - ok

14:20:05.0855 1796 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

14:20:05.0870 1796 SysMain - ok

14:20:05.0901 1796 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

14:20:05.0901 1796 TabletInputService - ok

14:20:05.0948 1796 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

14:20:05.0948 1796 TapiSrv - ok

14:20:05.0979 1796 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

14:20:05.0979 1796 TBS - ok

14:20:06.0042 1796 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

14:20:06.0042 1796 Tcpip - ok

14:20:06.0073 1796 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

14:20:06.0073 1796 Tcpip6 - ok

14:20:06.0104 1796 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

14:20:06.0104 1796 tcpipreg - ok

14:20:06.0135 1796 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

14:20:06.0135 1796 TDPIPE - ok

14:20:06.0151 1796 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

14:20:06.0151 1796 TDTCP - ok

14:20:06.0198 1796 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

14:20:06.0198 1796 tdx - ok

14:20:06.0245 1796 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

14:20:06.0245 1796 TermDD - ok

14:20:06.0260 1796 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

14:20:06.0276 1796 TermService - ok

14:20:06.0276 1796 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

14:20:06.0291 1796 Themes - ok

14:20:06.0307 1796 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

14:20:06.0307 1796 THREADORDER - ok

14:20:06.0338 1796 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

14:20:06.0338 1796 TrkWks - ok

14:20:06.0369 1796 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

14:20:06.0369 1796 TrustedInstaller - ok

14:20:06.0385 1796 [ B56368B25A51CEBDA77E6B20764F07F2 ] TSHWMDTCP C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys

14:20:06.0385 1796 TSHWMDTCP - ok

14:20:06.0401 1796 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

14:20:06.0401 1796 tssecsrv - ok

14:20:06.0416 1796 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

14:20:06.0416 1796 tunmp - ok

14:20:06.0447 1796 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

14:20:06.0447 1796 tunnel - ok

14:20:06.0525 1796 [ DEC8ACEBD9CD1F3DD6F4F3A6308D8B94 ] TVECapSvc C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

14:20:06.0541 1796 TVECapSvc - ok

14:20:06.0541 1796 [ 7A5A6987397F78B1606BDB5C407D3574 ] TVESched C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

14:20:06.0541 1796 TVESched - ok

14:20:06.0557 1796 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

14:20:06.0572 1796 uagp35 - ok

14:20:06.0603 1796 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

14:20:06.0603 1796 udfs - ok

14:20:06.0635 1796 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

14:20:06.0635 1796 UI0Detect - ok

14:20:06.0650 1796 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

14:20:06.0650 1796 uliagpkx - ok

14:20:06.0666 1796 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys

14:20:06.0666 1796 uliahci - ok

14:20:06.0681 1796 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

14:20:06.0681 1796 UlSata - ok

14:20:06.0697 1796 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

14:20:06.0697 1796 ulsata2 - ok

14:20:06.0728 1796 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

14:20:06.0728 1796 umbus - ok

14:20:06.0744 1796 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

14:20:06.0759 1796 upnphost - ok

14:20:06.0806 1796 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

14:20:06.0806 1796 USBAAPL - ok

14:20:06.0837 1796 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

14:20:06.0837 1796 usbccgp - ok

14:20:06.0853 1796 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

14:20:06.0853 1796 usbcir - ok

14:20:06.0900 1796 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

14:20:06.0900 1796 usbehci - ok

14:20:06.0962 1796 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

14:20:06.0962 1796 usbhub - ok

14:20:06.0978 1796 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

14:20:06.0978 1796 usbohci - ok

14:20:07.0025 1796 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

14:20:07.0025 1796 usbprint - ok

14:20:07.0040 1796 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

14:20:07.0040 1796 usbscan - ok

14:20:07.0056 1796 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:20:07.0056 1796 USBSTOR - ok

14:20:07.0087 1796 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

14:20:07.0087 1796 usbuhci - ok

14:20:07.0134 1796 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

14:20:07.0149 1796 UxSms - ok

14:20:07.0196 1796 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

14:20:07.0196 1796 vds - ok

14:20:07.0227 1796 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

14:20:07.0227 1796 vga - ok

14:20:07.0243 1796 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

14:20:07.0243 1796 VgaSave - ok

14:20:07.0259 1796 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys

14:20:07.0259 1796 viaagp - ok

14:20:07.0274 1796 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

14:20:07.0274 1796 ViaC7 - ok

14:20:07.0290 1796 [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide C:\Windows\system32\drivers\viaide.sys

14:20:07.0290 1796 viaide - ok

14:20:07.0305 1796 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

14:20:07.0305 1796 volmgr - ok

14:20:07.0352 1796 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

14:20:07.0352 1796 volmgrx - ok

14:20:07.0399 1796 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys

14:20:07.0399 1796 volsnap - ok

14:20:07.0430 1796 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

14:20:07.0430 1796 vsmraid - ok

14:20:07.0493 1796 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

14:20:07.0493 1796 VSS - ok

14:20:07.0508 1796 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

14:20:07.0508 1796 W32Time - ok

14:20:07.0524 1796 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

14:20:07.0524 1796 WacomPen - ok

14:20:07.0555 1796 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

14:20:07.0555 1796 Wanarp - ok

14:20:07.0555 1796 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

14:20:07.0555 1796 Wanarpv6 - ok

14:20:07.0602 1796 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

14:20:07.0617 1796 wcncsvc - ok

14:20:07.0633 1796 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

14:20:07.0633 1796 WcsPlugInService - ok

14:20:07.0649 1796 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys

14:20:07.0649 1796 Wd - ok

14:20:07.0711 1796 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

14:20:07.0711 1796 Wdf01000 - ok

14:20:07.0742 1796 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

14:20:07.0742 1796 WdiServiceHost - ok

14:20:07.0742 1796 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

14:20:07.0758 1796 WdiSystemHost - ok

14:20:07.0805 1796 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

14:20:07.0820 1796 WebClient - ok

14:20:07.0851 1796 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

14:20:07.0851 1796 Wecsvc - ok

14:20:07.0867 1796 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

14:20:07.0883 1796 wercplsupport - ok

14:20:07.0914 1796 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

14:20:07.0914 1796 WerSvc - ok

14:20:07.0961 1796 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

14:20:07.0961 1796 WinDefend - ok

14:20:07.0976 1796 WinHttpAutoProxySvc - ok

14:20:08.0054 1796 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

14:20:08.0054 1796 Winmgmt - ok

14:20:08.0101 1796 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

14:20:08.0101 1796 WinRM - ok

14:20:08.0163 1796 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

14:20:08.0179 1796 Wlansvc - ok

14:20:08.0257 1796 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:20:08.0273 1796 wlidsvc - ok

14:20:08.0288 1796 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

14:20:08.0288 1796 WmiAcpi - ok

14:20:08.0335 1796 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

14:20:08.0335 1796 wmiApSrv - ok

14:20:08.0382 1796 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

14:20:08.0397 1796 WMPNetworkSvc - ok

14:20:08.0444 1796 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

14:20:08.0444 1796 WPCSvc - ok

14:20:08.0475 1796 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

14:20:08.0475 1796 WPDBusEnum - ok

14:20:08.0507 1796 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

14:20:08.0507 1796 WpdUsb - ok

14:20:08.0585 1796 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:20:08.0600 1796 WPFFontCache_v0400 - ok

14:20:08.0616 1796 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

14:20:08.0631 1796 ws2ifsl - ok

14:20:08.0647 1796 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

14:20:08.0647 1796 wscsvc - ok

14:20:08.0647 1796 WSearch - ok

14:20:08.0741 1796 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

14:20:08.0741 1796 wuauserv - ok

14:20:08.0787 1796 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

14:20:08.0787 1796 WudfPf - ok

14:20:08.0803 1796 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

14:20:08.0803 1796 WUDFRd - ok

14:20:08.0850 1796 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

14:20:08.0850 1796 wudfsvc - ok

14:20:08.0881 1796 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys

14:20:08.0881 1796 X10Hid - ok

14:20:08.0881 1796 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

14:20:08.0881 1796 x10nets - ok

14:20:08.0928 1796 [ 0625DB94911790F20A866A564D22612B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys

14:20:08.0928 1796 XUIF - ok

14:20:08.0928 1796 ================ Scan global ===============================

14:20:08.0975 1796 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

14:20:09.0021 1796 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

14:20:09.0037 1796 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

14:20:09.0084 1796 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

14:20:09.0084 1796 [Global] - ok

14:20:09.0084 1796 ================ Scan MBR ==================================

14:20:09.0099 1796 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

14:20:09.0411 1796 \Device\Harddisk0\DR0 - ok

14:20:09.0411 1796 ================ Scan VBR ==================================

14:20:09.0427 1796 [ 215389B626F6DCCB7E2A94E38E6F35D0 ] \Device\Harddisk0\DR0\Partition1

14:20:09.0427 1796 \Device\Harddisk0\DR0\Partition1 - ok

14:20:09.0443 1796 [ 53FFF33F0003704265EA430550B1A3D3 ] \Device\Harddisk0\DR0\Partition2

14:20:09.0443 1796 \Device\Harddisk0\DR0\Partition2 - ok

14:20:09.0443 1796 ============================================================

14:20:09.0443 1796 Scan finished

14:20:09.0443 1796 ============================================================

14:20:09.0458 5624 Detected object count: 0

14:20:09.0458 5624 Actual detected object count: 0

Link to post
Share on other sites

The TDSSKILLER report shows no issue.

Follow the directions to run a full MBAM scan. Close all your open programs beforehand.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

Hi.

Followed instructions above. I disable my AVG(MBAM is set to ignore AVG anyway)

During MBAM full scan, it froze after a minute on C:\TVE.iss for about 5 minutes then froze again on 04m55s. A further 10 mins elapsed when it bluescreened -

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 2057

Additional information about the problem:

BCCode: 1000008e

BCP1: C002001C

BCP2: 8871586C

BCP3: 962192E8

BCP4: 00000000

OS Version: 6_0_6002

Service Pack: 2_0

Product: 768_1

Files that help describe the problem:

C:\Windows\Minidump\Mini011713-01.dmp

C:\Users\popster\AppData\Local\temp\WER-214173-0.sysdata.xml

C:\Users\popster\AppData\Local\temp\WER95E8.tmp.version.txt

......then the pc performed a chkdsk on auto reboot.

Link to post
Share on other sites

The next time (if) you get a STOP code (a.k.a. blue screen) I need to have the actual STOP code {which is on the 1st line}

Let's put aside MBAM scan. Let's do this next

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Pardew only. If you are a casual viewer, do NOT try this on your system!

If you are not Pardew and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

Hi -

Carried out above.(About 5 mins into Combofix scan, a windows opened 'PEV.exe stopped working')

Combofix log

ComboFix 13-01-17.03 - popster 17/01/2013 19:08:00.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1059 [GMT 0:00]

Running from: c:\users\popster\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 )))))))))))))))))))))))))))))))

.

.

2013-01-17 19:17 . 2013-01-17 19:17 -------- d-----w- c:\users\popster\AppData\Local\temp

2013-01-17 15:39 . 2013-01-17 15:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-14 20:00 . 2013-01-14 20:00 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-01-14 19:47 . 2013-01-14 19:48 -------- d-----w- c:\program files\ERUNT

2013-01-09 23:50 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 23:50 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 23:50 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-06 20:45 . 2012-11-28 10:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-05 14:18 . 2013-01-05 14:18 -------- d-----w- c:\windows\ERUNT

2013-01-05 14:10 . 2013-01-05 14:10 -------- d-----w- c:\users\popster\AppData\Roaming\Malwarebytes

2013-01-05 14:10 . 2013-01-05 14:10 -------- d-----w- c:\programdata\Malwarebytes

2013-01-05 14:10 . 2013-01-05 14:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-05 14:10 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-04 11:08 . 2013-01-05 14:17 -------- d-----w- C:\JRT

2012-12-23 03:12 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-23 03:12 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-20 00:50 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-20 00:50 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-20 00:50 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-20 00:50 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll

2012-12-20 00:50 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-20 00:50 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-20 00:50 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-20 00:50 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-20 00:50 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-20 00:50 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-20 00:50 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-20 00:47 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-20 00:47 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-20 00:47 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-12-20 00:47 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-10 00:10 . 2012-04-01 19:58 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-10 00:10 . 2011-05-16 05:16 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2008-12-10 02:01 . 2008-12-10 02:02 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [N/A]

.

c:\users\popster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-03-10 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2010-04-19 12:46 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]

2009-09-14 16:56 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

2007-06-27 10:18 215256 ----a-w- c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2009-12-19 19:36 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2007-10-08 14:19 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-09 22:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2012-12-14 16:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2012-03-08 17:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-06-29 18:16 1373480 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]

2007-06-27 10:14 439512 ----a-w- c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-11-06 19:00 8530464 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-11-06 19:00 81920 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

2007-11-06 19:00 86016 ----a-w- c:\windows\System32\nvsvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-08-17 03:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-09 05:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]

2007-10-19 17:42 155648 ----a-w- c:\program files\HomeCinema\TV Enhance\TVEService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-12 17:17 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:10]

.

2013-01-12 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-17 19:53]

.

2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:54]

.

2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 15:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: motive.com\pbttbc.bt

TCP: DhcpNameServer = 192.168.1.254

DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://217.41.63.194:65531/img/NetCamPlayerWeb11g.ocx

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

MSConfigStartUp-PlayMovie - c:\program files\HomeCinema\PlayMovie\PMVService.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-17 19:17

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4210753331-32940636-3746106261-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6438A827-D06D-F09F-4DAD-5F352EC17E55}*]

"hafnegnglkndbkdb"=hex:6b,61,62,65,67,65,6d,65,62,66,6a,65,6e,65,64,66,67,69,

6e,67,67,6f,00,02

"iadnkophcijnaaanml"=hex:6b,61,68,65,6c,6a,6c,6a,66,6c,70,65,67,6c,62,6d,6b,6b,

68,6b,64,63,00,00

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2013-01-17 19:20:28

ComboFix-quarantined-files.txt 2013-01-17 19:20

.

Pre-Run: 111,942,623,232 bytes free

Post-Run: 112,867,704,832 bytes free

.

- - End Of File - - 83E2C5150DE174988D959E9E472DF224

Link to post
Share on other sites

2013-01-17 19:19:36 . 2013-01-17 19:19:36 910 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PlayMovie.reg.dat

2013-01-17 19:19:35 . 2013-01-17 19:19:35 1,000 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AppleSyncNotifier.reg.dat

2013-01-17 19:19:35 . 2013-01-17 19:19:35 988 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat

2013-01-17 19:19:35 . 2013-01-17 19:19:35 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat

2013-01-17 19:19:35 . 2013-01-17 19:19:35 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat

2013-01-17 19:19:30 . 2013-01-17 19:19:30 167 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MobileDocuments.reg.dat

2013-01-17 19:14:58 . 2013-01-17 19:14:58 5,213 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2013-01-17 19:05:19 . 2013-01-17 19:08:00 62 ----a-w- C:\Qoobox\Quarantine\catchme.log

Hope this is the one.

Link to post
Share on other sites

Let's have you proceed with the following:

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in a new reply

Step 2

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into a new reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Step 3

Please perform this online scan at F-Secure: F-Secure Online Scanner

The online scan button is on the bottom of the page.

Follow the directions in the F-Secure page for proper Installation.

You may receive an alert on the address bar at this point to install the ActiveX control.

Click on that alert and then click "Install ActiveX component".

Read the license agreement and click "Accept".

Click "Custom Scan" and be sure the following are checked:

  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Scan inside archives
  • Use advanced heuristics

When the scan completes, click the "I want to decide item by item" button.

For each item found, Select "Disinfect" and click "Next".

When done, click the "Show Report" button, then copy and paste the entire report into a new reply.

Link to post
Share on other sites

Updated instructions for aswMBR, follow:

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

aswmbr-1_zps5bcff15d.gif

On the following screen:

aswmbr-2_zpse79f2c16.gif

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

When done with this, go back and do items in Steps 2 & 3 from my previous reply. :)

Link to post
Share on other sites

Hi Maurice

Here are the logs for step 1 & 2

With the F-SECURE online scanner, I get - The latest version of Java is required to run F-Secure Online Scanner. You can download it from http://java.sun.com or by clicking the download button.

After installing Java Runtime Environment, you can continue the launching process of F-Secure Online Scanner.

I have Java 7 Update 10 installed in progs and features. The latest version is update 11 so I installed Java SE Development Kit 7 Update 11 and it still won't initiate the scanner when I click continue.

Should I uninstall Java SE Development Kit 7 Update 11?

Step 1

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-01-18 23:00:09

-----------------------------

23:00:09.086 OS Version: Windows 6.0.6002 Service Pack 2

23:00:09.086 Number of processors: 2 586 0xF0B

23:00:09.086 ComputerName: DAVE UserName:

23:00:10.646 Initialize success

23:01:03.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:01:03.701 Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 3

23:01:03.716 Disk 0 MBR read successfully

23:01:03.716 Disk 0 MBR scan

23:01:03.716 Disk 0 Windows VISTA default MBR code

23:01:03.716 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 456456 MB offset 63

23:01:03.716 Disk 0 Partition - 00 0F Extended LBA 20481 MB offset 934822350

23:01:03.747 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20481 MB offset 934822413

23:01:03.747 Disk 0 scanning sectors +976768065

23:01:03.794 Disk 0 scanning C:\Windows\system32\drivers

23:01:11.818 Service scanning

23:01:28.369 Modules scanning

23:01:46.496 Scan finished successfully

23:02:32.984 Disk 0 MBR has been saved successfully to "C:\Users\popster\Desktop\MBR.dat"

23:02:32.999 The log file has been saved successfully to "C:\Users\popster\Desktop\aswMBR.txt"

Step 2

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : popster [Admin rights]

Mode : Scan -- Date : 01/18/2013 23:08:15

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\popster\AppData\Local\Temp\IHU9175.tmp.exe -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKLM\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKLM\[...]\Advanced : Start_ShowRun (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500830AS +++++

--- User ---

[MBR] 32b3eb136abd2fd9b29b7dbea9b70ba0

[bSP] 04a411becf51529dc915b996c93d9252 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 456456 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 934822350 | Size: 20481 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01182013_02d2308.txt >>

RKreport[1]_S_01182013_02d2308.txt

Link to post
Share on other sites

When starting a reply, please do not put any "formatting" or editing. It looks like you are forcing Italic format.

Plain format is appreciated.

Hold off on any change to Java. Let's cancel the F-Secure scan request.

Do as much as possible of the following. IF the Eset online scan does not work, skip & do the next Step.

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\popster\AppData\Local\Temp\IHU9175.tmp.exe -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into a new reply.

Step 2

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log into a new reply.

Step 4

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in a new reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Step 5

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.