Had JS/Blacole. Nothing is working properly

saharanz · June 3, 2013

I've been having problems for a few weeks now. Finally managed to get Avira to do full scan in safe mode without freezing and it picked up and removed JS/Blacole. Super antispyware comes back clean. Same with Avira, or it freezes mid scan. I can't open Malawarebytes, incl. Chameleon or Avast (uninstalled Avira, checking to see if a different virus scanner would help). Emisoft Emergency kit freezes every time.

I'm running Windos 7 and am now at the point where I need some help!

saharanz · June 3, 2013

Wasn't sure if I should add these but it looks like its the first thing you'll ask for so here they go:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.15.2

Run by Team MacKenzie at 11:52:22 on 2013-06-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.5150 [GMT 10:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = Preserve

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} -

BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} -

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -

TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} -

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s

mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{8E195604-012C-40A9-A42C-2AF777527283} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B}\343564 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B}\E45445745414256343 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B}\E45445745414257383 : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 130.102.1.190 vpn.uq.edu.au

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Team MacKenzie\AppData\Roaming\Mozilla\Firefox\Profiles\bje3w57u.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Users\Team MacKenzie\AppData\Roaming\Mozilla\Firefox\Profiles\bje3w57u.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Users\Team MacKenzie\AppData\Roaming\Mozilla\Firefox\Profiles\bje3w57u.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-06-03 08:00; wrc@avast.com; C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-1-29 14456]

R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-1-1 25960]

R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-10-8 39768]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-7-13 138024]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-7-13 471144]

S0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-6-3 65336]

S0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-6-3 189936]

S1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Team MacKenzie\Desktop\eek\Run\a2ddax64.sys [2013-6-3 26176]

S1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-6-3 1025808]

S1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-6-3 378432]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-7-13 13824]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]

S2 Ad-Aware Service;Ad-Aware Service;"C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" --> C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [?]

S2 AntiVirSchedulerService;Avira Scheduler;"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [?]

S2 AntiVirService;Avira Realtime Protection;"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [?]

S2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-6-3 33400]

S2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-6-3 80816]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-3 46808]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SBAMSvc;Ad-Aware;"C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" --> C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [?]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-13 2656536]

S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-18 544248]

S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-19 968880]

S3 acsock;acsock;C:\windows\System32\drivers\acsock64.sys [2012-10-18 107432]

S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]

S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]

S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-8 51712]

S3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-15 327168]

S3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]

S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-13 317440]

S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2011-8-19 351136]

S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]

S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-7-13 166704]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-5 1255736]

.

=============== Created Last 30 ================

.

2013-06-02 22:00:22 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2013-06-02 22:00:22 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2013-06-02 22:00:22 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys

2013-06-02 22:00:22 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys

2013-06-02 22:00:22 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2013-06-02 21:43:30 -------- d-----w- C:\3ae3b71526c007986eeb86

2013-06-02 21:42:55 41664 ----a-w- C:\windows\avastSS.scr

2013-06-02 21:42:36 -------- d-----w- C:\Program Files\AVAST Software

2013-06-02 21:24:32 -------- d-----w- C:\ProgramData\AVAST Software

2013-06-02 11:53:11 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-06-02 11:53:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-30 09:49:46 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF522546-7A0E-4058-AD0E-71DB7864C1B3}\mpengine.dll

2013-05-30 03:26:48 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2013-05-19 06:30:33 -------- d-----w- C:\windows\pss

.

==================== Find3M ====================

.

2013-05-19 22:43:50 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-19 22:43:50 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-05-01 16:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe

2013-03-25 20:39:46 4546560 ----a-w- C:\windows\SysWow64\GPhotos.scr

.

============= FINISH: 11:53:32.67 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 03/12/2011 02:09:57

System Uptime: 03/06/2013 11:30:08 (0 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 300V3A/300V4A/300V5A

Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU | 2195/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 270 GiB total, 81.807 GiB free.

D: is FIXED (NTFS) - 404 GiB total, 31.162 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Hosts File Hijack ======================

.

Hosts: 130.102.1.190 vpn.uq.edu.au

.

==== Installed Programs ======================

.

Überwachungstool für die Intel® Turbo-Boost-Technik 2.0

Ad-Aware Antivirus

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Lightroom 4.2 64-bit

Adobe Reader XI (11.0.02)

Amazon MP3-Downloader 1.0.9

Anti-phishing Domain Advisor

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Client Installation Program

avast! Free Antivirus

AVG Security Toolbar

Avira Free Antivirus

Bonjour

CamToPrint

Canon Easy-WebPrint EX

Canon MP Navigator EX 3.0

Canon MP640 series MP Drivers

Canon MP640 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

CDDRV_Installer

Cisco AnyConnect Secure Mobility Client

CyberLink Power2Go

Dropbox

Easy Content Share

Easy Migration

EasyFileShare

Eco Mode

erLT

ETDWare PS/2-X64 8.0.7.2_WHQL

File Uploader

Garmin Communicator Plugin

Garmin Communicator Plugin x64

Garmin Lifetime Updater

Garmin USB Drivers

Garmin WebUpdater

Google Chrome

Google Earth Plug-in

Google Update Helper

GPL Ghostscript 8.71

GSview 4.9

HandBrake 0.9.8

iCloud

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless Software for Bluetooth® Technology

Intel® PROSet/Wireless WiFi-Software

Intel® Rapid Storage Technology

Interactive Guide

iTunes

Java 7 Update 15

Java Auto Updater

Java 6 Update 29

KhalInstallWrapper

Logitech SetPoint

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MiKTeX 2.9

Mozilla Firefox 20.0.1 (x86 en-GB)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nikon Message Center

Nikon Message Center 2

Nikon Movie Editor

Nikon Transfer

NVIDIA Control Panel 267.54

NVIDIA Graphics Driver 267.54

NVIDIA Install Application

NVIDIA Optimus 1.0.21

NVIDIA Update Components

PeaZip 4.7.2

Picasa 3

Picture Control Utility

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Revo Uninstaller 1.93

Samsung AnyWeb Print

Samsung Control Center

Samsung Printer Live Update

Samsung Recovery Solution 5

Samsung Universal Print Driver

Samsung Universal Scan Driver

Samsung Update Plus

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Skype Click to Call

Skype™ 6.3

Spam Free Search Bar

SUPERAntiSpyware

TeXnicCenter Version 1.0 Stable RC1

TikzEdt 0.2.1

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

ViewNX 2

VLC media player 1.1.11

Webcam 2080 series

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)

WordCaptureX Pro

.

==== Event Viewer Messages From Past Week ========

.

31/05/2013 21:37:24, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B} because another computer on the network has the same name. The server could not start.

31/05/2013 21:35:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

31/05/2013 21:35:26, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

31/05/2013 21:34:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

31/05/2013 21:32:26, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

31/05/2013 21:31:26, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

31/05/2013 21:29:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

31/05/2013 21:27:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

31/05/2013 21:25:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

31/05/2013 21:20:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

31/05/2013 21:17:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

31/05/2013 21:16:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

31/05/2013 21:16:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

31/05/2013 21:13:20, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

31/05/2013 21:09:50, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.

31/05/2013 21:08:03, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.

31/05/2013 21:03:00, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

31/05/2013 21:02:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

31/05/2013 21:01:00, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.

31/05/2013 21:00:00, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

31/05/2013 20:55:01, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.

31/05/2013 20:54:01, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

31/05/2013 20:52:01, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

31/05/2013 18:48:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

31/05/2013 18:41:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.

31/05/2013 18:40:30, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

31/05/2013 18:40:22, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

31/05/2013 16:18:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

31/05/2013 15:54:57, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

31/05/2013 15:52:41, Error: Service Control Manager [7022] - The Security Center service hung on starting.

31/05/2013 15:49:21, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.

31/05/2013 15:45:40, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

31/05/2013 15:45:40, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

31/05/2013 14:38:06, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

31/05/2013 14:28:34, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

31/05/2013 14:14:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.

31/05/2013 13:44:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

31/05/2013 08:08:54, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

31/05/2013 07:56:11, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2726535).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2753842).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2756921).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2847204).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2829530).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2820331).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2813956).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2799926).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2791765).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2786400).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2786081).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2840149).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2830290).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2829361).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2813170).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2807986).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2790655).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2790113).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2785220).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2770660).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2769369).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2757638).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2804579).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2789645).

30/05/2013 10:58:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599).

30/05/2013 08:16:13, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

30/05/2013 08:15:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

30/05/2013 08:15:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

30/05/2013 08:15:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SABI SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf

30/05/2013 08:15:24, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

30/05/2013 08:15:24, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

30/05/2013 08:15:24, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

30/05/2013 08:15:24, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

30/05/2013 08:15:24, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

30/05/2013 08:15:17, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

30/05/2013 08:15:16, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

30/05/2013 08:15:16, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

30/05/2013 08:15:16, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

30/05/2013 08:15:16, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

30/05/2013 07:40:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

30/05/2013 07:40:59, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

30/05/2013 07:40:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

27/05/2013 19:05:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}

03/06/2013 11:52:12, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2013 11:33:16, Error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The system cannot find the file specified.

03/06/2013 11:31:49, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

03/06/2013 11:31:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

03/06/2013 11:31:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

03/06/2013 11:31:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

03/06/2013 11:31:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

03/06/2013 11:31:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm avipbb avkmgr discache SABI SASDIFSV SASKUTIL spldr Wanarpv6

03/06/2013 11:31:08, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.

03/06/2013 11:27:24, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

03/06/2013 07:57:01, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache SABI SASDIFSV SASKUTIL spldr Wanarpv6

03/06/2013 07:33:04, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

03/06/2013 07:32:02, Error: Service Control Manager [7000] - The Avira Realtime Protection service failed to start due to the following error: The system cannot find the file specified.

03/06/2013 07:32:00, Error: Service Control Manager [7000] - The Avira Scheduler service failed to start due to the following error: The system cannot find the file specified.

03/06/2013 07:31:23, Error: Service Control Manager [7000] - The avgntflt service failed to start due to the following error: The system cannot find the file specified.

03/06/2013 07:24:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

02/06/2013 08:42:24, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

02/06/2013 08:38:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

02/06/2013 08:38:52, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

02/06/2013 08:38:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

01/06/2013 18:34:13, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

01/06/2013 18:29:31, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

01/06/2013 18:29:31, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

01/06/2013 18:29:31, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

01/06/2013 18:29:31, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

01/06/2013 18:29:31, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

01/06/2013 18:29:31, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

01/06/2013 18:29:31, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

01/06/2013 18:29:31, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

01/06/2013 18:26:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

.

==== End Of File ===========================

AdvancedSetup · June 3, 2013

Please visit the following page and download the Malwarebytes Anti-Rootkit tool.

Follow the directions at the bottom of the page. Basically open the zip file and copy the contents to a new folder.

Then double click on the mbar.exe in the mbar folder and run it. Check for updates and run the scan and post back the log.

If you have any questions please let me know.

Thanks

saharanz · June 3, 2013

Thanks for your help.

I ran the scan and its frozen on c:\windows\fonts\castelar.tff.

The emisoft scan stopped on a .ttf file in the same folder too. Should I reboot and try again?

AdvancedSetup · June 3, 2013

No, please let it run for up to may an hour more. Sometimes a computer can have thousands or in some cases millions of temporary files and that can interfere with scanners.

If it's still no moving after an hour then go ahead and reboot but then do a FULL disk check on your drive before trying to run again.

How to Run Disk Check in Windows 7

saharanz · June 3, 2013

Thanks. It's still stuck so I'll do the disk check now.

AdvancedSetup · June 3, 2013

After the disk check please run the following.

Please download tdsskiller.exe from a clean computer if needed and run on the infected computer.

Then watch the following video on using TDSSKiller. Don't remove anything, just skip and log it for now.

When completed post back the report which can be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt"

If it won't run from Normal mode Windows then try to run it from Safe Mode.

If you have any questions please let me know.

saharanz · June 3, 2013

Ok. I did the disk check, no problems.

When I tried to check the "Loaded modules" box, after reboot, the program didn't start again automatically. I started it again, but the loaded modules wasn't ticked anymore, as in the video. I went through this twice wihout any luck, so I just went ahead and scanned without it being checked.

There were 3 threats detected. Here is the Log file:

19:17:20.0130 1732 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

19:17:22.0143 1732 ============================================================

19:17:22.0143 1732 Current date / time: 2013/06/03 19:17:22.0143

19:17:22.0143 1732 SystemInfo:

19:17:22.0143 1732

19:17:22.0143 1732 OS Version: 6.1.7601 ServicePack: 1.0

19:17:22.0143 1732 Product type: Workstation

19:17:22.0143 1732 ComputerName: TEAMMACKENZIE

19:17:22.0143 1732 UserName: Team MacKenzie

19:17:22.0143 1732 Windows directory: C:\windows

19:17:22.0143 1732 System windows directory: C:\windows

19:17:22.0143 1732 Running under WOW64

19:17:22.0143 1732 Processor architecture: Intel x64

19:17:22.0143 1732 Number of processors: 8

19:17:22.0143 1732 Page size: 0x1000

19:17:22.0143 1732 Boot type: Safe boot with network

19:17:22.0143 1732 ============================================================

19:17:22.0190 1732 BG loaded

19:17:22.0595 1732 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040

19:17:22.0595 1732 ============================================================

19:17:22.0595 1732 \Device\Harddisk0\DR0:

19:17:22.0595 1732 MBR partitions:

19:17:22.0595 1732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

19:17:22.0595 1732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x21C00000

19:17:22.0611 1732 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21C33000, BlocksNum 0x328A7000

19:17:22.0611 1732 ============================================================

19:17:22.0658 1732 C: <-> \Device\Harddisk0\DR0\Partition2

19:17:22.0704 1732 D: <-> \Device\Harddisk0\DR0\Partition3

19:17:22.0704 1732 ============================================================

19:17:22.0704 1732 Initialize success

19:17:22.0704 1732 ============================================================

19:17:30.0395 1860 ============================================================

19:17:30.0395 1860 Scan started

19:17:30.0395 1860 Mode: Manual; SigCheck; TDLFS;

19:17:30.0395 1860 ============================================================

19:17:30.0567 1860 ================ Scan system memory ========================

19:17:30.0567 1860 System memory - ok

19:17:30.0567 1860 ================ Scan services =============================

19:17:30.0707 1860 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

19:17:31.0097 1860 !SASCORE ( UnsignedFile.Multi.Generic ) - warning

19:17:31.0097 1860 !SASCORE - detected UnsignedFile.Multi.Generic (1)

19:17:31.0206 1860 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

19:17:31.0269 1860 1394ohci - ok

19:17:31.0316 1860 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

19:17:31.0331 1860 ACPI - ok

19:17:31.0378 1860 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

19:17:31.0440 1860 AcpiPmi - ok

19:17:31.0518 1860 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\windows\system32\DRIVERS\acsock64.sys

19:17:32.0220 1860 acsock - ok

19:17:32.0283 1860 Ad-Aware Service - ok

19:17:32.0361 1860 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:17:32.0361 1860 AdobeARMservice - ok

19:17:32.0532 1860 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:17:32.0532 1860 AdobeFlashPlayerUpdateSvc - ok

19:17:32.0642 1860 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

19:17:32.0657 1860 adp94xx - ok

19:17:32.0688 1860 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

19:17:32.0704 1860 adpahci - ok

19:17:32.0751 1860 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

19:17:32.0766 1860 adpu320 - ok

19:17:32.0798 1860 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

19:17:32.0922 1860 AeLookupSvc - ok

19:17:32.0985 1860 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

19:17:33.0032 1860 AFD - ok

19:17:33.0094 1860 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

19:17:33.0094 1860 agp440 - ok

19:17:33.0156 1860 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

19:17:33.0188 1860 ALG - ok

19:17:33.0266 1860 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

19:17:33.0266 1860 aliide - ok

19:17:33.0266 1860 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

19:17:33.0281 1860 amdide - ok

19:17:33.0312 1860 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

19:17:33.0359 1860 AmdK8 - ok

19:17:33.0390 1860 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

19:17:33.0422 1860 AmdPPM - ok

19:17:33.0500 1860 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

19:17:33.0515 1860 amdsata - ok

19:17:33.0546 1860 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

19:17:33.0562 1860 amdsbs - ok

19:17:33.0593 1860 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

19:17:33.0593 1860 amdxata - ok

19:17:33.0656 1860 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys

19:17:33.0702 1860 AMPPAL - ok

19:17:33.0749 1860 AntiVirSchedulerService - ok

19:17:33.0749 1860 AntiVirService - ok

19:17:33.0796 1860 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

19:17:33.0952 1860 AppID - ok

19:17:33.0983 1860 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

19:17:34.0030 1860 AppIDSvc - ok

19:17:34.0092 1860 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

19:17:34.0139 1860 Appinfo - ok

19:17:34.0233 1860 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:17:34.0233 1860 Apple Mobile Device - ok

19:17:34.0311 1860 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

19:17:34.0311 1860 arc - ok

19:17:34.0342 1860 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

19:17:34.0342 1860 arcsas - ok

19:17:34.0389 1860 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

19:17:34.0451 1860 AsyncMac - ok

19:17:34.0482 1860 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

19:17:34.0482 1860 atapi - ok

19:17:34.0545 1860 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

19:17:34.0623 1860 AudioEndpointBuilder - ok

19:17:34.0623 1860 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

19:17:34.0670 1860 AudioSrv - ok

19:17:34.0685 1860 avgntflt - ok

19:17:34.0748 1860 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\windows\system32\drivers\avgtpx64.sys

19:17:34.0748 1860 avgtp - ok

19:17:34.0748 1860 avipbb - ok

19:17:34.0748 1860 avkmgr - ok

19:17:34.0810 1860 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

19:17:34.0857 1860 AxInstSV - ok

19:17:34.0919 1860 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

19:17:34.0966 1860 b06bdrv - ok

19:17:35.0013 1860 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

19:17:35.0060 1860 b57nd60a - ok

19:17:35.0122 1860 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

19:17:35.0153 1860 BDESVC - ok

19:17:35.0184 1860 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

19:17:35.0247 1860 Beep - ok

19:17:35.0294 1860 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

19:17:35.0372 1860 BFE - ok

19:17:35.0418 1860 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

19:17:35.0481 1860 BITS - ok

19:17:35.0528 1860 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

19:17:35.0559 1860 blbdrive - ok

19:17:35.0699 1860 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

19:17:35.0715 1860 Bluetooth Device Monitor - ok

19:17:35.0762 1860 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

19:17:35.0793 1860 Bluetooth Media Service - ok

19:17:35.0886 1860 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

19:17:35.0902 1860 Bluetooth OBEX Service - ok

19:17:35.0996 1860 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

19:17:35.0996 1860 Bonjour Service - ok

19:17:36.0058 1860 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

19:17:36.0089 1860 bowser - ok

19:17:36.0136 1860 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

19:17:36.0167 1860 BrFiltLo - ok

19:17:36.0183 1860 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

19:17:36.0214 1860 BrFiltUp - ok

19:17:36.0245 1860 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

19:17:36.0276 1860 Browser - ok

19:17:36.0292 1860 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

19:17:36.0323 1860 Brserid - ok

19:17:36.0339 1860 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

19:17:36.0370 1860 BrSerWdm - ok

19:17:36.0417 1860 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

19:17:36.0448 1860 BrUsbMdm - ok

19:17:36.0479 1860 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

19:17:36.0479 1860 BrUsbSer - ok

19:17:36.0557 1860 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys

19:17:36.0604 1860 BthEnum - ok

19:17:36.0635 1860 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

19:17:36.0635 1860 BTHMODEM - ok

19:17:36.0666 1860 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys

19:17:36.0698 1860 BthPan - ok

19:17:36.0729 1860 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys

19:17:36.0776 1860 BTHPORT - ok

19:17:36.0838 1860 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

19:17:36.0869 1860 bthserv - ok

19:17:36.0885 1860 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys

19:17:36.0916 1860 BTHUSB - ok

19:17:36.0963 1860 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys

19:17:36.0994 1860 btmaux ( UnsignedFile.Multi.Generic ) - warning

19:17:36.0994 1860 btmaux - detected UnsignedFile.Multi.Generic (1)

19:17:37.0056 1860 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys

19:17:37.0119 1860 btmhsf - ok

19:17:37.0181 1860 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

19:17:37.0228 1860 cdfs - ok

19:17:37.0259 1860 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

19:17:37.0275 1860 cdrom - ok

19:17:37.0322 1860 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

19:17:37.0384 1860 CertPropSvc - ok

19:17:37.0400 1860 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

19:17:37.0431 1860 circlass - ok

19:17:37.0462 1860 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

19:17:37.0478 1860 CLFS - ok

19:17:37.0524 1860 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:17:37.0540 1860 clr_optimization_v2.0.50727_32 - ok

19:17:37.0602 1860 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:17:37.0618 1860 clr_optimization_v2.0.50727_64 - ok

19:17:37.0712 1860 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:17:37.0774 1860 clr_optimization_v4.0.30319_32 - ok

19:17:37.0805 1860 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:17:37.0821 1860 clr_optimization_v4.0.30319_64 - ok

19:17:37.0836 1860 clwvd - ok

19:17:37.0868 1860 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

19:17:37.0899 1860 CmBatt - ok

19:17:37.0930 1860 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

19:17:37.0930 1860 cmdide - ok

19:17:37.0992 1860 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

19:17:38.0008 1860 CNG - ok

19:17:38.0055 1860 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

19:17:38.0070 1860 Compbatt - ok

19:17:38.0086 1860 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

19:17:38.0117 1860 CompositeBus - ok

19:17:38.0133 1860 COMSysApp - ok

19:17:38.0148 1860 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

19:17:38.0164 1860 crcdisk - ok

19:17:38.0211 1860 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

19:17:38.0242 1860 CryptSvc - ok

19:17:38.0273 1860 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

19:17:38.0336 1860 DcomLaunch - ok

19:17:38.0382 1860 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

19:17:38.0429 1860 defragsvc - ok

19:17:38.0476 1860 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

19:17:38.0538 1860 DfsC - ok

19:17:38.0585 1860 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

19:17:38.0616 1860 Dhcp - ok

19:17:38.0632 1860 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

19:17:38.0694 1860 discache - ok

19:17:38.0726 1860 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

19:17:38.0726 1860 Disk - ok

19:17:38.0772 1860 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

19:17:38.0804 1860 Dnscache - ok

19:17:38.0850 1860 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

19:17:38.0897 1860 dot3svc - ok

19:17:38.0928 1860 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

19:17:38.0975 1860 DPS - ok

19:17:39.0022 1860 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

19:17:39.0053 1860 drmkaud - ok

19:17:39.0100 1860 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

19:17:39.0131 1860 DXGKrnl - ok

19:17:39.0194 1860 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

19:17:39.0240 1860 EapHost - ok

19:17:39.0318 1860 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

19:17:39.0412 1860 ebdrv - ok

19:17:39.0443 1860 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

19:17:39.0490 1860 EFS - ok

19:17:39.0552 1860 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

19:17:39.0584 1860 ehRecvr - ok

19:17:39.0615 1860 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

19:17:39.0646 1860 ehSched - ok

19:17:39.0708 1860 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

19:17:39.0724 1860 elxstor - ok

19:17:39.0740 1860 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

19:17:39.0755 1860 ErrDev - ok

19:17:39.0833 1860 [ 9D8739A2A2173C9D27C499A3FC6EDA3F ] ETD C:\windows\system32\DRIVERS\ETD.sys

19:17:39.0833 1860 ETD - ok

19:17:39.0896 1860 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

19:17:39.0958 1860 EventSystem - ok

19:17:39.0974 1860 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

19:17:40.0020 1860 exfat - ok

19:17:40.0036 1860 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

19:17:40.0083 1860 fastfat - ok

19:17:40.0130 1860 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

19:17:40.0161 1860 Fax - ok

19:17:40.0208 1860 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

19:17:40.0223 1860 fdc - ok

19:17:40.0254 1860 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

19:17:40.0301 1860 fdPHost - ok

19:17:40.0317 1860 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

19:17:40.0364 1860 FDResPub - ok

19:17:40.0395 1860 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

19:17:40.0395 1860 FileInfo - ok

19:17:40.0410 1860 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

19:17:40.0457 1860 Filetrace - ok

19:17:40.0473 1860 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

19:17:40.0488 1860 flpydisk - ok

19:17:40.0535 1860 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

19:17:40.0535 1860 FltMgr - ok

19:17:40.0598 1860 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

19:17:40.0629 1860 FontCache - ok

19:17:40.0691 1860 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:17:40.0707 1860 FontCache3.0.0.0 - ok

19:17:40.0722 1860 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

19:17:40.0722 1860 FsDepends - ok

19:17:40.0754 1860 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

19:17:40.0769 1860 Fs_Rec - ok

19:17:40.0832 1860 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

19:17:40.0847 1860 fvevol - ok

19:17:40.0894 1860 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

19:17:40.0910 1860 gagp30kx - ok

19:17:40.0956 1860 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

19:17:40.0972 1860 GEARAspiWDM - ok

19:17:41.0019 1860 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\windows\system32\drivers\gfibto.sys

19:17:41.0034 1860 gfibto - ok

19:17:41.0066 1860 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

19:17:41.0112 1860 gpsvc - ok

19:17:41.0159 1860 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\windows\system32\drivers\grmnusb.sys

19:17:41.0159 1860 grmnusb - ok

19:17:41.0268 1860 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:17:41.0284 1860 gupdate - ok

19:17:41.0284 1860 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:17:41.0284 1860 gupdatem - ok

19:17:41.0362 1860 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:17:41.0362 1860 gusvc - ok

19:17:41.0393 1860 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

19:17:41.0424 1860 hcw85cir - ok

19:17:41.0456 1860 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

19:17:41.0487 1860 HdAudAddService - ok

19:17:41.0518 1860 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

19:17:41.0549 1860 HDAudBus - ok

19:17:41.0565 1860 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

19:17:41.0580 1860 HidBatt - ok

19:17:41.0627 1860 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys

19:17:41.0658 1860 HidBth - ok

19:17:41.0674 1860 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

19:17:41.0690 1860 HidIr - ok

19:17:41.0721 1860 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

19:17:41.0768 1860 hidserv - ok

19:17:41.0830 1860 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

19:17:41.0846 1860 HidUsb - ok

19:17:41.0861 1860 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

19:17:41.0908 1860 hkmsvc - ok

19:17:41.0955 1860 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

19:17:41.0986 1860 HomeGroupListener - ok

19:17:42.0002 1860 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

19:17:42.0033 1860 HomeGroupProvider - ok

19:17:42.0080 1860 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

19:17:42.0080 1860 HpSAMD - ok

19:17:42.0142 1860 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

19:17:42.0189 1860 HTTP - ok

19:17:42.0204 1860 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

19:17:42.0220 1860 hwpolicy - ok

19:17:42.0282 1860 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

19:17:42.0282 1860 i8042prt - ok

19:17:42.0345 1860 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

19:17:42.0360 1860 iaStor - ok

19:17:42.0423 1860 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

19:17:42.0438 1860 iaStorV - ok

19:17:42.0454 1860 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys

19:17:42.0485 1860 iBtFltCoex - ok

19:17:42.0563 1860 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

19:17:42.0594 1860 IDriverT ( UnsignedFile.Multi.Generic ) - warning

19:17:42.0594 1860 IDriverT - detected UnsignedFile.Multi.Generic (1)

19:17:42.0641 1860 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:17:42.0672 1860 idsvc - ok

19:17:42.0953 1860 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

19:17:43.0265 1860 igfx - ok

19:17:43.0312 1860 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

19:17:43.0312 1860 iirsp - ok

19:17:43.0359 1860 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

19:17:43.0406 1860 IKEEXT - ok

19:17:43.0515 1860 [ 65F70696BE5ABC11634FCF96AF7D7896 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

19:17:43.0577 1860 IntcAzAudAddService - ok

19:17:43.0624 1860 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

19:17:43.0671 1860 IntcDAud - ok

19:17:43.0686 1860 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

19:17:43.0686 1860 intelide - ok

19:17:43.0733 1860 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

19:17:43.0764 1860 intelppm - ok

19:17:43.0780 1860 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

19:17:43.0811 1860 IPBusEnum - ok

19:17:43.0842 1860 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

19:17:43.0889 1860 IpFilterDriver - ok

19:17:43.0936 1860 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

19:17:43.0998 1860 iphlpsvc - ok

19:17:44.0014 1860 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

19:17:44.0030 1860 IPMIDRV - ok

19:17:44.0061 1860 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

19:17:44.0108 1860 IPNAT - ok

19:17:44.0201 1860 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

19:17:44.0217 1860 iPod Service - ok

19:17:44.0248 1860 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

19:17:44.0279 1860 IRENUM - ok

19:17:44.0357 1860 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

19:17:44.0357 1860 isapnp - ok

19:17:44.0404 1860 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

19:17:44.0420 1860 iScsiPrt - ok

19:17:44.0451 1860 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

19:17:44.0451 1860 kbdclass - ok

19:17:44.0482 1860 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

19:17:44.0513 1860 kbdhid - ok

19:17:44.0560 1860 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

19:17:44.0560 1860 KeyIso - ok

19:17:44.0607 1860 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

19:17:44.0622 1860 KSecDD - ok

19:17:44.0654 1860 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

19:17:44.0669 1860 KSecPkg - ok

19:17:44.0685 1860 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

19:17:44.0716 1860 ksthunk - ok

19:17:44.0747 1860 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

19:17:44.0810 1860 KtmRm - ok

19:17:44.0856 1860 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

19:17:44.0903 1860 LanmanServer - ok

19:17:44.0934 1860 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

19:17:44.0981 1860 LanmanWorkstation - ok

19:17:45.0044 1860 [ 83E05435F4D2C0F0A1FD74C41DED44E5 ] LHidFilt C:\windows\system32\DRIVERS\LHidFilt.Sys

19:17:45.0044 1860 LHidFilt - ok

19:17:45.0090 1860 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

19:17:45.0137 1860 lltdio - ok

19:17:45.0184 1860 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

19:17:45.0231 1860 lltdsvc - ok

19:17:45.0246 1860 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

19:17:45.0278 1860 lmhosts - ok

19:17:45.0293 1860 [ ABCBC7271C33567D686C91CF690CF2EB ] LMouFilt C:\windows\system32\DRIVERS\LMouFilt.Sys

19:17:45.0293 1860 LMouFilt - ok

19:17:45.0371 1860 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

19:17:45.0387 1860 LMS - ok

19:17:45.0418 1860 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

19:17:45.0434 1860 LSI_FC - ok

19:17:45.0465 1860 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

19:17:45.0480 1860 LSI_SAS - ok

19:17:45.0496 1860 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

19:17:45.0496 1860 LSI_SAS2 - ok

19:17:45.0512 1860 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

19:17:45.0527 1860 LSI_SCSI - ok

19:17:45.0543 1860 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

19:17:45.0574 1860 luafv - ok

19:17:45.0621 1860 [ EF2BE2F45D4F06410A3BD2A3467325B0 ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys

19:17:45.0636 1860 LVRS64 - ok

19:17:45.0761 1860 [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64 C:\windows\system32\DRIVERS\lvuvc64.sys

19:17:45.0948 1860 LVUVC64 - ok

19:17:45.0980 1860 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

19:17:45.0980 1860 Mcx2Svc - ok

19:17:46.0011 1860 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

19:17:46.0026 1860 megasas - ok

19:17:46.0058 1860 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

19:17:46.0073 1860 MegaSR - ok

19:17:46.0120 1860 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

19:17:46.0120 1860 MEIx64 - ok

19:17:46.0198 1860 Microsoft SharePoint Workspace Audit Service - ok

19:17:46.0245 1860 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

19:17:46.0307 1860 MMCSS - ok

19:17:46.0323 1860 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

19:17:46.0370 1860 Modem - ok

19:17:46.0416 1860 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

19:17:46.0448 1860 monitor - ok

19:17:46.0463 1860 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

19:17:46.0479 1860 mouclass - ok

19:17:46.0494 1860 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

19:17:46.0510 1860 mouhid - ok

19:17:46.0541 1860 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

19:17:46.0557 1860 mountmgr - ok

19:17:46.0619 1860 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:17:46.0619 1860 MozillaMaintenance - ok

19:17:46.0650 1860 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

19:17:46.0650 1860 mpio - ok

19:17:46.0666 1860 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

19:17:46.0713 1860 mpsdrv - ok

19:17:46.0744 1860 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

19:17:46.0806 1860 MpsSvc - ok

19:17:46.0822 1860 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

19:17:46.0869 1860 MRxDAV - ok

19:17:46.0916 1860 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

19:17:46.0947 1860 mrxsmb - ok

19:17:46.0994 1860 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

19:17:46.0994 1860 mrxsmb10 - ok

19:17:47.0040 1860 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

19:17:47.0056 1860 mrxsmb20 - ok

19:17:47.0087 1860 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

19:17:47.0103 1860 msahci - ok

19:17:47.0118 1860 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

19:17:47.0118 1860 msdsm - ok

19:17:47.0134 1860 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

19:17:47.0165 1860 MSDTC - ok

19:17:47.0212 1860 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

19:17:47.0243 1860 Msfs - ok

19:17:47.0259 1860 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

19:17:47.0306 1860 mshidkmdf - ok

19:17:47.0321 1860 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

19:17:47.0337 1860 msisadrv - ok

19:17:47.0384 1860 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

19:17:47.0430 1860 MSiSCSI - ok

19:17:47.0446 1860 msiserver - ok

19:17:47.0477 1860 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

19:17:47.0508 1860 MSKSSRV - ok

19:17:47.0540 1860 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

19:17:47.0586 1860 MSPCLOCK - ok

19:17:47.0602 1860 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

19:17:47.0664 1860 MSPQM - ok

19:17:47.0696 1860 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

19:17:47.0711 1860 MsRPC - ok

19:17:47.0727 1860 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

19:17:47.0742 1860 mssmbios - ok

19:17:47.0758 1860 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

19:17:47.0789 1860 MSTEE - ok

19:17:47.0805 1860 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

19:17:47.0820 1860 MTConfig - ok

19:17:47.0867 1860 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

19:17:47.0867 1860 Mup - ok

19:17:47.0898 1860 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

19:17:47.0961 1860 napagent - ok

19:17:48.0023 1860 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

19:17:48.0054 1860 NativeWifiP - ok

19:17:48.0117 1860 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

19:17:48.0132 1860 NDIS - ok

19:17:48.0179 1860 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

19:17:48.0226 1860 NdisCap - ok

19:17:48.0257 1860 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

19:17:48.0304 1860 NdisTapi - ok

19:17:48.0335 1860 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

19:17:48.0366 1860 Ndisuio - ok

19:17:48.0398 1860 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

19:17:48.0444 1860 NdisWan - ok

19:17:48.0460 1860 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

19:17:48.0507 1860 NDProxy - ok

19:17:48.0522 1860 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

19:17:48.0569 1860 NetBIOS - ok

19:17:48.0600 1860 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

19:17:48.0647 1860 NetBT - ok

19:17:48.0663 1860 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

19:17:48.0678 1860 Netlogon - ok

19:17:48.0725 1860 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

19:17:48.0772 1860 Netman - ok

19:17:48.0803 1860 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

19:17:48.0866 1860 netprofm - ok

19:17:48.0897 1860 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:17:48.0897 1860 NetTcpPortSharing - ok

19:17:49.0100 1860 [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys

19:17:49.0224 1860 NETwNs64 - ok

19:17:49.0271 1860 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

19:17:49.0287 1860 nfrd960 - ok

19:17:49.0318 1860 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

19:17:49.0349 1860 NlaSvc - ok

19:17:49.0365 1860 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

19:17:49.0396 1860 Npfs - ok

19:17:49.0427 1860 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

19:17:49.0474 1860 nsi - ok

19:17:49.0490 1860 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

19:17:49.0536 1860 nsiproxy - ok

19:17:49.0630 1860 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

19:17:49.0661 1860 Ntfs - ok

19:17:49.0692 1860 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

19:17:49.0739 1860 Null - ok

19:17:49.0989 1860 [ 7328528DAF9B8A486E16595A35043DB0 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys

19:17:50.0332 1860 nvlddmkm - ok

19:17:50.0379 1860 [ 8AE5A124F3B65C3EC531D251A3E9C87F ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys

19:17:50.0379 1860 nvpciflt - ok

19:17:50.0410 1860 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

19:17:50.0426 1860 nvraid - ok

19:17:50.0472 1860 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

19:17:50.0472 1860 nvstor - ok

19:17:50.0550 1860 [ CEA3416907C17BB6623D9CB1E015B3C4 ] NVSvc C:\windows\system32\nvvsvc.exe

19:17:50.0566 1860 NVSvc - ok

19:17:50.0644 1860 [ 741688E5A65CC43567BCC329AE130075 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

19:17:50.0691 1860 nvUpdatusService - ok

19:17:50.0722 1860 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

19:17:50.0722 1860 nv_agp - ok

19:17:50.0738 1860 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

19:17:50.0738 1860 ohci1394 - ok

19:17:50.0847 1860 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:17:50.0847 1860 ose - ok

19:17:51.0018 1860 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:17:51.0190 1860 osppsvc - ok

19:17:51.0237 1860 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

19:17:51.0268 1860 p2pimsvc - ok

19:17:51.0315 1860 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

19:17:51.0346 1860 p2psvc - ok

19:17:51.0377 1860 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

19:17:51.0408 1860 Parport - ok

19:17:51.0440 1860 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

19:17:51.0455 1860 partmgr - ok

19:17:51.0471 1860 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

19:17:51.0502 1860 PcaSvc - ok

19:17:51.0533 1860 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

19:17:51.0533 1860 pci - ok

19:17:51.0549 1860 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

19:17:51.0564 1860 pciide - ok

19:17:51.0580 1860 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

19:17:51.0596 1860 pcmcia - ok

19:17:51.0611 1860 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

19:17:51.0627 1860 pcw - ok

19:17:51.0658 1860 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

19:17:51.0720 1860 PEAUTH - ok

19:17:51.0783 1860 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

19:17:51.0845 1860 PerfHost - ok

19:17:51.0908 1860 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

19:17:51.0986 1860 pla - ok

19:17:52.0032 1860 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

19:17:52.0064 1860 PlugPlay - ok

19:17:52.0095 1860 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

19:17:52.0126 1860 PNRPAutoReg - ok

19:17:52.0142 1860 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

19:17:52.0157 1860 PNRPsvc - ok

19:17:52.0188 1860 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

19:17:52.0235 1860 PolicyAgent - ok

19:17:52.0266 1860 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

19:17:52.0313 1860 Power - ok

19:17:52.0360 1860 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

19:17:52.0376 1860 PptpMiniport - ok

19:17:52.0391 1860 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

19:17:52.0422 1860 Processor - ok

19:17:52.0485 1860 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

19:17:52.0500 1860 ProfSvc - ok

19:17:52.0516 1860 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

19:17:52.0532 1860 ProtectedStorage - ok

19:17:52.0578 1860 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

19:17:52.0625 1860 Psched - ok

19:17:52.0703 1860 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

19:17:52.0750 1860 ql2300 - ok

19:17:52.0766 1860 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

19:17:52.0766 1860 ql40xx - ok

19:17:52.0812 1860 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

19:17:52.0828 1860 QWAVE - ok

19:17:52.0844 1860 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

19:17:52.0875 1860 QWAVEdrv - ok

19:17:52.0906 1860 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

19:17:52.0953 1860 RasAcd - ok

19:17:52.0984 1860 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

19:17:53.0031 1860 RasAgileVpn - ok

19:17:53.0046 1860 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

19:17:53.0093 1860 RasAuto - ok

19:17:53.0109 1860 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

19:17:53.0171 1860 Rasl2tp - ok

19:17:53.0187 1860 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

19:17:53.0234 1860 RasMan - ok

19:17:53.0280 1860 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

19:17:53.0327 1860 RasPppoe - ok

19:17:53.0343 1860 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

19:17:53.0374 1860 RasSstp - ok

19:17:53.0390 1860 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

19:17:53.0421 1860 rdbss - ok

19:17:53.0436 1860 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

19:17:53.0468 1860 rdpbus - ok

19:17:53.0483 1860 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

19:17:53.0514 1860 RDPCDD - ok

19:17:53.0561 1860 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

19:17:53.0608 1860 RDPENCDD - ok

19:17:53.0624 1860 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

19:17:53.0670 1860 RDPREFMP - ok

19:17:53.0717 1860 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

19:17:53.0733 1860 RDPWD - ok

19:17:53.0780 1860 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

19:17:53.0780 1860 rdyboost - ok

19:17:53.0811 1860 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

19:17:53.0842 1860 RemoteAccess - ok

19:17:53.0873 1860 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

19:17:53.0920 1860 RemoteRegistry - ok

19:17:53.0982 1860 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys

19:17:53.0998 1860 RFCOMM - ok

19:17:54.0060 1860 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

19:17:54.0107 1860 RpcEptMapper - ok

19:17:54.0138 1860 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

19:17:54.0138 1860 RpcLocator - ok

19:17:54.0170 1860 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

19:17:54.0201 1860 RpcSs - ok

19:17:54.0248 1860 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

19:17:54.0279 1860 rspndr - ok

19:17:54.0326 1860 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

19:17:54.0341 1860 RTL8167 - ok

19:17:54.0419 1860 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys

19:17:54.0435 1860 rtport - ok

19:17:54.0450 1860 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys

19:17:54.0482 1860 SABI - ok

19:17:54.0497 1860 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

19:17:54.0513 1860 SamSs - ok

19:17:54.0591 1860 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe

19:17:54.0591 1860 Samsung UPD Service - ok

19:17:54.0700 1860 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

19:17:54.0716 1860 SASDIFSV - ok

19:17:54.0731 1860 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

19:17:54.0747 1860 SASKUTIL - ok

19:17:54.0778 1860 SBAMSvc - ok

19:17:54.0825 1860 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

19:17:54.0840 1860 sbp2port - ok

19:17:54.0887 1860 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

19:17:54.0934 1860 SCardSvr - ok

19:17:54.0950 1860 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

19:17:54.0981 1860 scfilter - ok

19:17:55.0012 1860 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

19:17:55.0059 1860 Schedule - ok

19:17:55.0090 1860 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

19:17:55.0121 1860 SCPolicySvc - ok

19:17:55.0152 1860 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

19:17:55.0184 1860 SDRSVC - ok

19:17:55.0215 1860 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

19:17:55.0262 1860 secdrv - ok

19:17:55.0293 1860 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

19:17:55.0340 1860 seclogon - ok

19:17:55.0355 1860 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

19:17:55.0402 1860 SENS - ok

19:17:55.0449 1860 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

19:17:55.0464 1860 SensrSvc - ok

19:17:55.0496 1860 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

19:17:55.0527 1860 Serenum - ok

19:17:55.0558 1860 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

19:17:55.0589 1860 Serial - ok

19:17:55.0605 1860 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

19:17:55.0620 1860 sermouse - ok

19:17:55.0636 1860 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

19:17:55.0698 1860 SessionEnv - ok

19:17:55.0698 1860 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

19:17:55.0714 1860 sffdisk - ok

19:17:55.0714 1860 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

19:17:55.0745 1860 sffp_mmc - ok

19:17:55.0745 1860 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

19:17:55.0761 1860 sffp_sd - ok

19:17:55.0761 1860 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

19:17:55.0776 1860 sfloppy - ok

19:17:55.0823 1860 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

19:17:55.0886 1860 SharedAccess - ok

19:17:55.0932 1860 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

19:17:55.0979 1860 ShellHWDetection - ok

19:17:56.0010 1860 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

19:17:56.0010 1860 SiSRaid2 - ok

19:17:56.0042 1860 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

19:17:56.0057 1860 SiSRaid4 - ok

19:17:56.0213 1860 [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

19:17:56.0276 1860 Skype C2C Service - ok

19:17:56.0400 1860 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

19:17:56.0400 1860 SkypeUpdate - ok

19:17:56.0447 1860 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

19:17:56.0510 1860 Smb - ok

19:17:56.0572 1860 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

19:17:56.0588 1860 SNMPTRAP - ok

19:17:56.0634 1860 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

19:17:56.0634 1860 spldr - ok

19:17:56.0681 1860 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

19:17:56.0697 1860 Spooler - ok

19:17:56.0775 1860 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

19:17:56.0868 1860 sppsvc - ok

19:17:56.0884 1860 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

19:17:56.0931 1860 sppuinotify - ok

19:17:56.0946 1860 SPUVCbv - ok

19:17:56.0993 1860 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

19:17:57.0009 1860 srv - ok

19:17:57.0056 1860 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

19:17:57.0071 1860 srv2 - ok

19:17:57.0118 1860 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

19:17:57.0149 1860 srvnet - ok

19:17:57.0196 1860 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

19:17:57.0258 1860 SSDPSRV - ok

19:17:57.0274 1860 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

19:17:57.0321 1860 SstpSvc - ok

19:17:57.0352 1860 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

19:17:57.0368 1860 stexstor - ok

19:17:57.0383 1860 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys

19:17:57.0399 1860 StillCam - ok

19:17:57.0461 1860 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

19:17:57.0492 1860 stisvc - ok

19:17:57.0508 1860 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

19:17:57.0524 1860 swenum - ok

19:17:57.0570 1860 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

19:17:57.0617 1860 swprv - ok

19:17:57.0680 1860 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

19:17:57.0726 1860 SysMain - ok

19:17:57.0773 1860 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

19:17:57.0773 1860 TabletInputService - ok

19:17:57.0804 1860 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

19:17:57.0851 1860 TapiSrv - ok

19:17:57.0867 1860 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

19:17:57.0914 1860 TBS - ok

19:17:58.0023 1860 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys

19:17:58.0070 1860 Tcpip - ok

19:17:58.0101 1860 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

19:17:58.0132 1860 TCPIP6 - ok

19:17:58.0179 1860 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

19:17:58.0194 1860 tcpipreg - ok

19:17:58.0226 1860 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

19:17:58.0257 1860 TDPIPE - ok

19:17:58.0288 1860 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

19:17:58.0319 1860 TDTCP - ok

19:17:58.0350 1860 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

19:17:58.0382 1860 tdx - ok

19:17:58.0397 1860 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

19:17:58.0413 1860 TermDD - ok

19:17:58.0460 1860 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

19:17:58.0522 1860 TermService - ok

19:17:58.0538 1860 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

19:17:58.0553 1860 Themes - ok

19:17:58.0584 1860 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

19:17:58.0616 1860 THREADORDER - ok

19:17:58.0662 1860 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

19:17:58.0709 1860 TrkWks - ok

19:17:58.0772 1860 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

19:17:58.0803 1860 TrustedInstaller - ok

19:17:58.0818 1860 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

19:17:58.0865 1860 tssecsrv - ok

19:17:58.0896 1860 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

19:17:58.0912 1860 TsUsbFlt - ok

19:17:58.0943 1860 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

19:17:58.0974 1860 TsUsbGD - ok

19:17:59.0006 1860 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

19:17:59.0037 1860 tunnel - ok

19:17:59.0099 1860 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys

19:17:59.0115 1860 TurboB - ok

19:17:59.0193 1860 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

19:17:59.0208 1860 TurboBoost - ok

19:17:59.0224 1860 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

19:17:59.0224 1860 uagp35 - ok

19:17:59.0255 1860 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

19:17:59.0318 1860 udfs - ok

19:17:59.0364 1860 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

19:17:59.0396 1860 UI0Detect - ok

19:17:59.0427 1860 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

19:17:59.0442 1860 uliagpkx - ok

19:17:59.0474 1860 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

19:17:59.0489 1860 umbus - ok

19:17:59.0489 1860 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

19:17:59.0505 1860 UmPass - ok

19:17:59.0645 1860 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

19:17:59.0692 1860 UNS - ok

19:17:59.0723 1860 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

19:17:59.0770 1860 upnphost - ok

19:17:59.0832 1860 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

19:17:59.0848 1860 USBAAPL64 - ok

19:17:59.0895 1860 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys

19:17:59.0926 1860 usbaudio - ok

19:17:59.0973 1860 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

19:18:00.0004 1860 usbccgp - ok

19:18:00.0066 1860 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

19:18:00.0098 1860 usbcir - ok

19:18:00.0144 1860 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys

19:18:00.0176 1860 usbehci - ok

19:18:00.0207 1860 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

19:18:00.0222 1860 usbhub - ok

19:18:00.0269 1860 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

19:18:00.0285 1860 usbohci - ok

19:18:00.0332 1860 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

19:18:00.0363 1860 usbprint - ok

19:18:00.0394 1860 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

19:18:00.0425 1860 usbscan - ok

19:18:00.0456 1860 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

19:18:00.0488 1860 USBSTOR - ok

19:18:00.0503 1860 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

19:18:00.0519 1860 usbuhci - ok

19:18:00.0566 1860 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

19:18:00.0597 1860 usbvideo - ok

19:18:00.0628 1860 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

19:18:00.0675 1860 UxSms - ok

19:18:00.0690 1860 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

19:18:00.0706 1860 VaultSvc - ok

19:18:00.0768 1860 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

19:18:00.0768 1860 vdrvroot - ok

19:18:00.0800 1860 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

19:18:00.0846 1860 vds - ok

19:18:00.0862 1860 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

19:18:00.0862 1860 vga - ok

19:18:00.0893 1860 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

19:18:00.0940 1860 VgaSave - ok

19:18:00.0956 1860 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

19:18:00.0971 1860 vhdmp - ok

19:18:00.0987 1860 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

19:18:00.0987 1860 viaide - ok

19:18:01.0018 1860 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

19:18:01.0018 1860 volmgr - ok

19:18:01.0049 1860 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

19:18:01.0065 1860 volmgrx - ok

19:18:01.0080 1860 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

19:18:01.0096 1860 volsnap - ok

19:18:01.0205 1860 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

19:18:01.0205 1860 vpnagent - ok

19:18:01.0252 1860 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\windows\system32\DRIVERS\vpnva64.sys

19:18:01.0268 1860 vpnva - ok

19:18:01.0314 1860 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

19:18:01.0330 1860 vsmraid - ok

19:18:01.0377 1860 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

19:18:01.0439 1860 VSS - ok

19:18:01.0580 1860 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

19:18:01.0595 1860 vToolbarUpdater14.2.0 - ok

19:18:01.0611 1860 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

19:18:01.0658 1860 vwifibus - ok

19:18:01.0704 1860 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

19:18:01.0736 1860 vwififlt - ok

19:18:01.0798 1860 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

19:18:01.0798 1860 vwifimp - ok

19:18:01.0829 1860 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

19:18:01.0876 1860 W32Time - ok

19:18:01.0907 1860 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

19:18:01.0907 1860 WacomPen - ok

19:18:01.0970 1860 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

19:18:02.0001 1860 WANARP - ok

19:18:02.0001 1860 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

19:18:02.0032 1860 Wanarpv6 - ok

19:18:02.0110 1860 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

19:18:02.0141 1860 WatAdminSvc - ok

19:18:02.0188 1860 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

19:18:02.0235 1860 wbengine - ok

19:18:02.0250 1860 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

19:18:02.0266 1860 WbioSrvc - ok

19:18:02.0313 1860 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

19:18:02.0344 1860 wcncsvc - ok

19:18:02.0375 1860 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

19:18:02.0375 1860 WcsPlugInService - ok

19:18:02.0406 1860 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

19:18:02.0406 1860 Wd - ok

19:18:02.0453 1860 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

19:18:02.0484 1860 Wdf01000 - ok

19:18:02.0500 1860 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

19:18:02.0531 1860 WdiServiceHost - ok

19:18:02.0531 1860 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

19:18:02.0547 1860 WdiSystemHost - ok

19:18:02.0578 1860 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

19:18:02.0609 1860 WebClient - ok

19:18:02.0640 1860 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

19:18:02.0687 1860 Wecsvc - ok

19:18:02.0703 1860 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

19:18:02.0750 1860 wercplsupport - ok

19:18:02.0781 1860 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

19:18:02.0843 1860 WerSvc - ok

19:18:02.0859 1860 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

19:18:02.0890 1860 WfpLwf - ok

19:18:02.0921 1860 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

19:18:02.0937 1860 WIMMount - ok

19:18:02.0952 1860 WinDefend - ok

19:18:02.0952 1860 WinHttpAutoProxySvc - ok

19:18:03.0062 1860 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

19:18:03.0108 1860 Winmgmt - ok

19:18:03.0171 1860 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

19:18:03.0233 1860 WinRM - ok

19:18:03.0296 1860 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

19:18:03.0311 1860 WinUsb - ok

19:18:03.0342 1860 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

19:18:03.0389 1860 Wlansvc - ok

19:18:03.0405 1860 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

19:18:03.0405 1860 WmiAcpi - ok

19:18:03.0436 1860 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

19:18:03.0467 1860 wmiApSrv - ok

19:18:03.0514 1860 WMPNetworkSvc - ok

19:18:03.0530 1860 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

19:18:03.0545 1860 WPCSvc - ok

19:18:03.0561 1860 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

19:18:03.0576 1860 WPDBusEnum - ok

19:18:03.0608 1860 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

19:18:03.0639 1860 ws2ifsl - ok

19:18:03.0670 1860 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

19:18:03.0701 1860 wscsvc - ok

19:18:03.0701 1860 WSearch - ok

19:18:03.0764 1860 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

19:18:03.0826 1860 wuauserv - ok

19:18:03.0873 1860 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

19:18:03.0904 1860 WudfPf - ok

19:18:03.0935 1860 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

19:18:03.0966 1860 WUDFRd - ok

19:18:03.0998 1860 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

19:18:04.0013 1860 wudfsvc - ok

19:18:04.0044 1860 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

19:18:04.0060 1860 WwanSvc - ok

19:18:04.0091 1860 ================ Scan global ===============================

19:18:04.0122 1860 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

19:18:04.0169 1860 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll

19:18:04.0200 1860 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

19:18:04.0232 1860 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

19:18:04.0232 1860 [Global] - ok

19:18:04.0232 1860 ================ Scan MBR ==================================

19:18:04.0247 1860 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0

19:18:04.0559 1860 \Device\Harddisk0\DR0 - ok

19:18:04.0559 1860 ================ Scan VBR ==================================

19:18:04.0559 1860 [ 38DD50D3301EBB472A272200CBA114EA ] \Device\Harddisk0\DR0\Partition1

19:18:04.0559 1860 \Device\Harddisk0\DR0\Partition1 - ok

19:18:04.0590 1860 [ CBB254E8CB807B2653EF65D8D68CF893 ] \Device\Harddisk0\DR0\Partition2

19:18:04.0590 1860 \Device\Harddisk0\DR0\Partition2 - ok

19:18:04.0622 1860 [ 4CA87D9F99D244BE7B932758D4F6DF50 ] \Device\Harddisk0\DR0\Partition3

19:18:04.0622 1860 \Device\Harddisk0\DR0\Partition3 - ok

19:18:04.0622 1860 ============================================================

19:18:04.0622 1860 Scan finished

19:18:04.0622 1860 ============================================================

19:18:04.0622 1992 Detected object count: 3

19:18:04.0622 1992 Actual detected object count: 3

19:18:26.0150 1992 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user

19:18:26.0150 1992 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:18:26.0150 1992 btmaux ( UnsignedFile.Multi.Generic ) - skipped by user

19:18:26.0150 1992 btmaux ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:18:26.0150 1992 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

19:18:26.0150 1992 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:18:35.0728 1720 Deinitialize success

saharanz · June 3, 2013

Sorry, a bit more info. I had to scan in Safe mode. The computer freezes in normal mode after getting lots of errors. I did try going in normal mode. As soon as it boots the first thing it does at the moment is opens an installer for Ad-aware. I removed this from my computer a long time ago. I have no idea why it is trying to intall itself now? It doesn't install anyway, th computer freezes first.

AdvancedSetup · June 4, 2013

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & attach the C:\Combofix.txt log

and tell me, How is the system now

Re-enable your antivirus program.

saharanz · June 4, 2013

Thanks very much for your help. I really appreciate it.

I followed the instructions for combofix. Everything was fine till I ran it and it came up with a message to close Avira, as it was running. I checked everywhere but as far as I can see its uninstalled and I can't find it anywhere on the computer. So I said ok to let combofix run anyway. I hope this was the right thing to do.

Anyway, it's been sitting on complete stage 3 for over an hour now.....

AdvancedSetup · June 4, 2013

Go ahead then and force restart the computer and go into Safe Mode (tap the F8 key during reboot) and try to run Combofix again from there.

Getting late here so I'll check back on you again sometime tomorrow.

saharanz · June 4, 2013

I rebooted and ran combofix again. I was in safe mode the first time too. normal mode isnt working still. Same deal with the Avira message, which I accepted. It's been stuck in the same place (completed stage 3) for almost two hours now. I'll leave it on overnight tonight and cross my fingers it's just taking its time...

saharanz · June 4, 2013

Well, it actually finished! was quite surprised when I got up this morning.

Anyway, here is the log:

ComboFix 13-06-03.06 - Team MacKenzie 04/06/2013 19:13:44.2.8 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.5221 [GMT 10:00]

Running from: c:\users\Team MacKenzie\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Team MacKenzie\AppData\Roaming\Microsoft\Windows\Recent\SoudBible.com.url

.

((((((((((((((((((((((((( Files Created from 2013-05-04 to 2013-06-04 )))))))))))))))))))))))))))))))

.

2013-06-04 11:44 . 2013-06-04 11:44 -------- d-----w- c:\users\UpdatusUser.TeamMacKenzie\AppData\Local\temp

2013-06-04 11:44 . 2013-06-04 11:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-03 05:48 . 2013-06-03 06:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-03 05:48 . 2013-06-03 06:11 162008 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-06-03 03:42 . 2013-06-03 05:48 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-06-02 22:00 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-06-02 22:00 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-06-02 22:00 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-06-02 22:00 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-06-02 22:00 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-06-02 22:00 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-02 22:00 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-06-02 22:00 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-06-02 22:00 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-06-02 21:43 . 2013-06-02 21:43 -------- d-----w- C:\3ae3b71526c007986eeb86

2013-06-02 21:42 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr

2013-06-02 21:42 . 2013-06-02 21:42 -------- d-----w- c:\program files\AVAST Software

2013-06-02 21:24 . 2013-06-02 21:59 -------- d-----w- c:\programdata\AVAST Software

2013-06-02 11:53 . 2013-06-02 12:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-06-02 11:53 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-30 09:49 . 2013-05-13 15:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF522546-7A0E-4058-AD0E-71DB7864C1B3}\mpengine.dll

2013-05-30 03:26 . 2013-05-11 22:27 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2013-05-14 03:31 . 2013-05-14 03:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-05-14 03:31 . 2013-05-14 03:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-19 22:43 . 2013-01-05 04:59 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-19 22:43 . 2011-12-03 09:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-01 16:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-03-25 20:39 . 2013-03-25 20:39 4546560 ----a-w- c:\windows\SysWow64\GPhotos.scr

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-02-19 08:56 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-19 1929392]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]

"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-03 1466760]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-19 1151152]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"727CE96E-45BA-4175-9CF4-C7E1AF6A3326"="start" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]

R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]

R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]

R3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-09 20:13 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 22:43]

.

2013-06-02 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-06-02 08:58]

.

2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 15:32]

.

2013-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-10 15:32]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Team MacKenzie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-24 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-24 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-24 418584]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 2184520]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 243216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\Team MacKenzie\AppData\Roaming\Mozilla\Firefox\Profiles\bje3w57u.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files (x86)\blekkotb\auxi\blekkoAu.dll

BHO-{26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files (x86)\blekkotb\blekkoDx.dll

Toolbar-Locked - (no file)

Toolbar-{26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files (x86)\blekkotb\blekkoDx.dll

Wow6432Node-HKLM-Run-Anti-phishing Domain Advisor - c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe

Wow6432Node-HKLM-Run-avgnt - c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe

SafeBoot-52992489.sys

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe

AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe

AddRemove-Amazon MP3-Downloader - c:\program files (x86)\Amazon\MP3 Downloader\Uninstall.exe

AddRemove-Anti-phishing Domain Advisor - c:\programdata\Anti-phishing Domain Advisor\uninstall.exe

AddRemove-blekkotb - c:\program files (x86)\blekkotb\uninstall.exe

AddRemove-CamToPrint - c:\program files (x86)\CamToPrint\Uninstall_CamToPrint.exe

AddRemove-Easy-WebPrint EX - c:\program files (x86)\Canon\Easy-WebPrint EX\Maint.exe

AddRemove-HandBrake - c:\program files\Handbrake\uninst.exe

AddRemove-Sunplus SPUVCb - c:\program files (x86)\SC_WebCam\uninstall.exe

AddRemove-{9A8E4762-3331-4EDB-8E1F-B11179DDBC00} - c:\program files (x86)\InstallShield Installation Information\{9A8E4762-3331-4EDB-8E1F-B11179DDBC00}\setup.exe

AddRemove-{AD86049C-3D9C-43E1-BE73-643F57D83D50} - c:\program files (x86)\InstallShield Installation Information\{AD86049C-3D9C-43E1-BE73-643F57D83D50}\setup.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-04 21:46:58

ComboFix-quarantined-files.txt 2013-06-04 11:46

.

Pre-Run: 87,561,728,000 bytes free

Post-Run: 88,674,611,200 bytes free

.

- - End Of File - - C7E08EBBED0932DD21676837DC1A04D6

saharanz · June 4, 2013

I've just restarted after the Combofix ran.

On loading I have a black screen with an empty dos prompt box, headed c:\\windows\system32\cmd.exe and an error box with the following message:

Windows cannot find the file '727CE96E-45BA-4157-9CF4-C7E1AF6A3326.exe'. Make sure you typed the name correctly, and then try again.

Aside from that it seems to be running ok. Normal mode is working!!! I didn't get any of the normal errors I get at start up.

AdvancedSetup · June 4, 2013

Please uninstall the following software for now.

AVG Secure Search

Then reboot the computer again and make sure it starts up in Normal Mode again and then run the following scans.

STEP 1

Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 2

Please download AdwCleaner by Xplode to your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
If prompted by the User Account Control click Yes to allow it to run.
Under Actions click on the Delete button.
Click OK on all prompts.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the entire contents of that logfile to your next reply.
You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

STEP 3

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

STEP 4

Please run MBAM and check for updates and then do a Quick Scan and post back the log.

STEP 5

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

DDS.txt
Attach.txt

Save both reports to your desktop
Please include the following logs in your next reply: DDS.txt and Attach.txt
You can ignore the note about zipping the Attach.txt file in most cases.

Thanks

saharanz · June 4, 2013

Ok. I uninstalled the AVG thing. I had to download and install Revo to get rid of it. It just kept coming back. I had uninstalled ages ago, it was quite persistent.

I still keep getting a windows installer box popping up randomly trying to install Adaware. I am unable to install it at the moment. I get errors with both normal uninstall and with revo.

Anyway, here are the logs you asked for:

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Team MacKenzie on 05/06/2013 at 9:05:23.11

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 05/06/2013 at 9:09:07.14

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

saharanz · June 4, 2013

# AdwCleaner v2.301 - Logfile created 06/05/2013 at 09:19:20

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Team MacKenzie - TEAMMACKENZIE

# Boot Mode : Normal

# Running from : C:\Users\Team MacKenzie\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : vToolbarUpdater14.2.0

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Team MacKenzie\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKLM\Software\adawaretb

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F12770-E60E-4DC6-9105-425BFACE7C73}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{26C9E18C-3717-4BE1-A225-04E4471F5B6E}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-GB)

File : C:\Users\Team MacKenzie\AppData\Roaming\Mozilla\Firefox\Profiles\szuv1zmq.default-1370383676602\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Team MacKenzie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [3976 octets] - [05/06/2013 09:19:20]

########## EOF - C:\AdwCleaner[s1].txt - [4036 octets] ##########

MiniToolBox by Farbar Version:21-04-2013

Ran by Team MacKenzie (administrator) on 05-06-2013 at 09:23:15

Running from "C:\Users\Team MacKenzie\Desktop"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 130 = Wireless Network Connection (Connected)

Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 = Local Area Connection 2 (Hardware not present)

Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global icmpredirects=enabled

add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=10.0.0.5 metric=1 publish=Yes

set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled metric=1 nud=enabled

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : TeamMacKenzie

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter

Physical Address. . . . . . . . . : DC-A9-71-34-B6-A7

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 130

Physical Address. . . . . . . . . : DC-A9-71-34-B6-A6

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::f514:9178:d698:a151%14(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : 05 June 2013 09:20:34

Lease Expires . . . . . . . . . . : 06 June 2013 09:20:40

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DHCPv6 IAID . . . . . . . . . . . : 383560049

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-53-EF-DA-E8-11-32-C7-08-60

DNS Servers . . . . . . . . . . . : 192.168.0.1

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : E8-11-32-C7-08-60

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

Physical Address. . . . . . . . . : DC-A9-71-34-B6-AA

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EEA9FF8C-43FE-45AA-AB5B-10D8D9BE997B}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:180a:1437:3f57:fffd(Preferred)

Link-local IPv6 Address . . . . . : fe80::180a:1437:3f57:fffd%19(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.

timeout was 2 seconds.

Server: UnKnown

Address: 192.168.0.1

Name: google.com

Addresses: 2404:6800:4006:802::1007

220.244.223.178

220.244.223.187

220.244.223.168

220.244.223.153

220.244.223.157

220.244.223.148

220.244.223.167

220.244.223.163

220.244.223.162

220.244.223.183

220.244.223.152

220.244.223.182

220.244.223.173

220.244.223.158

220.244.223.177

220.244.223.172

Pinging google.com [220.244.223.178] with 32 bytes of data:

Reply from 220.244.223.178: bytes=32 time=20ms TTL=60

Reply from 220.244.223.178: bytes=32 time=19ms TTL=60

Ping statistics for 220.244.223.178:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 20ms, Average = 19ms

DNS request timed out.

timeout was 2 seconds.

Server: UnKnown

Address: 192.168.0.1

DNS request timed out.

timeout was 2 seconds.

Name: yahoo.com

Addresses: 98.139.183.24

206.190.36.45

98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=446ms TTL=50

Reply from 98.139.183.24: bytes=32 time=462ms TTL=51

Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 446ms, Maximum = 462ms, Average = 454ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

17...dc a9 71 34 b6 a7 ......Microsoft Virtual WiFi Miniport Adapter

14...dc a9 71 34 b6 a6 ......Intel® Centrino® Wireless-N 130

13...e8 11 32 c7 08 60 ......Realtek PCIe GBE Family Controller

11...dc a9 71 34 b6 aa ......Bluetooth Device (Personal Area Network)

1...........................Software Loopback Interface 1

20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.0.0 255.255.255.0 On-link 192.168.0.2 281

192.168.0.2 255.255.255.255 On-link 192.168.0.2 281

192.168.0.255 255.255.255.255 On-link 192.168.0.2 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.0.2 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.0.2 281

===========================================================================

Persistent Routes:

Network Address Netmask Gateway Address Metric

169.254.0.0 255.255.0.0 10.0.0.5 1

===========================================================================

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

19 58 ::/0 On-link

1 306 ::1/128 On-link

19 58 2001::/32 On-link

19 306 2001:0:9d38:953c:180a:1437:3f57:fffd/128

On-link

14 281 fe80::/64 On-link

19 306 fe80::/64 On-link

19 306 fe80::180a:1437:3f57:fffd/128

On-link

14 281 fe80::f514:9178:d698:a151/128

On-link

1 306 ff00::/8 On-link

19 306 ff00::/8 On-link

14 281 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)

Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)

x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (06/05/2013 09:22:03 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (06/05/2013 09:23:24 AM) (Source: Service Control Manager) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%1053

Error: (06/05/2013 09:23:24 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (06/05/2013 09:21:22 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

avipbb

avkmgr

Error: (06/05/2013 09:20:44 AM) (Source: Service Control Manager) (User: )

Description: The Ad-Aware service failed to start due to the following error:

%%2

Error: (06/05/2013 09:20:42 AM) (Source: Service Control Manager) (User: )

Description: The Avira Realtime Protection service failed to start due to the following error:

%%2

Error: (06/05/2013 09:20:41 AM) (Source: Service Control Manager) (User: )

Description: The Ad-Aware Service service failed to start due to the following error:

%%2

Error: (06/05/2013 09:20:34 AM) (Source: Service Control Manager) (User: )

Description: The Avira Scheduler service failed to start due to the following error:

%%2

Error: (06/05/2013 09:20:21 AM) (Source: Service Control Manager) (User: )

Description: The avgntflt service failed to start due to the following error:

%%2

Microsoft Office Sessions:

=========================

Error: (06/05/2013 09:22:03 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:

===================================

Date: 2013-06-04 21:44:14.162

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-04 21:44:14.147

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-07 17:26:13.165

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-07 17:26:13.149

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-07 17:04:54.932

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-07 17:04:54.932

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-07 14:56:25.549

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-07 14:56:25.509

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-09 21:20:50.994

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-09 21:20:50.994

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\iBtFltCoex.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Ad-Aware Antivirus (Version: 10.4.49.4168)

Adobe AIR (Version: 3.1.0.4880)

Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)

Adobe Flash Player 11 Plugin (Version: 11.6.602.180)

Adobe Photoshop Lightroom 4.2 64-bit (Version: 4.2.1)

Adobe Reader XI (11.0.03) (Version: 11.0.03)

Amazon MP3-Downloader 1.0.9

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

Atheros Client Installation Program (Version: 9.0)

Bonjour (Version: 3.0.0.10)

CamToPrint (Version: 5.5.1.0)

Canon Easy-WebPrint EX

Canon MP Navigator EX 3.0

Canon MP640 series MP Drivers

Canon MP640 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

CDDRV_Installer (Version: 4.60)

Cisco AnyConnect Secure Mobility Client (Version: 3.1.01065)

CyberLink Power2Go (Version: 6.1.3802)

Dropbox (Version: 1.6.16)

Easy Content Share (Version: 1.0)

Easy Migration (Version: 1.0)

EasyFileShare (Version: 1.0.12)

Eco Mode (Version: 1.0.0.11)

erLT (Version: 1.20.0137)

ETDWare PS/2-X64 8.0.7.2_WHQL (Version: 8.0.7.2)

File Uploader (Version: 1.2.5)

Garmin Communicator Plugin (Version: 4.0.1)

Garmin Communicator Plugin x64 (Version: 4.0.3)

Garmin Lifetime Updater (Version: 2.1.11)

Garmin USB Drivers (Version: 2.3.1.0)

Garmin WebUpdater (Version: 2.5.6)

Google Chrome (Version: 26.0.1410.64)

Google Earth Plug-in (Version: 7.0.3.8542)

Google Update Helper (Version: 1.3.21.135)

GPL Ghostscript 8.71

GSview 4.9

HandBrake 0.9.8 (Version: 0.9.8)

iCloud (Version: 2.1.1.3)

Intel PROSet Wireless

Intel® Control Center (Version: 1.2.1.1007)

Intel® Management Engine Components (Version: 7.0.0.1144)

Intel® Processor Graphics (Version: 8.15.10.2266)

Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.1.0.0537)

Intel® PROSet/Wireless WiFi-Software (Version: 14.2.1000)

Intel® Rapid Storage Technology (Version: 10.1.5.1001)

Interactive Guide (Version: 1.1)

iTunes (Version: 11.0.2.26)

Java 7 Update 15 (Version: 7.0.150)

Java Auto Updater (Version: 2.1.9.0)

Java 6 Update 29 (Version: 6.0.290)

KhalInstallWrapper (Version: 4.72.40)

Logitech SetPoint (Version: 4.72)

Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 4.0.50401.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

MiKTeX 2.9 (Version: 2.9)

Mozilla Firefox 20.0.1 (x86 en-GB) (Version: 20.0.1)

Mozilla Maintenance Service (Version: 20.0.1)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Nikon Message Center (Version: 0.92.000)

Nikon Message Center 2 (Version: 2.0.1)

Nikon Movie Editor (Version: 2.2.4)

Nikon Transfer (Version: 1.5.3)

NVIDIA Control Panel 267.54 (Version: 267.54)

NVIDIA Graphics Driver 267.54 (Version: 267.54)

NVIDIA Install Application (Version: 2.265.39.0)

NVIDIA Optimus 1.0.21 (Version: 1.0.21)

NVIDIA Update Components (Version: 1.0.21)

PeaZip 4.7.2

Picasa 3 (Version: 3.9)

Picture Control Utility (Version: 1.4.1)

QuickTime (Version: 7.73.80.64)

Realtek Ethernet Controller Driver (Version: 7.44.421.2011)

Realtek High Definition Audio Driver (Version: 6.0.1.6400)

Revo Uninstaller 1.93 (Version: 1.93)

Revo Uninstaller Pro 3.0.5 (Version: 3.0.5)

Samsung AnyWeb Print (Version: 2.0.67.1)

Samsung Control Center (Version: 1.0)

Samsung Printer Live Update

Samsung Recovery Solution 5 (Version: 5.0.1.3)

Samsung Universal Print Driver (Version: 2.02.05.00:27)

Samsung Universal Scan Driver (Version: 1.2.5.0)

Samsung Update Plus (Version: 3.0.0.17)

Skype Click to Call (Version: 6.8.12323)

Skype™ 6.3 (Version: 6.3.105)

SUPERAntiSpyware (Version: 5.6.1014)

TeXnicCenter Version 1.0 Stable RC1 (Version: Version 1.0 Stable RC1)

TikzEdt 0.2.1 (Version: 0.2.1)

Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.0.82.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

ViewNX 2 (Version: 2.2.5)

VLC media player 1.1.11 (Version: 1.1.11)

Webcam 2080 series (Version: 3.3.6.06)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)

WordCaptureX Pro (Version: 4.0.0)

========================= Devices: ================================

Name: WebCam SCB-1100N

Description: WebCam SCB-1100N

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: SunplusIT

Service: SPUVCbv

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avipbb

Description: avipbb

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: avipbb

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avkmgr

Description: avkmgr

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: avkmgr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Memory info: ===================================

Percentage of memory in use: 25%

Total physical RAM: 6057.55 MB

Available physical RAM: 4532.54 MB

Total Pagefile: 12113.29 MB

Available Pagefile: 10533.69 MB

Total Virtual: 4095.88 MB

Available Virtual: 3957.05 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:270 GB) (Free:82.01 GB) NTFS

2 Drive d: () (Fixed) (Total:404.33 GB) (Free:30.79 GB) NTFS

========================= Users: ========================================

User accounts for \\TEAMMACKENZIE

Administrator Guest Team MacKenzie

UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

saharanz · June 4, 2013

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.04.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Team MacKenzie :: TEAMMACKENZIE [administrator]

Protection: Disabled

05/06/2013 09:28:42

mbam-log-2013-06-05 (09-28-42).txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.15.2

Run by Team MacKenzie at 9:35:10 on 2013-06-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.4286 [GMT 10:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe

C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\svchost.exe -k SDRSVC