Jump to content

DNS Leak?


Recommended Posts

I suspect that my computer has maybe struck a DNS Leak, because my Malwarebytes Pro keeps blocking outgoing svchost.exe with IPs 5.45.75.11 and 5.45.75.36, which aren’t  IPs familiar to me.
The only way I can now access the internet is by  putting these IPs on the Malwarebytes ignore list.
 
In trying to solve the matter I first ran a quick scan with both Malwarebytes and MSE, and when that didn’t help I ran full scans, which didn’t solve the problem either.
I then let Trend’s HouseCall scan my computer but they couldn’t find anything either, so now I’m at my wits’ end and turn to you for help.

In addition to the Malwarebytes log file, I’ve also extracted the following logs, which I will put in subsequent posts:
-DDS
-Rogue Killer
-TDSS Killer
These are fresh installs, never used before and I didn’t let these programs repair anything. I just let them produce reports.

I hope  you can help me.

Jim
 

Link to post
Share on other sites

This is my malwarebytes log:

2014/02/08 16:51:35 +0700 UW-HP ulrich MESSAGE Starting database refresh
2014/02/08 16:51:35 +0700 UW-HP ulrich MESSAGE Stopping IP protection
2014/02/08 16:51:35 +0700 UW-HP ulrich MESSAGE IP Protection stopped successfully
2014/02/08 16:51:35 +0700 UW-HP ulrich MESSAGE Scheduled update executed successfully:  database updated from version v2014.02.07.03 to version v2014.02.08.04
2014/02/08 16:51:38 +0700 UW-HP ulrich MESSAGE Database refreshed successfully
2014/02/08 16:51:38 +0700 UW-HP ulrich MESSAGE Starting IP protection
2014/02/08 16:51:40 +0700 UW-HP ulrich MESSAGE IP Protection started successfully
2014/02/08 16:51:46 +0700 UW-HP ulrich IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 63323, Process: svchost.exe)
2014/02/08 16:51:46 +0700 UW-HP ulrich IP-BLOCK 5.45.75.11 (Type: outgoing, Port: 63323, Process: svchost.exe)
2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 63323, Process: svchost.exe)
2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 49572, Process: svchost.exe)
2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 59591, Process: svchost.exe)
2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 63323, Process: svchost.exe)
2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.11 (Type: outgoing, Port: 63323, Process: svchost.exe)
2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.11 (Type: outgoing, Port: 49572, Process: svchost.exe)
2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.11 (Type: outgoing, Port: 59591, Process: svchost.exe)
Link to post
Share on other sites

This is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by aldrich at 0:06:46 on 2014-02-09
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1033.18.7990.5317 [GMT 7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 5.45.75.36 5.45.75.11
TCP: Interfaces\{46798D80-566F-493D-8A36-97D62BF20DC8} : DHCPNameServer = 5.45.75.36 5.45.75.11
TCP: Interfaces\{46798D80-566F-493D-8A36-97D62BF20DC8}\44F6E60244965676F6 : DHCPNameServer = 62.113.218.182 8.8.8.8
TCP: Interfaces\{A642EB03-A823-46B5-B41B-3CE542B79BF2} : DHCPNameServer = 5.45.75.36 5.45.75.11
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
SSODL: WebCheck - <orphaned>
STS: {E31004D1-A431-41B8-826F-E902F9D95C81} - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\
FF - prefs.js: network.proxy.type - 2
FF - component: C:\Program Files (x86)\ Firefox\components\browserdirprovider.dll
FF - component: C:\Program Files (x86)\ Firefox\components\brwsrcmp.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\VLC\npvlc.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\aldrich\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\aldrich\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2013-12-27 17088]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2011-10-4 1477728]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-7-17 70984]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-28 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-28 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-8-2 32880]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-28 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-10-4 251488]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-9-12 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-9-12 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-9-12 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-9-12 34304]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-12-14 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-12-14 12504]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-8 225280]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe [2013-12-27 72344]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2013-10-28 204568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-3 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-23 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S4 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-4 2480048]
S4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-7-17 393032]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-7-17 384840]
S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-8 13336]
S4 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-17 315392]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-27 1153368]
S4 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-12 1300264]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-8 2320920]
S4 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-11-17 9216]
S4 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 60 ================
.
2014-02-08 14:58:38 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4831FE3A-78EE-46F3-88F3-09633CB31937}\mpengine.dll
2014-02-08 11:41:53 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-03 11:56:21 -------- d-----w- C:\Users\aldrich\AppData\Roaming\rmi
2014-01-23 08:47:39 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFFE2579-F5A7-4F29-9EC0-58C476467580}\gapaengine.dll
2014-01-20 15:35:49 -------- d-----w- C:\Program Files (x86)\BankTrans
2014-01-15 13:09:27 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 13:09:26 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 13:09:26 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 13:09:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 13:09:26 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 13:09:26 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 13:09:26 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 13:03:42 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-12-29 12:40:17 -------- d-----w- C:\Users\aldrich\AppData\Roaming\calibre
2013-12-29 12:36:34 -------- d-----w- C:\Program Files (x86)\eBookConverter
2013-12-29 09:55:14 -------- d-----w- C:\Users\aldrich\AppData\Local\Amazon
2013-12-28 05:18:48 -------- d-----w- C:\ProgramData\Oracle
2013-12-28 05:18:12 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-28 04:49:00 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-28 04:48:24 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Baidu Security
2013-12-28 03:53:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-27 10:11:07 -------- d--h--w- C:\Windows\msdownld.tmp
2013-12-27 10:10:56 -------- d-----w- C:\Windows\SysWow64\directx
2013-12-27 10:10:39 -------- d-s---w- C:\Program Files\SiSoftware Sandra Lite 2014.RTM
2013-12-27 09:42:57 -------- d-----w- C:\ProgramData\GlarySoft
2013-12-27 09:42:55 17088 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
2013-12-27 09:42:55 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
2013-12-27 09:42:45 -------- d-----w- C:\Program Files (x86)\Glary Utilities 4
2013-12-26 07:37:05 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Tracker Software
2013-12-26 07:36:31 -------- d-----w- C:\Program Files\PDF-XChange
2013-12-26 07:33:11 -------- d-----w- C:\ProgramData\Package Cache
2013-12-26 06:21:45 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Softland
2013-12-26 06:21:44 25920 ----a-w- C:\Windows\System32\dopdfmn7.dll
2013-12-26 06:21:44 21312 ----a-w- C:\Windows\System32\dopdfmi7.dll
2013-12-26 06:21:44 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-12-26 06:21:42 -------- d-----w- C:\Program Files\DoPDF 7
2013-12-18 15:54:50 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA4.DLL
2013-12-18 15:54:50 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA4.DLL
2013-12-18 15:54:29 385024 ----a-w- C:\Windows\System32\CNMLMA4.DLL
2013-12-17 15:49:12 -------- d-----w- C:\Users\aldrich\AppData\Local\Opera Software
2013-12-17 15:49:11 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Opera Software
2013-12-16 14:04:14 -------- d-----r- C:\Program Files (x86)\Skype
2013-12-14 09:44:10 3050808 ----a-w- C:\Windows\System32\pwNative.exe
2013-12-14 09:44:10 19152 ------w- C:\Windows\System32\pwdrvio.sys
2013-12-14 09:44:09 12504 ------w- C:\Windows\System32\pwdspio.sys
2013-12-14 09:43:40 -------- d-----w- C:\Program Files (x86)\MiniTool Partition Wizard
2013-12-11 15:02:05 -------- d-----w- C:\Users\aldrich\AppData\Local\Samsung
2013-12-11 15:02:02 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Samsung
2013-12-11 14:52:53 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-12-11 14:52:43 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-12-11 14:49:44 -------- d-----w- C:\Program Files (x86)\Samsung Kies
2013-12-11 14:49:06 -------- d-----w- C:\Users\aldrich\New folder
2013-12-11 09:28:01 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-12-11 09:28:01 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-12-11 09:28:01 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-12-11 09:28:01 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-12-11 09:28:00 7211520 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2013-12-11 09:28:00 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2013-12-11 09:28:00 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2013-12-11 09:28:00 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-12-11 09:28:00 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-12-11 09:28:00 270848 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-12-11 09:28:00 251392 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-12-11 09:10:15 -------- d-----w- C:\USB DRIVERS
2013-12-11 08:53:52 -------- d-----w- C:\Program Files\SAMSUNG
2013-12-11 08:51:22 -------- d-----w- C:\ProgramData\Samsung
2013-12-11 01:12:05 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-11 01:12:03 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-11 01:11:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-11 01:11:54 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-11 01:11:44 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-11 01:11:44 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-11 01:11:41 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-11 01:11:41 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-11 01:11:41 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-11 01:11:41 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-11 01:11:41 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-11 01:11:41 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-11 01:11:41 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-11 01:11:41 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
.
==================== Find6M  ====================
.
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-06 09:30:53 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-12-06 09:29:47 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-12-06 09:29:47 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-12-06 09:29:47 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-12-03 09:33:42 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-12-03 09:33:42 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-30 05:07:00 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2013-10-30 05:07:00 330240 ----a-w- C:\Windows\MASetupCaller.dll
2013-10-30 05:07:00 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2013-10-27 18:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudobex.sys
2013-10-27 18:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-10-27 18:12:12 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2013-10-27 18:12:10 107288 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH:  0:07:31.72 ===============
Link to post
Share on other sites

This is the DDS Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 22-9-2010 13:03:51
System Uptime: 8-2-2014 18:54:35 (6 hours ago)
.
Motherboard: Hewlett-Packard |  | 1439
Processor: Intel® Core i5 CPU       M 460  @ 2.53GHz | CPU | 2381/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 449 GiB total, 339.077 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2.269 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP480: 18-1-2014 13:04:21 - Mask Surf Pro download
RP481: 18-1-2014 13:16:40 - Restore Operation
RP482: 19-1-2014 16:36:44 - Windows Update
RP483: 23-1-2014 15:45:56 - Windows Update
RP484: 26-1-2014 18:05:46 - Windows Update
RP485: 29-1-2014 21:36:32 - Windows Update
RP486: 2-2-2014 11:11:34 - Windows Update
RP487: 5-2-2014 20:42:50 - Windows Update
RP488: 7-2-2014 22:40:39 - HP 3500c Scanner 64bit vista driver
RP489: 8-2-2014 18:34:29 - Restore Operation
RP490: 8-2-2014 21:57:39 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.47 beta
Aangifte inkomstenbelasting 2009
Aangifte inkomstenbelasting 2010
Aangifte inkomstenbelasting 2012
Aangifte inkomstenbelasting 2013
Acronis True Image Home
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe InDesign CS5.5
Adobe Photoshop CS5
Agatha Christie - Death on the Nile
Amazon Kindle
Any Video Converter 3.5.8
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 3.0
ASUS Android USB Drivers
ASUS Sync
Audacity 2.0.5
BankTrans versie 2.10
Bejeweled 2 Deluxe
Blackhawk Striker 2
BlueStacks App Player
BlueStacks Notification Center
Broadcom 802.11 Wireless LAN Adapter
Bullzip PDF Printer 7.2.0.1338
Camtasia Studio 4
Canon iP2700 series Printer Driver
CCleaner
Chuzzle Deluxe
Cool Edit Pro 2.0
CyberLink DVD Suite
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
doPDF 7.3 printer
Dora's Carnival Adventure
Energy Star Digital Logo
eReg
ERUNT 1.1j
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Feedback Tool
Final Drive Nitro
Foxit PDF Editor
Foxit PDF Preview Handler
Foxit Phantom
Foxit Reader
Glary Utilities 4.3
GOM Player
Google Chrome
Google Drive
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
High-Definition Video Playback 10
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Software Framework
HP Wireless Assistant
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java 7 Update 45
Java Auto Updater
Jewel Quest - Heritage
Junk Mail filter update
Kindle Converter
LabelPrint
LAME v3.99.3 (for Windows)
LG United Mobile Driver
LightScribe System Software
Logitech SetPoint 6.52
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
MiniTool Partition Wizard Home Edition 8.1.1
MiniTool Power Data Recovery
Movie Maker
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MyBKS 2.0
Neat Image v6.0 Pro+
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Opera Stable 18.0.1284.68
PDF-XChange Editor
PDF Settings CS5
Penguins!
Perfect Uninstaller v6.3.3.8
Photo Common
Photo Gallery
PhotoNow!
Picasa 3
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PowerISO
QuickTime
QuickTime Alternative 3.2.2
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Register-x64
Registry Clean Expert
RtVOsd
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
SiSoftware Sandra Lite 2014.RTM
Skype™ 6.11
Spybot - Search & Destroy
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Tablet Driver With Macrokey Manager
Trader Workstation 4.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VBA (2627.01)
Verzoek of wijziging voorlopige aanslag 2014
Virtual Villagers - The Secret City
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 2.0.7
Vodafone Mobile Connect Lite
VoipDiscount
VSO Image Resizer 2.2.0.1c
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
Windows Movie Maker 2.6
Windows Phone app for desktop
WinPatrol
WinRAR
x64 Components v2.2.4
Yahoo! Messenger
Zuma Deluxe
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
8-2-2014 21:49:48, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
8-2-2014 19:00:47, Error: Application Popup [1060]  - \??\C:\Program Files\Perfect Uninstaller\FKFAP.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8-2-2014 18:57:38, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3520.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
8-2-2014 18:47:25, Error: Microsoft-Windows-SharedAccess_NAT [30013]  - The DHCP allocator has disabled itself on IP address 192.168.1.7, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
8-2-2014 18:41:53, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x80070002   Error description: The system cannot find the file specified.   Signature version: 0.0.0.0;0.0.0.0   Engine version: 0.0.0.0
8-2-2014 18:31:28, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8-2-2014 18:31:28, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8-2-2014 18:31:28, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8-2-2014 18:30:58, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8-2-2014 18:30:58, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
7-2-2014 11:44:11, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
6-2-2014 23:25:41, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3360.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6-2-2014 23:25:41, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3360.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
5-2-2014 13:14:14, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
Link to post
Share on other sites

This is the Rogue Killer Report:

RogueKiller V8.8.6 _x64_ [Feb  7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : aldrich [Admin rights]
Mode : Scan -- Date : 02/09/2014 00:52:41
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Schijfstation +++++
--- User ---
[MBR] b04f7fcfca751ada733635f8ee5c8d76
[bSP] f11230797304b70fa2a565c3ad8eb680 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460262 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943026176 | Size: 16374 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) CBM1180 Flash Disk USB Device +++++
--- User ---
[MBR] 47de8f4e815a12bcafc0ba2fa942045f
[bSP] adfd752585d15d71712c75d739b2d829 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 124 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_02092014_005241.txt >>
Link to post
Share on other sites

This is the TDSS Killer Report:

01:07:55.0339 3792  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:07:55.0354 3792  ============================================================
01:07:55.0354 3792  Current date / time: 2014/02/09 01:07:55.0354
01:07:55.0354 3792  SystemInfo:
01:07:55.0354 3792  
01:07:55.0354 3792  OS Version: 6.1.7601 ServicePack: 1.0
01:07:55.0354 3792  Product type: Workstation
01:07:55.0354 3792  ComputerName: UW-HP
01:07:55.0354 3792  UserName: aldrich
01:07:55.0354 3792  Windows directory: C:\Windows
01:07:55.0354 3792  System windows directory: C:\Windows
01:07:55.0354 3792  Running under WOW64
01:07:55.0354 3792  Processor architecture: Intel x64
01:07:55.0354 3792  Number of processors: 4
01:07:55.0354 3792  Page size: 0x1000
01:07:55.0354 3792  Boot type: Normal boot
01:07:55.0354 3792  ============================================================
01:07:55.0900 3792  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:07:55.0916 3792  Drive \Device\Harddisk1\DR1 - Size: 0x7C9FE00 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:07:55.0916 3792  ============================================================
01:07:55.0916 3792  \Device\Harddisk0\DR0:
01:07:55.0916 3792  MBR partitions:
01:07:55.0916 3792  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
01:07:55.0916 3792  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x382F3000
01:07:55.0916 3792  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38357000, BlocksNum 0x1FFB000
01:07:55.0916 3792  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
01:07:55.0916 3792  \Device\Harddisk1\DR1:
01:07:55.0916 3792  MBR partitions:
01:07:55.0916 3792  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3E4C0
01:07:55.0916 3792  ============================================================
01:07:55.0931 3792  C: <-> \Device\Harddisk0\DR0\Partition2
01:07:56.0009 3792  D: <-> \Device\Harddisk0\DR0\Partition3
01:07:56.0009 3792  ============================================================
01:07:56.0009 3792  Initialize success
01:07:56.0009 3792  ============================================================
01:07:58.0537 2408  ============================================================
01:07:58.0537 2408  Scan started
01:07:58.0537 2408  Mode: Manual; 
01:07:58.0537 2408  ============================================================
01:07:59.0020 2408  ================ Scan system memory ========================
01:07:59.0020 2408  System memory - ok
01:07:59.0020 2408  ================ Scan services =============================
01:07:59.0145 2408  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:07:59.0145 2408  1394ohci - ok
01:07:59.0161 2408  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:07:59.0161 2408  ACPI - ok
01:07:59.0192 2408  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:07:59.0192 2408  AcpiPmi - ok
01:07:59.0270 2408  [ 00BFC7A51046CBD77E2A71F237ED2838 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
01:07:59.0285 2408  AcrSch2Svc - ok
01:07:59.0301 2408  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
01:07:59.0301 2408  adfs - ok
01:07:59.0363 2408  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
01:07:59.0363 2408  adp94xx - ok
01:07:59.0379 2408  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
01:07:59.0379 2408  adpahci - ok
01:07:59.0410 2408  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
01:07:59.0410 2408  adpu320 - ok
01:07:59.0441 2408  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:07:59.0441 2408  AeLookupSvc - ok
01:07:59.0613 2408  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
01:07:59.0613 2408  AERTFilters - ok
01:07:59.0644 2408  [ 3F5FDC12FFA4794FC3A178A26D48E7CF ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
01:07:59.0644 2408  afcdp - ok
01:07:59.0707 2408  [ B8C03E224E49E0F9726CDDEF872237EB ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
01:07:59.0707 2408  afcdpsrv - ok
01:07:59.0972 2408  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
01:07:59.0972 2408  AFD - ok
01:08:00.0019 2408  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
01:08:00.0019 2408  AgereSoftModem - ok
01:08:00.0065 2408  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:08:00.0065 2408  agp440 - ok
01:08:00.0081 2408  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
01:08:00.0081 2408  ALG - ok
01:08:00.0097 2408  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:08:00.0097 2408  aliide - ok
01:08:00.0112 2408  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:08:00.0112 2408  amdide - ok
01:08:00.0143 2408  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
01:08:00.0143 2408  AmdK8 - ok
01:08:00.0159 2408  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:08:00.0159 2408  AmdPPM - ok
01:08:00.0206 2408  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:08:00.0206 2408  amdsata - ok
01:08:00.0237 2408  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:08:00.0237 2408  amdsbs - ok
01:08:00.0253 2408  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:08:00.0253 2408  amdxata - ok
01:08:00.0284 2408  [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus          C:\Windows\system32\DRIVERS\lgandbus64.sys
01:08:00.0284 2408  Andbus - ok
01:08:00.0284 2408  [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag         C:\Windows\system32\DRIVERS\lganddiag64.sys
01:08:00.0284 2408  AndDiag - ok
01:08:00.0299 2408  [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps          C:\Windows\system32\DRIVERS\lgandgps64.sys
01:08:00.0299 2408  AndGps - ok
01:08:00.0315 2408  [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem        C:\Windows\system32\DRIVERS\lgandmodem64.sys
01:08:00.0315 2408  ANDModem - ok
01:08:00.0346 2408  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
01:08:00.0362 2408  AppID - ok
01:08:00.0377 2408  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:08:00.0377 2408  AppIDSvc - ok
01:08:00.0409 2408  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
01:08:00.0409 2408  Appinfo - ok
01:08:00.0440 2408  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
01:08:00.0440 2408  arc - ok
01:08:00.0471 2408  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:08:00.0471 2408  arcsas - ok
01:08:00.0611 2408  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:08:00.0611 2408  aspnet_state - ok
01:08:00.0627 2408  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:08:00.0627 2408  AsyncMac - ok
01:08:00.0674 2408  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
01:08:00.0674 2408  atapi - ok
01:08:00.0721 2408  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:08:00.0721 2408  AudioEndpointBuilder - ok
01:08:00.0752 2408  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:08:00.0752 2408  AudioSrv - ok
01:08:00.0783 2408  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:08:00.0799 2408  AxInstSV - ok
01:08:00.0955 2408  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
01:08:00.0955 2408  b06bdrv - ok
01:08:00.0986 2408  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:08:00.0986 2408  b57nd60a - ok
01:08:01.0064 2408  [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
01:08:01.0079 2408  BCM43XX - ok
01:08:01.0111 2408  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:08:01.0111 2408  BDESVC - ok
01:08:01.0126 2408  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:08:01.0126 2408  Beep - ok
01:08:01.0189 2408  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
01:08:01.0204 2408  BFE - ok
01:08:01.0220 2408  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
01:08:01.0251 2408  BITS - ok
01:08:01.0282 2408  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:08:01.0282 2408  blbdrive - ok
01:08:01.0345 2408  [ 85E239DE26774AFD66A6305BC7C39662 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys
01:08:01.0360 2408  BootDefragDriver - ok
01:08:01.0376 2408  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:08:01.0376 2408  bowser - ok
01:08:01.0407 2408  BprotectEx - ok
01:08:01.0423 2408  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:08:01.0423 2408  BrFiltLo - ok
01:08:01.0438 2408  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:08:01.0438 2408  BrFiltUp - ok
01:08:01.0485 2408  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
01:08:01.0485 2408  Browser - ok
01:08:01.0501 2408  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:08:01.0501 2408  Brserid - ok
01:08:01.0516 2408  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:08:01.0532 2408  BrSerWdm - ok
01:08:01.0547 2408  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:08:01.0547 2408  BrUsbMdm - ok
01:08:01.0563 2408  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:08:01.0563 2408  BrUsbSer - ok
01:08:01.0625 2408  [ 565042698F48738D4E62AAE8473B9300 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
01:08:01.0625 2408  BstHdAndroidSvc - ok
01:08:01.0688 2408  [ E9030B35175CAA68F96F4F73DB9E4902 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
01:08:01.0688 2408  BstHdDrv - ok
01:08:01.0735 2408  [ 5D723B3E6F8C6857B4D40BF05E3143D4 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
01:08:01.0735 2408  BstHdLogRotatorSvc - ok
01:08:01.0766 2408  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
01:08:01.0766 2408  BthEnum - ok
01:08:01.0797 2408  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:08:01.0797 2408  BTHMODEM - ok
01:08:01.0813 2408  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
01:08:01.0813 2408  BthPan - ok
01:08:01.0844 2408  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
01:08:01.0844 2408  BTHPORT - ok
01:08:01.0891 2408  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
01:08:01.0891 2408  bthserv - ok
01:08:01.0906 2408  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
01:08:01.0906 2408  BTHUSB - ok
01:08:01.0937 2408  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:08:01.0937 2408  cdfs - ok
01:08:01.0969 2408  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
01:08:01.0969 2408  cdrom - ok
01:08:02.0000 2408  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
01:08:02.0000 2408  CertPropSvc - ok
01:08:02.0031 2408  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:08:02.0031 2408  circlass - ok
01:08:02.0047 2408  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:08:02.0047 2408  CLFS - ok
01:08:02.0125 2408  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:08:02.0125 2408  clr_optimization_v2.0.50727_32 - ok
01:08:02.0140 2408  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:08:02.0140 2408  clr_optimization_v2.0.50727_64 - ok
01:08:02.0203 2408  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:08:02.0203 2408  clr_optimization_v4.0.30319_32 - ok
01:08:02.0218 2408  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:08:02.0218 2408  clr_optimization_v4.0.30319_64 - ok
01:08:02.0249 2408  [ 45379507ECC5E406237BFF32C7390675 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
01:08:02.0249 2408  clwvd - ok
01:08:02.0265 2408  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:08:02.0265 2408  CmBatt - ok
01:08:02.0281 2408  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:08:02.0296 2408  cmdide - ok
01:08:02.0327 2408  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
01:08:02.0327 2408  CNG - ok
01:08:02.0343 2408  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:08:02.0343 2408  Compbatt - ok
01:08:02.0374 2408  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:08:02.0374 2408  CompositeBus - ok
01:08:02.0390 2408  COMSysApp - ok
01:08:02.0405 2408  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
01:08:02.0405 2408  crcdisk - ok
01:08:02.0468 2408  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:08:02.0468 2408  CryptSvc - ok
01:08:02.0561 2408  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:08:02.0561 2408  DcomLaunch - ok
01:08:02.0577 2408  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
01:08:02.0593 2408  defragsvc - ok
01:08:02.0624 2408  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:08:02.0624 2408  DfsC - ok
01:08:02.0686 2408  [ 955FFE2B1D74A9E0E3E0E558E6A17F3B ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
01:08:02.0686 2408  dg_ssudbus - ok
01:08:02.0702 2408  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:08:02.0717 2408  Dhcp - ok
01:08:02.0858 2408  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:08:02.0858 2408  discache - ok
01:08:02.0873 2408  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:08:02.0873 2408  Disk - ok
01:08:02.0889 2408  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:08:02.0905 2408  Dnscache - ok
01:08:02.0936 2408  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:08:02.0951 2408  dot3svc - ok
01:08:02.0983 2408  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
01:08:02.0983 2408  DPS - ok
01:08:03.0014 2408  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:08:03.0029 2408  drmkaud - ok
01:08:03.0076 2408  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:08:03.0076 2408  DXGKrnl - ok
01:08:03.0139 2408  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
01:08:03.0139 2408  EapHost - ok
01:08:03.0232 2408  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
01:08:03.0248 2408  ebdrv - ok
01:08:03.0279 2408  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
01:08:03.0279 2408  EFS - ok
01:08:03.0341 2408  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:08:03.0341 2408  ehRecvr - ok
01:08:03.0373 2408  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
01:08:03.0373 2408  ehSched - ok
01:08:03.0404 2408  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
01:08:03.0419 2408  elxstor - ok
01:08:03.0435 2408  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:08:03.0435 2408  ErrDev - ok
01:08:03.0451 2408  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
01:08:03.0451 2408  EventSystem - ok
01:08:03.0466 2408  ewusbnet - ok
01:08:03.0466 2408  ew_hwusbdev - ok
01:08:03.0482 2408  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
01:08:03.0482 2408  exfat - ok
01:08:03.0497 2408  ezSharedSvc - ok
01:08:03.0513 2408  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:08:03.0529 2408  fastfat - ok
01:08:03.0560 2408  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
01:08:03.0575 2408  Fax - ok
01:08:03.0607 2408  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:08:03.0607 2408  fdc - ok
01:08:03.0622 2408  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:08:03.0638 2408  fdPHost - ok
01:08:03.0638 2408  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:08:03.0638 2408  FDResPub - ok
01:08:03.0653 2408  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:08:03.0653 2408  FileInfo - ok
01:08:03.0669 2408  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:08:03.0669 2408  Filetrace - ok
01:08:03.0685 2408  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:08:03.0685 2408  flpydisk - ok
01:08:03.0731 2408  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:08:03.0731 2408  FltMgr - ok
01:08:03.0778 2408  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
01:08:03.0809 2408  FontCache - ok
01:08:03.0856 2408  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:08:03.0856 2408  FontCache3.0.0.0 - ok
01:08:03.0887 2408  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:08:03.0887 2408  FsDepends - ok
01:08:03.0919 2408  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:08:03.0919 2408  Fs_Rec - ok
01:08:03.0965 2408  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:08:03.0965 2408  fvevol - ok
01:08:03.0981 2408  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:08:03.0981 2408  gagp30kx - ok
01:08:04.0012 2408  [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
01:08:04.0028 2408  GameConsoleService - ok
01:08:04.0106 2408  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
01:08:04.0121 2408  gpsvc - ok
01:08:04.0262 2408  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:08:04.0262 2408  gupdate - ok
01:08:04.0277 2408  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:08:04.0277 2408  gupdatem - ok
01:08:04.0309 2408  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
01:08:04.0309 2408  gusvc - ok
01:08:04.0355 2408  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:08:04.0355 2408  hcw85cir - ok
01:08:04.0387 2408  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:08:04.0387 2408  HdAudAddService - ok
01:08:04.0402 2408  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
01:08:04.0402 2408  HDAudBus - ok
01:08:04.0418 2408  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
01:08:04.0418 2408  HECIx64 - ok
01:08:04.0449 2408  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
01:08:04.0449 2408  HidBatt - ok
01:08:04.0511 2408  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:08:04.0511 2408  HidBth - ok
01:08:04.0511 2408  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
01:08:04.0527 2408  HidIr - ok
01:08:04.0543 2408  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
01:08:04.0543 2408  hidserv - ok
01:08:04.0574 2408  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:08:04.0574 2408  HidUsb - ok
01:08:04.0621 2408  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:08:04.0621 2408  hkmsvc - ok
01:08:04.0652 2408  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:08:04.0652 2408  HomeGroupListener - ok
01:08:04.0699 2408  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:08:04.0699 2408  HomeGroupProvider - ok
01:08:04.0792 2408  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
01:08:04.0792 2408  HP Support Assistant Service - ok
01:08:04.0839 2408  [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
01:08:04.0839 2408  HP Wireless Assistant Service - ok
01:08:04.0901 2408  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
01:08:04.0901 2408  hpqwmiex - ok
01:08:04.0933 2408  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:08:04.0933 2408  HpSAMD - ok
01:08:05.0026 2408  [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
01:08:05.0026 2408  HPWMISVC - ok
01:08:05.0073 2408  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:08:05.0073 2408  HTTP - ok
01:08:05.0089 2408  huawei_enumerator - ok
01:08:05.0089 2408  hwdatacard - ok
01:08:05.0120 2408  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:08:05.0120 2408  hwpolicy - ok
01:08:05.0120 2408  hwusbfake - ok
01:08:05.0151 2408  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
01:08:05.0151 2408  i8042prt - ok
01:08:05.0182 2408  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
01:08:05.0198 2408  iaStor - ok
01:08:05.0260 2408  [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
01:08:05.0260 2408  IAStorDataMgrSvc - ok
01:08:05.0323 2408  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:08:05.0323 2408  iaStorV - ok
01:08:05.0385 2408  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:08:05.0401 2408  idsvc - ok
01:08:05.0432 2408  IEEtwCollectorService - ok
01:08:05.0650 2408  [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
01:08:05.0697 2408  igfx - ok
01:08:05.0713 2408  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
01:08:05.0713 2408  iirsp - ok
01:08:05.0775 2408  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
01:08:05.0791 2408  IKEEXT - ok
01:08:05.0806 2408  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
01:08:05.0822 2408  Impcd - ok
01:08:05.0884 2408  [ E76FDFFF07F8A2FA81FF250DDA0F6BBA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:08:05.0900 2408  IntcAzAudAddService - ok
01:08:05.0931 2408  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
01:08:05.0931 2408  IntcDAud - ok
01:08:05.0947 2408  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:08:05.0947 2408  intelide - ok
01:08:05.0978 2408  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:08:05.0978 2408  intelppm - ok
01:08:05.0993 2408  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:08:06.0009 2408  IPBusEnum - ok
01:08:06.0040 2408  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:08:06.0040 2408  IpFilterDriver - ok
01:08:06.0056 2408  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:08:06.0071 2408  iphlpsvc - ok
01:08:06.0103 2408  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:08:06.0103 2408  IPMIDRV - ok
01:08:06.0118 2408  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:08:06.0118 2408  IPNAT - ok
01:08:06.0149 2408  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:08:06.0149 2408  IRENUM - ok
01:08:06.0165 2408  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:08:06.0165 2408  isapnp - ok
01:08:06.0196 2408  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:08:06.0212 2408  iScsiPrt - ok
01:08:06.0212 2408  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:08:06.0227 2408  kbdclass - ok
01:08:06.0243 2408  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
01:08:06.0243 2408  kbdhid - ok
01:08:06.0259 2408  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
01:08:06.0259 2408  KeyIso - ok
01:08:06.0290 2408  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:08:06.0290 2408  KSecDD - ok
01:08:06.0305 2408  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:08:06.0321 2408  KSecPkg - ok
01:08:06.0337 2408  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:08:06.0337 2408  ksthunk - ok
01:08:06.0368 2408  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:08:06.0383 2408  KtmRm - ok
01:08:06.0430 2408  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:08:06.0430 2408  LanmanServer - ok
01:08:06.0461 2408  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:08:06.0477 2408  LanmanWorkstation - ok
01:08:06.0571 2408  [ 70FB6254E29150A7A4A39FDFFD306C33 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
01:08:06.0571 2408  LBTServ - ok
01:08:06.0617 2408  [ 1470EF17E02E82E4F43346DF9E9F11E1 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:08:06.0617 2408  LHidFilt - ok
01:08:06.0664 2408  [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
01:08:06.0664 2408  LightScribeService - ok
01:08:06.0695 2408  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:08:06.0711 2408  lltdio - ok
01:08:06.0929 2408  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:08:06.0961 2408  lltdsvc - ok
01:08:06.0976 2408  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:08:06.0992 2408  lmhosts - ok
01:08:07.0007 2408  [ 12814AE119E959437BEA3110F81BD188 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:08:07.0007 2408  LMouFilt - ok
01:08:07.0117 2408  [ DBC1136A62BD4DECC3632DF650284C2E ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
01:08:07.0117 2408  LMS - ok
01:08:07.0148 2408  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:08:07.0148 2408  LSI_FC - ok
01:08:07.0163 2408  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
01:08:07.0163 2408  LSI_SAS - ok
01:08:07.0179 2408  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:08:07.0179 2408  LSI_SAS2 - ok
01:08:07.0195 2408  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:08:07.0195 2408  LSI_SCSI - ok
01:08:07.0226 2408  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
01:08:07.0226 2408  luafv - ok
01:08:07.0273 2408  lxda_device - ok
01:08:07.0319 2408  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
01:08:07.0319 2408  MBAMProtector - ok
01:08:07.0397 2408  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:08:07.0413 2408  MBAMScheduler - ok
01:08:07.0444 2408  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:08:07.0444 2408  MBAMService - ok
01:08:07.0491 2408  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:08:07.0491 2408  Mcx2Svc - ok
01:08:07.0569 2408  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
01:08:07.0569 2408  MDM - ok
01:08:07.0600 2408  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
01:08:07.0600 2408  megasas - ok
01:08:07.0616 2408  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:08:07.0616 2408  MegaSR - ok
01:08:07.0631 2408  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
01:08:07.0647 2408  MMCSS - ok
01:08:07.0647 2408  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
01:08:07.0647 2408  Modem - ok
01:08:07.0663 2408  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:08:07.0663 2408  monitor - ok
01:08:07.0694 2408  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:08:07.0694 2408  mouclass - ok
01:08:07.0741 2408  [ 21B7ACEA1BB49C3371DD5427BF309D6A ] moufiltr        C:\Windows\system32\DRIVERS\moufiltr.sys
01:08:07.0741 2408  moufiltr - ok
01:08:07.0787 2408  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:08:07.0787 2408  mouhid - ok
01:08:07.0834 2408  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:08:07.0834 2408  mountmgr - ok
01:08:08.0021 2408  [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:08:08.0021 2408  MozillaMaintenance - ok
01:08:08.0131 2408  [ C6B88D62F20AC646C6BD5C032EC2FAF9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
01:08:08.0131 2408  MpFilter - ok
01:08:08.0193 2408  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:08:08.0193 2408  mpio - ok
01:08:08.0224 2408  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:08:08.0224 2408  mpsdrv - ok
01:08:08.0271 2408  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:08:08.0302 2408  MpsSvc - ok
01:08:08.0333 2408  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:08:08.0333 2408  MRxDAV - ok
01:08:08.0365 2408  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:08:08.0365 2408  mrxsmb - ok
01:08:08.0396 2408  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:08:08.0411 2408  mrxsmb10 - ok
01:08:08.0427 2408  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:08:08.0427 2408  mrxsmb20 - ok
01:08:08.0443 2408  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:08:08.0443 2408  msahci - ok
01:08:08.0474 2408  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:08:08.0474 2408  msdsm - ok
01:08:08.0489 2408  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
01:08:08.0489 2408  MSDTC - ok
01:08:08.0536 2408  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:08:08.0536 2408  Msfs - ok
01:08:08.0552 2408  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:08:08.0552 2408  mshidkmdf - ok
01:08:08.0567 2408  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:08:08.0567 2408  msisadrv - ok
01:08:08.0599 2408  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:08:08.0614 2408  MSiSCSI - ok
01:08:08.0614 2408  msiserver - ok
01:08:08.0630 2408  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:08:08.0645 2408  MSKSSRV - ok
01:08:08.0755 2408  [ 7675E15D1B2180745E4DA4D26AAD7385 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
01:08:08.0755 2408  MsMpSvc - ok
01:08:08.0770 2408  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:08:08.0770 2408  MSPCLOCK - ok
01:08:08.0786 2408  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:08:08.0786 2408  MSPQM - ok
01:08:08.0833 2408  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:08:08.0833 2408  MsRPC - ok
01:08:08.0864 2408  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:08:08.0864 2408  mssmbios - ok
01:08:08.0895 2408  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:08:08.0895 2408  MSTEE - ok
01:08:08.0895 2408  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:08:08.0911 2408  MTConfig - ok
01:08:08.0926 2408  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:08:08.0926 2408  Mup - ok
01:08:09.0145 2408  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:08:09.0176 2408  napagent - ok
01:08:09.0207 2408  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:08:09.0207 2408  NativeWifiP - ok
01:08:09.0269 2408  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:08:09.0285 2408  NDIS - ok
01:08:09.0301 2408  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:08:09.0301 2408  NdisCap - ok
01:08:09.0316 2408  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:08:09.0316 2408  NdisTapi - ok
01:08:09.0363 2408  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:08:09.0363 2408  Ndisuio - ok
01:08:09.0394 2408  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:08:09.0394 2408  NdisWan - ok
01:08:09.0410 2408  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:08:09.0410 2408  NDProxy - ok
01:08:09.0441 2408  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:08:09.0441 2408  NetBIOS - ok
01:08:09.0488 2408  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:08:09.0488 2408  NetBT - ok
01:08:09.0503 2408  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
01:08:09.0503 2408  Netlogon - ok
01:08:09.0535 2408  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:08:09.0550 2408  Netman - ok
01:08:09.0628 2408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:08:09.0628 2408  NetMsmqActivator - ok
01:08:09.0675 2408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:08:09.0675 2408  NetPipeActivator - ok
01:08:09.0722 2408  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:08:09.0722 2408  netprofm - ok
01:08:09.0737 2408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:08:09.0737 2408  NetTcpActivator - ok
01:08:09.0737 2408  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:08:09.0737 2408  NetTcpPortSharing - ok
01:08:09.0862 2408  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
01:08:09.0893 2408  netw5v64 - ok
01:08:09.0925 2408  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
01:08:09.0925 2408  nfrd960 - ok
01:08:09.0987 2408  [ ACE8C64C57E4A711473C8BC10ADF692B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:08:09.0987 2408  NisDrv - ok
01:08:10.0081 2408  [ 6247E8B31ED0A9D6BC5A26276E49BEB3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
01:08:10.0081 2408  NisSrv - ok
01:08:10.0143 2408  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:08:10.0159 2408  NlaSvc - ok
01:08:10.0190 2408  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:08:10.0190 2408  Npfs - ok
01:08:10.0221 2408  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
01:08:10.0221 2408  nsi - ok
01:08:10.0237 2408  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:08:10.0237 2408  nsiproxy - ok
01:08:10.0315 2408  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:08:10.0315 2408  Ntfs - ok
01:08:10.0346 2408  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:08:10.0346 2408  Null - ok
01:08:10.0393 2408  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:08:10.0393 2408  nvraid - ok
01:08:10.0424 2408  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:08:10.0424 2408  nvstor - ok
01:08:10.0455 2408  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:08:10.0455 2408  nv_agp - ok
01:08:10.0517 2408  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:08:10.0517 2408  odserv - ok
01:08:10.0533 2408  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:08:10.0533 2408  ohci1394 - ok
01:08:10.0564 2408  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:08:10.0564 2408  ose - ok
01:08:10.0611 2408  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:08:10.0611 2408  p2pimsvc - ok
01:08:10.0658 2408  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:08:10.0658 2408  p2psvc - ok
01:08:10.0705 2408  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
01:08:10.0705 2408  Parport - ok
01:08:10.0736 2408  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:08:10.0736 2408  partmgr - ok
01:08:10.0767 2408  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:08:10.0767 2408  PcaSvc - ok
01:08:10.0814 2408  PCFApiUtil - ok
01:08:10.0845 2408  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
01:08:10.0845 2408  pci - ok
01:08:10.0876 2408  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:08:10.0876 2408  pciide - ok
01:08:10.0907 2408  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:08:10.0907 2408  pcmcia - ok
01:08:10.0939 2408  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:08:10.0939 2408  pcw - ok
01:08:10.0970 2408  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:08:10.0970 2408  PEAUTH - ok
01:08:11.0001 2408  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:08:11.0001 2408  PerfHost - ok
01:08:11.0079 2408  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
01:08:11.0110 2408  pla - ok
01:08:11.0157 2408  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:08:11.0173 2408  PlugPlay - ok
01:08:11.0188 2408  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:08:11.0188 2408  PNRPAutoReg - ok
01:08:11.0219 2408  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:08:11.0219 2408  PNRPsvc - ok
01:08:11.0266 2408  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:08:11.0266 2408  PolicyAgent - ok
01:08:11.0297 2408  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
01:08:11.0297 2408  Power - ok
01:08:11.0344 2408  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:08:11.0344 2408  PptpMiniport - ok
01:08:11.0375 2408  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
01:08:11.0375 2408  Processor - ok
01:08:11.0422 2408  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:08:11.0422 2408  ProfSvc - ok
01:08:11.0438 2408  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
01:08:11.0438 2408  ProtectedStorage - ok
01:08:11.0469 2408  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
01:08:11.0469 2408  ProtexisLicensing - ok
01:08:11.0516 2408  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:08:11.0516 2408  Psched - ok
01:08:11.0609 2408  [ C32ECB99AD25E9A04F01C8665DF29EF8 ] pwdrvio         C:\Windows\system32\pwdrvio.sys
01:08:11.0609 2408  pwdrvio - ok
01:08:11.0672 2408  [ D619356B955EEFA642F5FF72755E8B3C ] pwdspio         C:\Windows\system32\pwdspio.sys
01:08:11.0672 2408  pwdspio - ok
01:08:11.0719 2408  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:08:11.0719 2408  ql2300 - ok
01:08:11.0750 2408  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:08:11.0750 2408  ql40xx - ok
01:08:11.0781 2408  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
01:08:11.0781 2408  QWAVE - ok
01:08:11.0812 2408  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:08:11.0812 2408  QWAVEdrv - ok
01:08:11.0828 2408  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:08:11.0828 2408  RasAcd - ok
01:08:11.0843 2408  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:08:11.0843 2408  RasAgileVpn - ok
01:08:11.0875 2408  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
01:08:11.0890 2408  RasAuto - ok
01:08:11.0999 2408  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:08:11.0999 2408  Rasl2tp - ok
01:08:12.0077 2408  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:08:12.0077 2408  RasMan - ok
01:08:12.0124 2408  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:08:12.0124 2408  RasPppoe - ok
01:08:12.0140 2408  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:08:12.0140 2408  RasSstp - ok
01:08:12.0171 2408  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:08:12.0171 2408  rdbss - ok
01:08:12.0202 2408  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:08:12.0202 2408  rdpbus - ok
01:08:12.0218 2408  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:08:12.0218 2408  RDPCDD - ok
01:08:12.0233 2408  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:08:12.0233 2408  RDPENCDD - ok
01:08:12.0249 2408  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:08:12.0249 2408  RDPREFMP - ok
01:08:12.0296 2408  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:08:12.0296 2408  RDPWD - ok
01:08:12.0343 2408  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:08:12.0343 2408  rdyboost - ok
01:08:12.0389 2408  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:08:12.0389 2408  RemoteAccess - ok
01:08:12.0452 2408  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:08:12.0452 2408  RemoteRegistry - ok
01:08:12.0483 2408  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
01:08:12.0483 2408  RFCOMM - ok
01:08:12.0499 2408  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:08:12.0499 2408  RpcEptMapper - ok
01:08:12.0514 2408  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:08:12.0514 2408  RpcLocator - ok
01:08:12.0561 2408  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
01:08:12.0561 2408  RpcSs - ok
01:08:12.0592 2408  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:08:12.0592 2408  rspndr - ok
01:08:12.0623 2408  [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
01:08:12.0623 2408  RSUSBSTOR - ok
01:08:12.0670 2408  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
01:08:12.0670 2408  RTL8167 - ok
01:08:12.0733 2408  [ FEBFB5730E12F62CA38F86A066E7348D ] RtVOsdService   C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
01:08:12.0733 2408  RtVOsdService - ok
01:08:12.0764 2408  [ 33E3B5497741E11609F5C19A4BABECE5 ] s116bus         C:\Windows\system32\DRIVERS\s116bus.sys
01:08:12.0764 2408  s116bus - ok
01:08:12.0779 2408  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
01:08:12.0779 2408  SamSs - ok
01:08:12.0920 2408  [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA          C:\Program Files\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys
01:08:12.0920 2408  SANDRA - ok
01:08:12.0998 2408  [ 7C8A8167C82999867BFF84844E02BB05 ] SandraAgentSrv  C:\Program Files\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe
01:08:12.0998 2408  SandraAgentSrv - ok
01:08:13.0013 2408  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:08:13.0013 2408  sbp2port - ok
01:08:13.0076 2408  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
01:08:13.0076 2408  SBSDWSCService - ok
01:08:13.0107 2408  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:08:13.0123 2408  SCardSvr - ok
01:08:13.0138 2408  [ 07237C66E05DA6778E9F3CB67FA00736 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
01:08:13.0138 2408  SCDEmu - ok
01:08:13.0185 2408  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:08:13.0185 2408  scfilter - ok
01:08:13.0247 2408  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:08:13.0263 2408  Schedule - ok
01:08:13.0310 2408  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:08:13.0310 2408  SCPolicySvc - ok
01:08:13.0372 2408  [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
01:08:13.0388 2408  ScrybeUpdater - ok
01:08:13.0419 2408  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
01:08:13.0419 2408  sdbus - ok
01:08:13.0466 2408  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:08:13.0466 2408  SDRSVC - ok
01:08:13.0497 2408  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:08:13.0497 2408  secdrv - ok
01:08:13.0528 2408  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:08:13.0528 2408  seclogon - ok
01:08:13.0559 2408  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
01:08:13.0559 2408  SENS - ok
01:08:13.0591 2408  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:08:13.0591 2408  SensrSvc - ok
01:08:13.0606 2408  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
01:08:13.0606 2408  Serenum - ok
01:08:13.0622 2408  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:08:13.0622 2408  Serial - ok
01:08:13.0653 2408  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:08:13.0653 2408  sermouse - ok
01:08:13.0715 2408  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:08:13.0715 2408  SessionEnv - ok
01:08:13.0747 2408  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:08:13.0747 2408  sffdisk - ok
01:08:13.0762 2408  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:08:13.0762 2408  sffp_mmc - ok
01:08:13.0778 2408  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:08:13.0778 2408  sffp_sd - ok
01:08:13.0809 2408  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
01:08:13.0809 2408  sfloppy - ok
01:08:13.0856 2408  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:08:13.0871 2408  SharedAccess - ok
01:08:13.0918 2408  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:08:13.0934 2408  ShellHWDetection - ok
01:08:13.0965 2408  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:08:13.0965 2408  SiSRaid2 - ok
01:08:13.0996 2408  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:08:14.0012 2408  SiSRaid4 - ok
01:08:14.0090 2408  [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
01:08:14.0090 2408  SkypeUpdate - ok
01:08:14.0121 2408  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:08:14.0121 2408  Smb - ok
01:08:14.0199 2408  [ 27BA49F89468FDDAE6C2B311C53BCE3A ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
01:08:14.0199 2408  snapman - ok
01:08:14.0230 2408  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:08:14.0230 2408  SNMPTRAP - ok
01:08:14.0246 2408  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:08:14.0246 2408  spldr - ok
01:08:14.0293 2408  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
01:08:14.0293 2408  Spooler - ok
01:08:14.0402 2408  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:08:14.0417 2408  sppsvc - ok
01:08:14.0464 2408  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:08:14.0464 2408  sppuinotify - ok
01:08:14.0495 2408  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:08:14.0495 2408  srv - ok
01:08:14.0558 2408  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:08:14.0558 2408  srv2 - ok
01:08:14.0605 2408  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
01:08:14.0605 2408  SrvHsfHDA - ok
01:08:14.0651 2408  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
01:08:14.0667 2408  SrvHsfV92 - ok
01:08:14.0807 2408  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
01:08:14.0807 2408  SrvHsfWinac - ok
01:08:14.0839 2408  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:08:14.0839 2408  srvnet - ok
01:08:14.0885 2408  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:08:14.0885 2408  SSDPSRV - ok
01:08:14.0932 2408  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:08:14.0948 2408  SstpSvc - ok
01:08:14.0979 2408  [ BB94A5E2CEE5FD83BA5A72A37AECADDF ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
01:08:14.0979 2408  ssudmdm - ok
01:08:15.0041 2408  [ 3B92524D6A8BA23EFB3158A6AD0ADF79 ] ssudobex        C:\Windows\system32\DRIVERS\ssudobex.sys
01:08:15.0041 2408  ssudobex - ok
01:08:15.0057 2408  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:08:15.0057 2408  stexstor - ok
01:08:15.0104 2408  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:08:15.0119 2408  stisvc - ok
01:08:15.0151 2408  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:08:15.0151 2408  swenum - ok
01:08:15.0229 2408  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:08:15.0229 2408  SwitchBoard - ok
01:08:15.0260 2408  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
01:08:15.0275 2408  swprv - ok
01:08:15.0307 2408  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
01:08:15.0307 2408  SynTP - ok
01:08:15.0369 2408  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
01:08:15.0416 2408  SysMain - ok
01:08:15.0478 2408  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:08:15.0478 2408  TabletInputService - ok
01:08:15.0525 2408  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:08:15.0525 2408  TapiSrv - ok
01:08:15.0556 2408  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
01:08:15.0556 2408  TBS - ok
01:08:15.0634 2408  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:08:15.0650 2408  Tcpip - ok
01:08:15.0712 2408  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:08:15.0712 2408  TCPIP6 - ok
01:08:15.0775 2408  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:08:15.0775 2408  tcpipreg - ok
01:08:15.0821 2408  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:08:15.0821 2408  TDPIPE - ok
01:08:15.0884 2408  [ BF7AC81DF6FBE09438D9DC7188178EA9 ] tdrpman258      C:\Windows\system32\DRIVERS\tdrpm258.sys
01:08:15.0884 2408  tdrpman258 - ok
01:08:15.0946 2408  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:08:15.0946 2408  TDTCP - ok
01:08:15.0977 2408  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:08:15.0977 2408  tdx - ok
01:08:16.0009 2408  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:08:16.0009 2408  TermDD - ok
01:08:16.0040 2408  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
01:08:16.0055 2408  TermService - ok
01:08:16.0087 2408  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:08:16.0087 2408  Themes - ok
01:08:16.0118 2408  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
01:08:16.0118 2408  THREADORDER - ok
01:08:16.0211 2408  [ 2C1CAF5563548A15515EAB07D2A069C6 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
01:08:16.0211 2408  timounter - ok
01:08:16.0243 2408  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:08:16.0243 2408  TrkWks - ok
01:08:16.0321 2408  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:08:16.0336 2408  TrustedInstaller - ok
01:08:16.0383 2408  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:08:16.0383 2408  tssecsrv - ok
01:08:16.0414 2408  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:08:16.0414 2408  TsUsbFlt - ok
01:08:16.0461 2408  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:08:16.0461 2408  tunnel - ok
01:08:16.0492 2408  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:08:16.0492 2408  uagp35 - ok
01:08:16.0539 2408  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:08:16.0539 2408  udfs - ok
01:08:16.0586 2408  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:08:16.0586 2408  UI0Detect - ok
01:08:16.0617 2408  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:08:16.0617 2408  uliagpkx - ok
01:08:16.0648 2408  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
01:08:16.0648 2408  umbus - ok
01:08:16.0679 2408  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:08:16.0695 2408  UmPass - ok
01:08:16.0804 2408  [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
01:08:16.0820 2408  UNS - ok
01:08:16.0851 2408  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:08:16.0867 2408  upnphost - ok
01:08:16.0898 2408  [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:08:16.0898 2408  usbccgp - ok
01:08:16.0929 2408  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:08:16.0929 2408  usbcir - ok
01:08:16.0976 2408  [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
01:08:16.0976 2408  usbehci - ok
01:08:17.0007 2408  [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:08:17.0007 2408  usbhub - ok
01:08:17.0054 2408  [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:08:17.0054 2408  usbohci - ok
01:08:17.0085 2408  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:08:17.0085 2408  usbprint - ok
01:08:17.0147 2408  [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
01:08:17.0147 2408  usbscan - ok
01:08:17.0179 2408  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:08:17.0179 2408  USBSTOR - ok
01:08:17.0225 2408  [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
01:08:17.0225 2408  usbuhci - ok
01:08:17.0288 2408  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
01:08:17.0288 2408  usbvideo - ok
01:08:17.0319 2408  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
01:08:17.0335 2408  UxSms - ok
01:08:17.0366 2408  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
01:08:17.0366 2408  VaultSvc - ok
01:08:17.0428 2408  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:08:17.0428 2408  vdrvroot - ok
01:08:17.0475 2408  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
01:08:17.0475 2408  vds - ok
01:08:17.0522 2408  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:08:17.0522 2408  vga - ok
01:08:17.0537 2408  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:08:17.0537 2408  VgaSave - ok
01:08:17.0553 2408  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:08:17.0569 2408  vhdmp - ok
01:08:17.0615 2408  [ C2C95D62C90CA809240112B41C1765F2 ] vhidmini        C:\Windows\system32\DRIVERS\walvhid.sys
01:08:17.0615 2408  vhidmini - ok
01:08:17.0631 2408  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:08:17.0631 2408  viaide - ok
01:08:17.0693 2408  [ 2C9965F11443A82538C79FCAC5969183 ] VMCService      C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
01:08:17.0693 2408  VMCService - ok
01:08:17.0709 2408  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:08:17.0709 2408  volmgr - ok
01:08:17.0756 2408  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:08:17.0756 2408  volmgrx - ok
01:08:17.0771 2408  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:08:17.0787 2408  volsnap - ok
01:08:17.0818 2408  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
01:08:17.0818 2408  vsmraid - ok
01:08:17.0881 2408  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
01:08:17.0896 2408  VSS - ok
01:08:17.0912 2408  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:08:17.0912 2408  vwifibus - ok
01:08:17.0912 2408  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:08:17.0912 2408  vwififlt - ok
01:08:17.0974 2408  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
01:08:17.0990 2408  W32Time - ok
01:08:18.0021 2408  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:08:18.0021 2408  WacomPen - ok
01:08:18.0052 2408  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:08:18.0052 2408  WANARP - ok
01:08:18.0099 2408  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:08:18.0099 2408  Wanarpv6 - ok
01:08:18.0146 2408  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
01:08:18.0161 2408  WatAdminSvc - ok
01:08:18.0224 2408  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:08:18.0224 2408  wbengine - ok
01:08:18.0286 2408  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:08:18.0302 2408  WbioSrvc - ok
01:08:18.0333 2408  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:08:18.0349 2408  wcncsvc - ok
01:08:18.0364 2408  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:08:18.0364 2408  WcsPlugInService - ok
01:08:18.0395 2408  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:08:18.0395 2408  Wd - ok
01:08:18.0458 2408  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:08:18.0458 2408  Wdf01000 - ok
01:08:18.0473 2408  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:08:18.0473 2408  WdiServiceHost - ok
01:08:18.0489 2408  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:08:18.0489 2408  WdiSystemHost - ok
01:08:18.0536 2408  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
01:08:18.0536 2408  WebClient - ok
01:08:18.0567 2408  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:08:18.0567 2408  Wecsvc - ok
01:08:18.0583 2408  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:08:18.0583 2408  wercplsupport - ok
01:08:18.0614 2408  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:08:18.0614 2408  WerSvc - ok
01:08:18.0645 2408  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:08:18.0645 2408  WfpLwf - ok
01:08:18.0676 2408  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:08:18.0676 2408  WIMMount - ok
01:08:18.0692 2408  WinDefend - ok
01:08:18.0739 2408  WinHttpAutoProxySvc - ok
01:08:18.0801 2408  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:08:18.0801 2408  Winmgmt - ok
01:08:18.0879 2408  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
01:08:18.0926 2408  WinRM - ok
01:08:18.0988 2408  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:08:18.0988 2408  WinUsb - ok
01:08:19.0066 2408  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:08:19.0097 2408  Wlansvc - ok
01:08:19.0207 2408  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:08:19.0207 2408  wlidsvc - ok
01:08:19.0253 2408  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:08:19.0253 2408  WmiAcpi - ok
01:08:19.0300 2408  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:08:19.0300 2408  wmiApSrv - ok
01:08:19.0331 2408  WMPNetworkSvc - ok
01:08:19.0394 2408  [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm      C:\Program Files\Zune\WMZuneComm.exe
01:08:19.0394 2408  WMZuneComm - ok
01:08:19.0425 2408  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:08:19.0425 2408  WPCSvc - ok
01:08:19.0472 2408  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:08:19.0472 2408  WPDBusEnum - ok
01:08:19.0503 2408  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:08:19.0503 2408  ws2ifsl - ok
01:08:19.0519 2408  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
01:08:19.0519 2408  wscsvc - ok
01:08:19.0534 2408  WSearch - ok
01:08:19.0565 2408  WTService - ok
01:08:19.0643 2408  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:08:19.0706 2408  wuauserv - ok
01:08:19.0753 2408  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:08:19.0753 2408  WudfPf - ok
01:08:19.0768 2408  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:08:19.0784 2408  WUDFRd - ok
01:08:19.0815 2408  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:08:19.0831 2408  wudfsvc - ok
01:08:19.0862 2408  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:08:19.0862 2408  WwanSvc - ok
01:08:19.0909 2408  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
01:08:19.0909 2408  yukonw7 - ok
01:08:20.0205 2408  [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc  C:\Program Files\Zune\ZuneNss.exe
01:08:20.0236 2408  ZuneNetworkSvc - ok
01:08:20.0314 2408  [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc  C:\Program Files\Zune\ZuneWlanCfgSvc.exe
01:08:20.0314 2408  ZuneWlanCfgSvc - ok
01:08:20.0345 2408  ================ Scan global ===============================
01:08:20.0423 2408  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:08:20.0455 2408  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
01:08:20.0470 2408  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
01:08:20.0501 2408  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:08:20.0501 2408  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:08:20.0517 2408  [Global] - ok
01:08:20.0517 2408  ================ Scan MBR ==================================
01:08:20.0533 2408  [ 1F0D861CA015F6CB0AD18F2337A4BE71 ] \Device\Harddisk0\DR0
01:08:20.0876 2408  \Device\Harddisk0\DR0 - ok
01:08:20.0907 2408  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
01:08:27.0272 2408  \Device\Harddisk1\DR1 - ok
01:08:27.0272 2408  ================ Scan VBR ==================================
01:08:27.0334 2408  [ 583550FFDB2BCE497E71000678121B13 ] \Device\Harddisk0\DR0\Partition1
01:08:27.0334 2408  \Device\Harddisk0\DR0\Partition1 - ok
01:08:27.0350 2408  [ 417655DE8D20EE6D971A5C6CE75428D9 ] \Device\Harddisk0\DR0\Partition2
01:08:27.0350 2408  \Device\Harddisk0\DR0\Partition2 - ok
01:08:27.0381 2408  [ CE5B56C10A1ED240B405A49BA0F84134 ] \Device\Harddisk0\DR0\Partition3
01:08:27.0381 2408  \Device\Harddisk0\DR0\Partition3 - ok
01:08:27.0428 2408  [ 0D799C7C0221DB039327F4F5A2034DEE ] \Device\Harddisk0\DR0\Partition4
01:08:27.0443 2408  \Device\Harddisk0\DR0\Partition4 - ok
01:08:27.0443 2408  [ DA730842C32BCF9EAE190543087E3571 ] \Device\Harddisk1\DR1\Partition1
01:08:27.0443 2408  \Device\Harddisk1\DR1\Partition1 - ok
01:08:27.0443 2408  ============================================================
01:08:27.0443 2408  Scan finished
01:08:27.0443 2408  ============================================================
01:08:27.0459 3936  Detected object count: 0
01:08:27.0459 3936  Actual detected object count: 0
Link to post
Share on other sites

My suspicion about the DNS Leak proved to be true when I checked it with dnsleaktest.com this morning.

I have completely reconfigured my TP Link TD-W8901G modem/router and the MBAM alerts and blockages have stopped.

However, I am still wondering if the cause of all this was a malware infection, so I would be very grateful if you could check the posted logs for me for irregularities.

Thanks!

Link to post
Share on other sites

I'm very sorry to advise that in spite of the modem reconfiguration the threat still exists.

I just got the same alert like before:

IP-BLOCK 5.45.75.11 (Type: outgoing, Port: 63809, Process: svchost.exe)

IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 63809, Process: svchost.exe)

:angry:  :(  :unsure:

Link to post
Share on other sites

  • Root Admin

Instead of just running random scans it would have been better to read some of the pinned topics and waited for help. 

 

Let's start over and see if we can get this fixed up for you.  I know you've posted logs but you've also played with the system so let me get all new logs please and follow the directions below.

 

If you've not already done so please start here and post back the 2 log files DDS.txt and Attach.txt
If you've already posted the DDS logs then please read the following information below and post back the requested logs when ready.

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

I'm glad you're willing to help. Thank you.

OK, here goes:

 

DDS LOG

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by aldrich at 19:09:51 on 2014-02-10
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1033.18.7990.5736 [GMT 7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\explorer.exe
C:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{46798D80-566F-493D-8A36-97D62BF20DC8} : DHCPNameServer = 5.45.75.36 5.45.75.11
TCP: Interfaces\{46798D80-566F-493D-8A36-97D62BF20DC8}\44F6E60244965676F6 : DHCPNameServer = 62.113.218.182 8.8.8.8
TCP: Interfaces\{A642EB03-A823-46B5-B41B-3CE542B79BF2} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
SSODL: WebCheck - <orphaned>
STS: {E31004D1-A431-41B8-826F-E902F9D95C81} - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\
FF - prefs.js: network.proxy.type - 2
FF - component: C:\Program Files (x86)\ Firefox\components\browserdirprovider.dll
FF - component: C:\Program Files (x86)\ Firefox\components\brwsrcmp.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\VLC\npvlc.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\aldrich\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\aldrich\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2013-12-27 17088]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2011-10-4 1477728]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-7-17 70984]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-28 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-28 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-8-2 32880]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-28 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-10-4 251488]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-9-12 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-9-12 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-9-12 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-9-12 34304]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-12-14 19152]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-12-14 12504]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-8 225280]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe [2013-12-27 72344]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2013-10-28 204568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-3 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-23 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S4 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-4 2480048]
S4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-7-17 393032]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-7-17 384840]
S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-8 13336]
S4 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-17 315392]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-27 1153368]
S4 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-12 1300264]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-8 2320920]
S4 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-11-17 9216]
S4 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 60 ================
.
2014-02-10 10:41:09 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFDBD96D-49A3-4AE9-ACFB-781D922D4C5E}\mpengine.dll
2014-02-10 09:19:12 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-10 09:19:12 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-10 09:17:56 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-02-10 09:15:24 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-02-09 15:02:36 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-09 11:51:44 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-09 11:46:53 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-08 18:13:14 -------- d-----w- C:\AdwCleaner
2014-02-03 11:56:21 -------- d-----w- C:\Users\aldrich\AppData\Roaming\rmi
2014-01-23 08:47:39 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFFE2579-F5A7-4F29-9EC0-58C476467580}\gapaengine.dll
2014-01-20 15:35:49 -------- d-----w- C:\Program Files (x86)\BankTrans
2014-01-15 13:09:27 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 13:09:26 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 13:09:26 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 13:09:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 13:09:26 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 13:09:26 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 13:09:26 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 13:03:42 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-12-29 12:40:17 -------- d-----w- C:\Users\aldrich\AppData\Roaming\calibre
2013-12-29 12:36:34 -------- d-----w- C:\Program Files (x86)\eBookConverter
2013-12-29 09:55:14 -------- d-----w- C:\Users\aldrich\AppData\Local\Amazon
2013-12-28 05:18:48 -------- d-----w- C:\ProgramData\Oracle
2013-12-28 05:18:12 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-28 04:49:00 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-28 04:48:24 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Baidu Security
2013-12-28 03:53:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-27 10:11:07 -------- d--h--w- C:\Windows\msdownld.tmp
2013-12-27 10:10:56 -------- d-----w- C:\Windows\SysWow64\directx
2013-12-27 10:10:39 -------- d-s---w- C:\Program Files\SiSoftware Sandra Lite 2014.RTM
2013-12-27 09:42:57 -------- d-----w- C:\ProgramData\GlarySoft
2013-12-27 09:42:55 17088 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
2013-12-27 09:42:55 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
2013-12-27 09:42:45 -------- d-----w- C:\Program Files (x86)\Glary Utilities 4
2013-12-26 07:37:05 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Tracker Software
2013-12-26 07:36:31 -------- d-----w- C:\Program Files\PDF-XChange
2013-12-26 07:33:11 -------- d-----w- C:\ProgramData\Package Cache
2013-12-26 06:21:45 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Softland
2013-12-26 06:21:44 25920 ----a-w- C:\Windows\System32\dopdfmn7.dll
2013-12-26 06:21:44 21312 ----a-w- C:\Windows\System32\dopdfmi7.dll
2013-12-26 06:21:44 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-12-26 06:21:42 -------- d-----w- C:\Program Files\DoPDF 7
2013-12-18 15:54:50 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA4.DLL
2013-12-18 15:54:50 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA4.DLL
2013-12-18 15:54:29 385024 ----a-w- C:\Windows\System32\CNMLMA4.DLL
2013-12-17 15:49:12 -------- d-----w- C:\Users\aldrich\AppData\Local\Opera Software
2013-12-17 15:49:11 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Opera Software
2013-12-16 14:04:14 -------- d-----r- C:\Program Files (x86)\Skype
2013-12-14 09:44:10 3050808 ----a-w- C:\Windows\System32\pwNative.exe
2013-12-14 09:44:10 19152 ------w- C:\Windows\System32\pwdrvio.sys
2013-12-14 09:44:09 12504 ------w- C:\Windows\System32\pwdspio.sys
2013-12-14 09:43:40 -------- d-----w- C:\Program Files (x86)\MiniTool Partition Wizard
.
==================== Find6M  ====================
.
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-06 09:30:53 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-12-06 09:29:47 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-12-06 09:29:47 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-12-06 09:29:47 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-12-03 09:33:42 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-12-03 09:33:42 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 05:13:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-10-30 05:07:00 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2013-10-30 05:07:00 330240 ----a-w- C:\Windows\MASetupCaller.dll
2013-10-30 05:07:00 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2013-10-27 18:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudobex.sys
2013-10-27 18:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-10-27 18:12:12 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2013-10-27 18:12:10 107288 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 19:11:01.46 ===============
 
ATTACH
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 22-9-2010 13:03:51
System Uptime: 10-2-2014 17:15:10 (2 hours ago)
.
Motherboard: Hewlett-Packard |  | 1439
Processor: Intel® Core i5 CPU       M 460  @ 2.53GHz | CPU | 2534/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 449 GiB total, 338.754 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2.269 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP483: 23-1-2014 15:45:56 - Windows Update
RP484: 26-1-2014 18:05:46 - Windows Update
RP485: 29-1-2014 21:36:32 - Windows Update
RP486: 2-2-2014 11:11:34 - Windows Update
RP487: 5-2-2014 20:42:50 - Windows Update
RP488: 7-2-2014 22:40:39 - HP 3500c Scanner 64bit vista driver
RP489: 8-2-2014 18:34:29 - Restore Operation
RP490: 8-2-2014 21:57:39 - Windows Update
RP491: 10-2-2014 16:24:28 - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.47 beta
Aangifte inkomstenbelasting 2009
Aangifte inkomstenbelasting 2010
Aangifte inkomstenbelasting 2012
Aangifte inkomstenbelasting 2013
Acronis True Image Home
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe InDesign CS5.5
Adobe Photoshop CS5
Agatha Christie - Death on the Nile
Amazon Kindle
Any Video Converter 3.5.8
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 3.0
ASUS Android USB Drivers
ASUS Sync
Audacity 2.0.5
BankTrans versie 2.10
Bejeweled 2 Deluxe
Blackhawk Striker 2
BlueStacks App Player
BlueStacks Notification Center
Broadcom 802.11 Wireless LAN Adapter
Bullzip PDF Printer 7.2.0.1338
Camtasia Studio 4
Canon iP2700 series Printer Driver
CCleaner
Chuzzle Deluxe
Cool Edit Pro 2.0
CyberLink DVD Suite
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
doPDF 7.3 printer
Dora's Carnival Adventure
Energy Star Digital Logo
eReg
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Feedback Tool
Final Drive Nitro
Foxit PDF Editor
Foxit PDF Preview Handler
Foxit Phantom
Foxit Reader
Glary Utilities 4.3
GOM Player
Google Chrome
Google Drive
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
High-Definition Video Playback 10
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Software Framework
HP Wireless Assistant
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java 7 Update 45
Java Auto Updater
Jewel Quest - Heritage
Junk Mail filter update
Kindle Converter
LabelPrint
LAME v3.99.3 (for Windows)
LG United Mobile Driver
LightScribe System Software
Logitech SetPoint 6.52
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
MiniTool Partition Wizard Home Edition 8.1.1
MiniTool Power Data Recovery
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MyBKS 2.0
Neat Image v6.0 Pro+
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Opera Stable 18.0.1284.68
PDF-XChange Editor
PDF Settings CS5
Penguins!
Perfect Uninstaller v6.3.3.8
Photo Common
Photo Gallery
PhotoNow!
Picasa 3
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PowerISO
QuickTime
QuickTime Alternative 3.2.2
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Register-x64
Registry Clean Expert
RtVOsd
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
SiSoftware Sandra Lite 2014.RTM
Skype™ 6.11
Spybot - Search & Destroy
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Tablet Driver With Macrokey Manager
Trader Workstation 4.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VBA (2627.01)
Verzoek of wijziging voorlopige aanslag 2014
Virtual Villagers - The Secret City
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 2.0.7
Vodafone Mobile Connect Lite
VoipDiscount
VSO Image Resizer 2.2.0.1c
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
Windows Movie Maker 2.6
Windows Phone app for desktop
WinPatrol
WinRAR
x64 Components v2.2.4
Yahoo! Messenger
Zuma Deluxe
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
8-2-2014 21:49:48, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
8-2-2014 19:00:47, Error: Application Popup [1060]  - \??\C:\Program Files\Perfect Uninstaller\FKFAP.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8-2-2014 18:57:38, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3520.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
8-2-2014 18:47:25, Error: Microsoft-Windows-SharedAccess_NAT [30013]  - The DHCP allocator has disabled itself on IP address 192.168.1.7, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
8-2-2014 18:41:53, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x80070002   Error description: The system cannot find the file specified.   Signature version: 0.0.0.0;0.0.0.0   Engine version: 0.0.0.0
8-2-2014 18:31:28, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8-2-2014 18:31:28, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8-2-2014 18:31:28, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8-2-2014 18:30:58, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8-2-2014 18:30:58, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
6-2-2014 23:25:41, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3360.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6-2-2014 23:25:41, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3360.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
10-2-2014 18:20:58, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
10-2-2014 18:06:50, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
10-2-2014 16:36:38, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3678.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
10-2-2014 16:36:38, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3678.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
10-2-2014 16:36:38, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3678.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
10-2-2014 16:24:42, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3678.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
10-2-2014 16:24:42, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3678.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
10-2-2014 16:24:42, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.3678.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
10-2-2014 10:16:35, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
.
==== End Of File ===========================
 
ROGUEKILLER
RogueKiller V8.8.6 _x64_ [Feb  7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : aldrich [Admin rights]
Mode : Scan -- Date : 02/10/2014 19:39:40
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
127.0.0.1 localhost
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Schijfstation +++++
--- User ---
[MBR] b04f7fcfca751ada733635f8ee5c8d76
[bSP] f11230797304b70fa2a565c3ad8eb680 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460262 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943026176 | Size: 16374 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02102014_193940.txt >>
 
Link to post
Share on other sites

  • Root Admin

Thank you.  Okay let's start off with a couple of removals and then we'll run some other scans. 
 
First please uninstall ALL versions of Java.  Go into your Control Panel, Add/Remove and uninstall Java.
Then run the following.
 
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

Note:  These type of programs can do more harm to your computer than good.  Registry Clean Expert
I would recommend you uninstall that program and not use any type of registry cleaners.
Do I need a Windows Registry Cleaner?
 
 
 
 
Once you've run the Java removal from Control Panel and using JavaRA and have restarted the computer then run the following steps.

 

 

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.


  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

Link to post
Share on other sites

I've finished running the scan you instructed me to do and obtained the following results:

 

JAVARA

 

JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Feb 11 05:53:40 2014

 
Found and removed: C:\Program Files (x86)\Java\jre6Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\.jnlpFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Classes\JNLPFileFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\MozillaPlugins------------------------------------Finished reporting.
 
========================================================================================
 
MBAR
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.10.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
aldrich :: UW-HP [administrator]
 
Protection: Enabled
 
11-2-2014 7:34:36
mbam-log-2014-02-11 (07-34-36).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra 
 
| Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219572
Time elapsed: 7 minute(s), 29 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
==========================================================================================================
 
MBAR SYSTEM-LOG.txt
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.533000 GHz
Memory total: 8377974784, free: 5853609984
 
Downloaded database version: v2014.02.09.02
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     02/09/2014 18:51:42
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm258.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\drivers\BootDefragDriver.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\walvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\moufiltr.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800a0b5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8008063050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800a0b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009f16e30, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa8009f12880, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8009f12b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a0b5950, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa800a0b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008063050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 754EA8AB
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 942616576
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 943026176  Numsec = 33533952
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.533000 GHz
Memory total: 8377974784, free: 6186954752
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.533000 GHz
Memory total: 8377974784, free: 6042103808
 
Downloaded database version: v2014.02.09.03
Downloaded database version: v2014.02.09.04
Downloaded database version: v2014.02.09.05
Downloaded database version: v2014.02.09.06
Downloaded database version: v2014.02.09.07
Downloaded database version: v2014.02.10.01
Downloaded database version: v2014.02.10.02
Downloaded database version: v2014.02.10.03
Downloaded database version: v2014.02.10.04
Downloaded database version: v2014.02.10.05
Downloaded database version: v2014.02.10.06
Downloaded database version: v2014.02.10.07
Downloaded database version: v2014.02.10.08
Initializing...
======================
------------ Kernel report ------------
     02/11/2014 06:09:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm258.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\drivers\BootDefragDriver.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\walvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\moufiltr.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800836d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8008079050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800836d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80081d1940, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa80081d0980, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa80081d0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800836de30, DeviceName: Unknown, DriverName: \Driver\tdrpman258\
DevicePointer: 0xfffffa800836d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008079050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 754EA8AB
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 942616576
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 943026176  Numsec = 33533952
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
========================================================================================================
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by aldrich on di 11-02-2014 at  7:00:33.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstallerstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstallerstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8F7331A2-B6FB-4761-86AC-C430DC53D665}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8F7331A2-B6FB-4761-86AC-C430DC53D665}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\aldrich\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\aldrich\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\aldrich\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\aldrich\appdata\local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
 
 
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on di 11-02-2014 at  7:07:06.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
======================================================================================================
 
ADW CLEANER
 
# AdwCleaner v3.018 - Report created 11/02/2014 at 07:22:25
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : aldrich - UW-HP
# Running from : C:\Users\aldrich\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\Smartbar
Folder Deleted : C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\CT2504091
Folder Deleted : C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
File Deleted : C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v12.0 (en-US)
 
[ File : C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\prefs.js ]
 
Line Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.FirstTime", "true");
Line Deleted : user_pref("CT2504091.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2504091.UserID", "UN10601929464692839");
Line Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2504091.autoDisableScopes", -1);
Line Deleted : user_pref("CT2504091.cbcountry_001", "TH");
Line Deleted : user_pref("CT2504091.cbfirsttime", "Wed Jul 04 2012 09:59:24 GMT+0700 (SE Asia Standard Time)");
Line Deleted : user_pref("CT2504091.defaultSearch", "false");
Line Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2504091.enableAlerts", "false");
Line Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2504091.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2504091.fixUrls", true);
Line Deleted : user_pref("CT2504091.installId", "ConduitNSISIntegration");
Line Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");
Line Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.isNewTabEnabled", true);
Line Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.udonmap.com%2Fudonthaniforum%2Fposting.php%3Fmode%3Dreply%26f%3D36%26t%3D25364%26sid%3Da6da1df061fc388bcd6d9d6f7[...]
Line Deleted : user_pref("CT2504091.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.openThankYouPage", "false");
Line Deleted : user_pref("CT2504091.openUninstallPage", "false");
Line Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
Line Deleted : user_pref("CT2504091.search.searchCount", "0");
Line Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1341370761555");
Line Deleted : user_pref("CT2504091.serviceLayer_services_appTracking_lastUpdate", "1341370762947");
Line Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1341888700800");
Line Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1341370761974");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.12.5_lastUpdate", "1341888701469");
Line Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1341370761602");
Line Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1341370761955");
Line Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1341888701048");
Line Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1341888700758");
Line Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1341370762155");
Line Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1341888701052");
Line Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1341888701093");
Line Deleted : user_pref("CT2504091.settingsINI", true);
Line Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
Line Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
Line Deleted : user_pref("CT2504091.startPage", "false");
Line Deleted : user_pref("CT2504091.toolbarBornServerTime", "4-7-2012");
Line Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "10-7-2012");
 
-\\ Google Chrome v
 
[ File : C:\Users\aldrich\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10580 octets] - [09/02/2014 01:13:16]
AdwCleaner[R1].txt - [7809 octets] - [11/02/2014 07:18:08]
AdwCleaner[s0].txt - [7854 octets] - [11/02/2014 07:22:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7914 octets] ##########
 
==================================================================================================
 
MBAM 
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.10.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
aldrich :: UW-HP [administrator]
 
Protection: Enabled
 
11-2-2014 7:34:36
mbam-log-2014-02-11 (07-34-36).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219572
Time elapsed: 7 minute(s), 29 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
======================================================================================================
 
ESET
 
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff6e4fe766bb8b4e971f1c913c0500e1
# engine=17021
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-11 02:44:21
# local_time=2014-02-11 09:44:21 (+0700, SE Asia Standard Time)
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17749284 143716511 0 0
# scanned=298112
# found=2
# cleaned=0
# scan_time=4772
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\aldrich\AppData\Roaming\rmi\ccleaner-4.07.4369.exe"
sh=5927002122E8205CBE1E491CDB59223BA9ACED0A ft=1 fh=9150854d0b27c805 vn="Win32/WinloadSDA.C potentially unwanted application" ac=I fn="C:\Users\aldrich\Desktop\SAMSUNG GALAXY Y\SuperOneClick\nw_28548_superoneclicksetupex.exe"
 
============================================================================================================
 
 
Link to post
Share on other sites

As the previous post was too long, I'm posting the Farbar logs here: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by aldrich (administrator) on UW-HP on 11-02-2014 09:56:58
Running from C:\Users\aldrich\Desktop\FARBAR
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: 
 
Download link for 64-Bit Version: 
 
Download link from any site other than Bleeping Computer is unpermitted or 
 
outdated.
 
tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) 
 
=================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared
 
\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
\mbamgui.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update
 
\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update
 
\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) 
 
==================
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth
 
\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\Policies\system: 
 
[DisableLockWorkstation] 0
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\Policies\system: 
 
[DisableChangePassword] 0
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: G - G:
 
\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: 
 
{066dd63e-c679-11df-aaea-f81e84cd26b7} - F:\setup_vmc_lite.exe 
 
/checkApplicationPresence
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: 
 
{066dd64f-c679-11df-aaea-f81e84cd26b7} - G:\setup_vmc_lite.exe 
 
/checkApplicationPresence
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: 
 
{134e6b86-9c1a-11e0-896d-c446197c0af0} - F:\AutoRun.exe
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: 
 
{134e6b94-9c1a-11e0-896d-c446197c0af0} - F:\AutoRun.exe
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: 
 
{66e5ab0f-ad2b-11e1-8dc2-90fba6a58c5b} - F:\NetTV-Stick.exe
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: 
 
{6a1de9ce-d070-11df-9fc7-c446197c0af0} - F:\setup_vmc_lite.exe 
 
/checkApplicationPresence
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: 
 
{7363d01b-d0a3-11df-b50d-c446197c0af0} - F:\setup_vmc_lite.exe 
 
/checkApplicationPresence
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: 
 
{d4b9ed63-a50c-11e0-84bf-001e101fb4df} - F:\AutoRun.exe
HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: 
 
{d4b9ed7b-a50c-11e0-84bf-001e101fb4df} - F:\AutoRun.exe
 
==================== Internet (Whitelisted) 
 
====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {8F7331A2-B6FB-4761-86AC-C430DC53D665} URL = 
 
SearchScopes: HKLM - {C414E19D-65E3-47CE-B769-989A9616743A} URL = 
 
http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}
 
&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {C414E19D-65E3-47CE-B769-989A9616743A} URL = 
 
http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}
 
&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - MSKBnumber URL = http://support.microsoft.com/?kbid=
 
{SearchTerms}
SearchScopes: HKCU - MSKBString URL = 
 
SearchScopes: HKCU - {B631BD26-8685-4C33-B3D0-4E337B7D7633} URL = 
 
 
8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKCU - {C414E19D-65E3-47CE-B769-989A9616743A} URL = 
 
http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}
 
&fr=chr-hp-psg&type=HPNTDF
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-
 
5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:
 
\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No 
 
File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:
 
\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles
 
\lu1pyrvi.default
 
8&ilc=12&type=407453&p=
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash
 
\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft 
 
Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\aldrich
 
\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\aldrich
 
\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins
 
\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins
 
\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins
 
\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins
 
\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins
 
\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins
 
\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins
 
\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins
 
\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\aldrich\AppData\Roaming\mozilla
 
\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Windows Media Player Extension for Firefox - C:\Users\aldrich
 
\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\Extensions\jid0-
 
nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2012-08-22]
FF Extension: Hola Unblocker - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-02-05]
FF Extension: Print pages to PDF - C:\Users\aldrich\AppData\Roaming\Mozilla
 
\Firefox\Profiles\lu1pyrvi.default\Extensions\printPages2Pdf@reinhold.ripper [2014
 
-01-18]
FF Extension: Stylish-Custom - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\Stylish-Custom@choggi.dyndns.org [2011-06-
 
03]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\aldrich\AppData\Roaming
 
\Mozilla\Firefox\Profiles\lu1pyrvi.default\Extensions
 
\adblockpopups@jessehakanen.net.xpi [2011-06-03]
FF Extension: App Button Clear - C:\Users\aldrich\AppData\Roaming\Mozilla
 
\Firefox\Profiles\lu1pyrvi.default\Extensions\appbuttonclear@mozilla.org.xpi [2011
 
-06-03]
FF Extension: App Button Color - C:\Users\aldrich\AppData\Roaming\Mozilla
 
\Firefox\Profiles\lu1pyrvi.default\Extensions\appbuttoncolor@mozilla.org.xpi [2011
 
-06-03]
FF Extension: ChromEdit Plus - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\chromeditplus@webdesigns.ms11.net.xpi 
 
[2011-06-01]
FF Extension: anonymoX - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\client@anonymox.net.xpi [2014-02-05]
FF Extension: Media Hint - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\mediahint@jetpack.xpi [2013-04-16]
FF Extension: NASA Night Launch - C:\Users\aldrich\AppData\Roaming\Mozilla
 
\Firefox\Profiles\lu1pyrvi.default\Extensions\nasanightlaunch@example.com.xpi 
 
[2011-06-01]
FF Extension: Noia 4 Theme Manager - C:\Users\aldrich\AppData\Roaming\Mozilla
 
\Firefox\Profiles\lu1pyrvi.default\Extensions\Noia4Options@ArisT2.xpi [2011-06-10]
FF Extension: Print Edit - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\printedit@DW-dev.xpi [2013-04-16]
FF Extension: ShareMeNot - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\sharemenot@franziroesner.com.xpi [2014-01-
 
27]
FF Extension: Silvermel - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\silvermel@pardal.de.xpi [2011-06-01]
FF Extension: Silvermel and Charamel XT - C:\Users\aldrich\AppData\Roaming
 
\Mozilla\Firefox\Profiles\lu1pyrvi.default\Extensions\silvermelxt@pardal.de.xpi 
 
[2011-06-01]
FF Extension: Test Pilot - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-08-01]
FF Extension: Stylish - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles
 
\lu1pyrvi.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi 
 
[2011-06-03]
FF Extension: Media Converter - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi 
 
[2013-04-16]
FF Extension: NoScript - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles
 
\lu1pyrvi.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-
 
06-03]
FF Extension: ImTranslator - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-
 
5035170634FE}.xpi [2011-06-03]
FF Extension: FireFTP button - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\{9BAE5926-8513-417d-8E47-
 
774955A7C60D}.xpi [2011-05-25]
FF Extension: FireFTP - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles
 
\lu1pyrvi.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-
 
05-25]
FF Extension: Easy YouTube Video Downloader - C:\Users\aldrich\AppData
 
\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\Extensions\{c0c9a2c7-2e5c-
 
4447-bc53-97718bc91e1b}.xpi [2013-03-03]
FF Extension: Adblock Plus - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi 
 
[2014-01-30]
FF Extension: QuickJava - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox
 
\Profiles\lu1pyrvi.default\Extensions\{E6C1199F-E687-42da-8C24-
 
E7770CC3AE66}.xpi [2013-01-13]
FF Extension: Noia 4 - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles
 
\lu1pyrvi.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi [2011-
 
06-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions
 
\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-09-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions
 
\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-
 
350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP
 
\LogiSmoothFirefoxExt [2013-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-
 
365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader
 
\BrowserPlugins\Firefox\Ext
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\ Firefox\firefox.exe
 
Chrome: 
=======
CHR DefaultSearchURL: http://www.google.com/search?{google:RLZ}
 
{google:acceptedSuggestion}{google:originalQueryForSuggestion}
 
sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Drive) - C:\Users\aldrich\AppData\Local\Google\Chrome
 
\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16]
CHR Extension: (Logitech SetPoint) - C:\Users\aldrich\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd 
 
[2013-07-01]
CHR Extension: (Google Wallet) - C:\Users\aldrich\AppData\Local\Google\Chrome
 
\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users
 
\aldrich\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx 
 
[2013-03-16]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:
 
\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-01]
CHR StartMenuInternet: Google Chrome - C:\Users\aldrich\AppData\Local\Google
 
\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 
 
2013-07-17] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-
 
LogRotatorService.exe [384840 2013-07-17] (BlueStack Systems, Inc.)
S4 lxda_device; C:\Windows\SysWOW64\lxdacoms.exe [566192 2007-04-26] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 
 
2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-
 
23] (Microsoft Corporation)
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] 
 
()
S3 SandraAgentSrv; C:\Program Files\SiSoftware Sandra Lite 2014.RTM
 
\RpcAgentSrv.exe [72344 2008-11-25] (SiSoftware)
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy
 
\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service
 
\ScrybeUpdater.exe [1300264 2011-05-12] (Synaptics, Inc.)
S4 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin
 
\VMCService.exe [9216 2009-11-17] (Vodafone)
S4 WTService; C:\Windows\system32\atwtusb.exe [916992 2011-04-27] ()
 
==================== Drivers (Whitelisted) 
 
====================
 
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] 
 
(LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] 
 
(LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] 
 
(LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012
 
-03-02] (LG Electronics Inc.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 
 
2013-12-23] (Glarysoft Ltd)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 
 
2013-07-17] (BlueStack Systems)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] 
 
(Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] 
 
(Windows ® Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] 
 
(Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] 
 
(Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-
 
23] (Realtek Semiconductor Corp.)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [108296 2007-04-03] 
 
(MCCI Corporation)
S3 SANDRA; C:\Program Files\SiSoftware Sandra Lite 2014.RTM
 
\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [204568 2013-10-28] 
 
(DEVGURU Co., LTD.(www.devguru.co.kr))
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2011-10
 
-04] (Acronis)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] 
 
(Windows ® Win 7 DDK provider)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster
 
\3.7.0.0\PCFApiUtil64.sys [X]
 
========================== Drivers MD5 
 
=======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adfs.sys 2F0683FD2DF1D92E891CACA14B45A8C1
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\afcdp.sys 
 
3F5FDC12FFA4794FC3A178A26D48E7CF
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\System32\DRIVERS\agrsm64.sys 
 
98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys 
 
D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 
 
540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\lgandbus64.sys 
 
48CD7E6520D47D62EAB0E6CE3EC30C65
C:\Windows\System32\DRIVERS\lganddiag64.sys 
 
08CBACC00D15DCDBBAAE1A7C8F231C61
C:\Windows\System32\DRIVERS\lgandgps64.sys 
 
CEA9A4CD6B3A83428CE8501240833668
C:\Windows\System32\DRIVERS\lgandmodem64.sys 
 
E2B5663E547FA5E756B253EFA8EC8286
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 
 
0E7A9264576B40638A3FBC804DE1FF76
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\BootDefragDriver.sys 
 
85E239DE26774AFD66A6305BC7C39662
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys 
 
E9030B35175CAA68F96F4F73DB9E4902
C:\Windows\System32\DRIVERS\BthEnum.sys 
 
CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 
 
02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 
 
738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys 
 
F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 45379507ECC5E406237BFF32C7390675
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 
 
955FFE2B1D74A9E0E3E0E558E6A17F3B
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 
 
6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 
 
8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 
 
975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 
 
B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 
 
1384872112E8E7FD5786ECEB8BDDF4C9
C:\Windows\system32\drivers\iaStorV.sys 
 
AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 
 
1BE8D9CA4F2363B8E8015621878E0043
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys 
 
DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 
 
E76FDFFF07F8A2FA81FF250DDA0F6BBA
C:\Windows\System32\DRIVERS\IntcDAud.sys 
 
58CF58DEE26C909BD6F977B61D246295
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 
 
868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LHidFilt.Sys 
 
1470EF17E02E82E4F43346DF9E9F11E1
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 
 
12814AE119E959437BEA3110F81BD188
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\moufiltr.sys 
 
21B7ACEA1BB49C3371DD5427BF309D6A
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 
 
C6B88D62F20AC646C6BD5C032EC2FAF9
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 
 
A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys 
 
D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 
 
9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 
 
64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 
 
ACE8C64C57E4A711473C8BC10ADF692B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 
 
E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\pwdrvio.sys C32ECB99AD25E9A04F01C8665DF29EF8
C:\Windows\system32\pwdspio.sys D619356B955EEFA642F5FF72755E8B3C
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 
 
E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 
 
3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 
 
483DF0B58CA532E5240E59DC41F30AA2
C:\Windows\SysWOW64\Drivers\RtsUStor.sys 
 
483DF0B58CA532E5240E59DC41F30AA2
C:\Windows\System32\DRIVERS\Rt64win7.sys 
 
EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\System32\DRIVERS\s116bus.sys 
 
33E3B5497741E11609F5C19A4BABECE5
C:\Program Files\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys 
 
5EFBBFCC6ADAC121C8E2FE76641ED329
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys 
 
07237C66E05DA6778E9F3CB67FA00736
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys 
 
27BA49F89468FDDAE6C2B311C53BCE3A
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 
 
0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 
 
02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 
 
18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 
 
27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 
 
BB94A5E2CEE5FD83BA5A72A37AECADDF
C:\Windows\System32\DRIVERS\ssudobex.sys 
 
3B92524D6A8BA23EFB3158A6AD0ADF79
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 
 
AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdrpm258.sys 
 
BF7AC81DF6FBE09438D9DC7188178EA9
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\timntr.sys 
 
2C1CAF5563548A15515EAB07D2A069C6
C:\Windows\System32\DRIVERS\tssecsrv.sys 
 
4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 
 
DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 
 
8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 
 
765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 
 
9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS 
 
FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 
 
DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 
 
1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\walvhid.sys 
 
C2C95D62C90CA809240112B41C1765F2
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 
 
E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys 
 
FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\yk62x64.sys 
 
B3EEACF62445E24FBB2CD4B0FB4DB026
 
==================== NetSvcs (Whitelisted) 
 
===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-11 09:54 - 2014-02-11 09:56 - 00000000 ____D () C:\FRST
2014-02-11 07:39 - 2014-02-11 07:39 - 02347384 _____ (ESET) C:\Users\aldrich
 
\Downloads\esetsmartinstaller_enu (1).exe
2014-02-11 07:36 - 2014-02-11 07:36 - 00000000 ____D () C:\Program Files 
 
(x86)\ESET
2014-02-11 07:07 - 2014-02-11 07:07 - 00004486 _____ () C:\Users\aldrich
 
\Desktop\JRT.txt
2014-02-11 07:00 - 2014-02-11 07:00 - 00000000 ____D () C:\Windows\ERUNT
2014-02-11 06:17 - 2014-02-11 09:56 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\FARBAR
2014-02-11 06:11 - 2014-02-11 06:14 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\JUNK REMOVAL
2014-02-11 05:53 - 2014-02-11 05:53 - 00001564 _____ () C:\JavaRa.log
2014-02-11 05:43 - 2014-02-11 05:52 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\REMOVE JAVA
2014-02-10 19:39 - 2014-02-10 19:39 - 00002672 _____ () C:\Users\aldrich
 
\Desktop\RKreport[0]_S_02102014_193940.txt
2014-02-10 19:32 - 2014-02-10 19:32 - 00000000 ____D () C:\Program Files 
 
(x86)\ERUNT
2014-02-10 19:24 - 2014-02-10 19:25 - 00791393 _____ (Lars Hederer ) C:\Users
 
\aldrich\Downloads\erunt-setup.exe
2014-02-10 19:05 - 2014-02-11 09:52 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\LOGS_NEW
2014-02-10 17:15 - 2014-02-11 07:24 - 00000280 _____ () C:\Windows
 
\setupact.log
2014-02-10 17:15 - 2014-02-10 17:15 - 00000000 _____ () C:\Windows
 
\setuperr.log
2014-02-10 17:14 - 2014-02-10 17:14 - 00003288 ____N () C:\bootsqm.dat
2014-02-10 16:22 - 2014-02-10 16:22 - 00013365 _____ () C:\Users\aldrich
 
\Desktop\CCleaner64.exe.lnk
2014-02-10 16:19 - 2013-04-17 14:02 - 01230336 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\WindowsCodecs.dll
2014-02-10 16:19 - 2013-04-17 13:24 - 01424384 _____ (Microsoft Corporation) C:
 
\Windows\system32\WindowsCodecs.dll
2014-02-10 16:17 - 2013-08-28 08:12 - 00461312 _____ (Microsoft Corporation) C:
 
\Windows\system32\scavengeui.dll
2014-02-10 16:15 - 2013-01-24 13:01 - 00223752 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\fvevol.sys
2014-02-09 18:51 - 2014-02-11 06:50 - 00000000 ____D () C:\ProgramData
 
\Malwarebytes' Anti-Malware (portable)
2014-02-09 18:46 - 2014-02-11 06:07 - 00091352 _____ (Malwarebytes 
 
Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-09 18:43 - 2014-02-09 18:46 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\MBAM Rootkit
2014-02-09 17:47 - 2014-02-09 17:47 - 02347384 _____ (ESET) C:\Users\aldrich
 
\Downloads\esetsmartinstaller_enu.exe
2014-02-09 01:31 - 2014-02-11 06:47 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\LOGS_OLD
2014-02-09 01:13 - 2014-02-11 07:22 - 00000000 ____D () C:\AdwCleaner
2014-02-09 00:49 - 2014-02-09 01:07 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\RK_Quarantine
2014-02-08 21:51 - 2014-02-08 21:52 - 00688992 ____R (Swearware) C:\Users
 
\aldrich\Desktop\dds.com
2014-02-08 21:25 - 2014-02-08 21:27 - 04403200 _____ () C:\Users\aldrich
 
\Desktop\RogueKillerX64.exe
2014-02-08 20:59 - 2014-02-08 21:00 - 02406064 _____ (Trend Micro Inc.) C:
 
\Users\aldrich\Desktop\HousecallLauncher64.exe
2014-02-08 20:40 - 2014-02-08 20:41 - 03809792 _____ () C:\Users\aldrich
 
\Desktop\RogueKiller.exe
2014-02-08 20:39 - 2014-02-08 20:40 - 02237968 _____ (Kaspersky Lab ZAO) C:
 
\Users\aldrich\Desktop\tdsskiller.exe
2014-02-08 20:38 - 2014-02-08 20:39 - 01166132 _____ () C:\Users\aldrich
 
\Desktop\adwcleaner.exe
2014-02-08 20:33 - 2014-02-10 19:33 - 00000000 ____D () C:\Windows\ERDNT
2014-02-07 16:30 - 2014-02-07 16:30 - 00073669 _____ () C:\Users\aldrich
 
\Desktop\Emailing img003.zip
2014-02-05 13:30 - 2014-02-05 13:31 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\Einde Rentevast
2014-02-04 19:40 - 2014-02-04 19:40 - 00025813 _____ () C:\Users\aldrich
 
\Documents\Delta Lloyd bevestiging opheffen rekening.htm
2014-02-04 19:40 - 2014-02-04 19:40 - 00000000 ____D () C:\Users\aldrich
 
\Documents\Delta Lloyd bevestiging opheffen rekening_bestanden
2014-02-03 18:56 - 2014-02-03 18:58 - 00000000 ____D () C:\Users\aldrich
 
\AppData\Roaming\rmi
2014-02-02 23:24 - 2014-02-05 13:23 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\SOFINUMMER YING
2014-02-01 17:29 - 2014-02-05 11:04 - 00626688 _____ () C:\Users\aldrich
 
\Documents\thaise vertalers translators.accdb
2014-02-01 12:40 - 2014-02-01 12:42 - 00307200 _____ () C:\Users\aldrich
 
\Documents\corrupt dbase.accdb
2014-01-31 14:44 - 2014-01-31 14:44 - 00027501 _____ () C:\Users\aldrich
 
\Documents\ASR bevestiging niet accoord omzetting.htm
2014-01-31 14:44 - 2014-01-31 14:44 - 00000000 ____D () C:\Users\aldrich
 
\Documents\ASR bevestiging niet accoord omzetting_bestanden
2014-01-30 23:04 - 2014-01-30 23:04 - 00001367 _____ () C:\Users\Public
 
\Desktop\IB 2013.lnk
2014-01-24 17:51 - 2014-01-24 17:51 - 00000000 ____D () C:\Users\aldrich
 
\Documents\New folder (2)
2014-01-24 17:50 - 2014-01-24 17:51 - 00000000 ____D () C:\Users\aldrich
 
\Documents\POST
2014-01-23 13:19 - 2014-01-23 13:19 - 00050537 _____ () C:\Users\aldrich
 
\Documents\Lynx_Activity 2_12013-31_12_2013.xlsx
2014-01-23 13:13 - 2014-01-23 13:13 - 00175836 _____ () C:\Users\aldrich
 
\Desktop\Lynx_20130102_20131231.xls
2014-01-23 12:53 - 2014-01-23 12:53 - 00014496 _____ () C:\Users\aldrich
 
\Documents\LYNX  hoe_jaaropgave.htm
2014-01-23 12:53 - 2014-01-23 12:53 - 00000000 ____D () C:\Users\aldrich
 
\Documents\LYNX  hoe_jaaropgave_files
2014-01-20 22:35 - 2014-01-20 22:35 - 00000979 _____ () C:\Users\Public
 
\Desktop\BankTrans.lnk
2014-01-20 22:35 - 2014-01-20 22:35 - 00000000 ____D () C:\Users\aldrich
 
\Documents\BankTrans
2014-01-20 22:35 - 2014-01-20 22:35 - 00000000 ____D () C:\Program Files 
 
(x86)\BankTrans
2014-01-18 16:03 - 2014-01-18 16:03 - 00000000 ____D () C:\Users\aldrich
 
\Documents\New folder
2014-01-17 16:17 - 2014-01-17 16:38 - 00000093 _____ () C:\Windows\wininit.ini
2014-01-17 13:50 - 2014-01-17 13:50 - 00002172 _____ () C:\Users\Public
 
\Desktop\Google Earth.lnk
2014-01-15 20:09 - 2013-11-27 08:41 - 00343040 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\usbhub.sys
2014-01-15 20:09 - 2013-11-27 08:41 - 00325120 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\usbport.sys
2014-01-15 20:09 - 2013-11-27 08:41 - 00099840 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\usbccgp.sys
2014-01-15 20:09 - 2013-11-27 08:41 - 00053248 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\usbehci.sys
2014-01-15 20:09 - 2013-11-27 08:41 - 00030720 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\usbuhci.sys
2014-01-15 20:09 - 2013-11-27 08:41 - 00025600 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\usbohci.sys
2014-01-15 20:09 - 2013-11-27 08:41 - 00007808 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\usbd.sys
2014-01-15 20:03 - 2013-11-26 17:32 - 03156480 _____ (Microsoft Corporation) C:
 
\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
2014-02-11 09:56 - 2014-02-11 09:54 - 00000000 ____D () C:\FRST
2014-02-11 09:56 - 2014-02-11 06:17 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\FARBAR
2014-02-11 09:52 - 2014-02-10 19:05 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\LOGS_NEW
2014-02-11 09:47 - 2013-02-23 18:14 - 00001070 _____ () C:\Windows\Tasks
 
\GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-1000UA.job
2014-02-11 09:06 - 2013-03-16 08:40 - 00001056 _____ () C:\Windows\Tasks
 
\GoogleUpdateTaskMachineUA.job
2014-02-11 08:47 - 2010-09-24 18:01 - 00001018 _____ () C:\Windows\Tasks
 
\GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-
 
1000Core.job
2014-02-11 07:39 - 2014-02-11 07:39 - 02347384 _____ (ESET) C:\Users\aldrich
 
\Downloads\esetsmartinstaller_enu (1).exe
2014-02-11 07:37 - 2012-04-19 14:59 - 01863190 _____ () C:\Windows
 
\WindowsUpdate.log
2014-02-11 07:36 - 2014-02-11 07:36 - 00000000 ____D () C:\Program Files 
 
(x86)\ESET
2014-02-11 07:31 - 2009-07-14 11:45 - 00023248 ____H () C:\Windows
 
\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-
 
8115-601632D005A0
2014-02-11 07:31 - 2009-07-14 11:45 - 00023248 ____H () C:\Windows
 
\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-
 
8115-601632D005A0
2014-02-11 07:24 - 2014-02-10 17:15 - 00000280 _____ () C:\Windows
 
\setupact.log
2014-02-11 07:24 - 2013-12-27 16:42 - 00000334 _____ () C:\Windows\Tasks
 
\GlaryInitialize 4.job
2014-02-11 07:24 - 2013-03-16 08:40 - 00001052 _____ () C:\Windows\Tasks
 
\GoogleUpdateTaskMachineCore.job
2014-02-11 07:24 - 2013-03-13 20:33 - 00000430 _____ () C:\Windows
 
\system32\Drivers\etc\hosts.ics
2014-02-11 07:24 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks
 
\SA.DAT
2014-02-11 07:22 - 2014-02-09 01:13 - 00000000 ____D () C:\AdwCleaner
2014-02-11 07:07 - 2014-02-11 07:07 - 00004486 _____ () C:\Users\aldrich
 
\Desktop\JRT.txt
2014-02-11 07:00 - 2014-02-11 07:00 - 00000000 ____D () C:\Windows\ERUNT
2014-02-11 06:50 - 2014-02-09 18:51 - 00000000 ____D () C:\ProgramData
 
\Malwarebytes' Anti-Malware (portable)
2014-02-11 06:47 - 2014-02-09 01:31 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\LOGS_OLD
2014-02-11 06:14 - 2014-02-11 06:11 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\JUNK REMOVAL
2014-02-11 06:07 - 2014-02-09 18:46 - 00091352 _____ (Malwarebytes 
 
Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-11 05:53 - 2014-02-11 05:53 - 00001564 _____ () C:\JavaRa.log
2014-02-11 05:53 - 2010-09-27 05:13 - 00000000 ____D () C:\Program Files 
 
(x86)\Java
2014-02-11 05:52 - 2014-02-11 05:43 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\REMOVE JAVA
2014-02-10 19:39 - 2014-02-10 19:39 - 00002672 _____ () C:\Users\aldrich
 
\Desktop\RKreport[0]_S_02102014_193940.txt
2014-02-10 19:33 - 2014-02-08 20:33 - 00000000 ____D () C:\Windows\ERDNT
2014-02-10 19:32 - 2014-02-10 19:32 - 00000000 ____D () C:\Program Files 
 
(x86)\ERUNT
2014-02-10 19:25 - 2014-02-10 19:24 - 00791393 _____ (Lars Hederer ) C:\Users
 
\aldrich\Downloads\erunt-setup.exe
2014-02-10 18:26 - 2009-07-14 12:13 - 00783374 _____ () C:\Windows
 
\system32\PerfStringBackup.INI
2014-02-10 18:06 - 2013-11-23 16:27 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\SDCard MemoPad
2014-02-10 17:15 - 2014-02-10 17:15 - 00000000 _____ () C:\Windows
 
\setuperr.log
2014-02-10 17:14 - 2014-02-10 17:14 - 00003288 ____N () C:\bootsqm.dat
2014-02-10 16:36 - 2010-12-09 09:31 - 00769286 _____ () C:\Windows
 
\SysWOW64\PerfStringBackup.INI
2014-02-10 16:22 - 2014-02-10 16:22 - 00013365 _____ () C:\Users\aldrich
 
\Desktop\CCleaner64.exe.lnk
2014-02-10 16:11 - 2010-09-27 04:40 - 00000000 ____D () C:\ProgramData\Spybot 
 
- Search & Destroy
2014-02-10 16:10 - 2012-02-29 12:58 - 00000000 ____D () C:\Program Files
 
\CCleaner
2014-02-09 18:46 - 2014-02-09 18:43 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\MBAM Rootkit
2014-02-09 17:47 - 2014-02-09 17:47 - 02347384 _____ (ESET) C:\Users\aldrich
 
\Downloads\esetsmartinstaller_enu.exe
2014-02-09 02:37 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows
 
\system32\NDF
2014-02-09 01:07 - 2014-02-09 00:49 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\RK_Quarantine
2014-02-08 22:06 - 2012-01-13 23:24 - 00433796 _____ () C:\Users\aldrich
 
\AppData\Local\census.cache
2014-02-08 22:06 - 2012-01-13 23:23 - 00144573 _____ () C:\Users\aldrich
 
\AppData\Local\ars.cache
2014-02-08 21:52 - 2014-02-08 21:51 - 00688992 ____R (Swearware) C:\Users
 
\aldrich\Desktop\dds.com
2014-02-08 21:27 - 2014-02-08 21:25 - 04403200 _____ () C:\Users\aldrich
 
\Desktop\RogueKillerX64.exe
2014-02-08 21:16 - 2010-09-22 13:03 - 00000000 ____D () C:\Users\aldrich
2014-02-08 21:00 - 2014-02-08 20:59 - 02406064 _____ (Trend Micro Inc.) C:
 
\Users\aldrich\Desktop\HousecallLauncher64.exe
2014-02-08 20:41 - 2014-02-08 20:40 - 03809792 _____ () C:\Users\aldrich
 
\Desktop\RogueKiller.exe
2014-02-08 20:40 - 2014-02-08 20:39 - 02237968 _____ (Kaspersky Lab ZAO) C:
 
\Users\aldrich\Desktop\tdsskiller.exe
2014-02-08 20:39 - 2014-02-08 20:38 - 01166132 _____ () C:\Users\aldrich
 
\Desktop\adwcleaner.exe
2014-02-08 18:40 - 2010-09-24 18:35 - 00000000 ____D () C:\Users\aldrich
 
\AppData\Local\Mozilla
2014-02-08 18:40 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows
 
\registration
2014-02-07 16:30 - 2014-02-07 16:30 - 00073669 _____ () C:\Users\aldrich
 
\Desktop\Emailing img003.zip
2014-02-06 14:01 - 2013-03-16 08:40 - 00004052 _____ () C:\Windows
 
\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-06 14:01 - 2013-03-16 08:40 - 00003800 _____ () C:\Windows
 
\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-05 15:17 - 2010-11-29 15:26 - 00000000 ____D () C:\Users\aldrich
 
\AppData\Roaming\Belastingdienst
2014-02-05 13:31 - 2014-02-05 13:30 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\Einde Rentevast
2014-02-05 13:30 - 2010-11-29 15:26 - 00000000 ____D () C:\Users\aldrich
 
\Documents\Belastingdienst Aangifte IB
2014-02-05 13:23 - 2014-02-02 23:24 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\SOFINUMMER YING
2014-02-05 13:23 - 2013-12-15 08:00 - 00000000 ____D () C:\Users\aldrich
 
\Desktop\Prognose Aangifte 2013
2014-02-05 12:31 - 2012-08-28 20:46 - 00000000 ____D () C:\Users\aldrich
 
\Documents\handtekeningen
2014-02-05 12:31 - 2011-05-14 20:53 - 00000132 _____ () C:\Users\aldrich
 
\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-02-05 11:04 - 2014-02-01 17:29 - 00626688 _____ () C:\Users\aldrich
 
\Documents\thaise vertalers translators.accdb
2014-02-04 23:30 - 2013-03-16 08:43 - 00000000 ___RD () C:\Users\aldrich\Google 
 
Drive
2014-02-04 21:09 - 2011-06-06 06:00 - 00001456 _____ () C:\Users\aldrich
 
\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-02-04 19:40 - 2014-02-04 19:40 - 00025813 _____ () C:\Users\aldrich
 
\Documents\Delta Lloyd bevestiging opheffen rekening.htm
2014-02-04 19:40 - 2014-02-04 19:40 - 00000000 ____D () C:\Users\aldrich
 
\Documents\Delta Lloyd bevestiging opheffen rekening_bestanden
2014-02-03 18:58 - 2014-02-03 18:56 - 00000000 ____D () C:\Users\aldrich
 
\AppData\Roaming\rmi
2014-02-03 10:25 - 2012-08-05 15:24 - 00495616 _____ () C:\Users\aldrich
 
\Documents\thai translators.accdb
2014-02-03 10:16 - 2009-07-14 11:45 - 05289000 _____ () C:\Windows
 
\system32\FNTCACHE.DAT
2014-02-03 00:43 - 2012-03-10 11:32 - 00000000 ____D () C:\Users\aldrich
 
\Documents\House Land Marriage Thailand
2014-02-03 00:39 - 2010-09-22 13:05 - 00269952 _____ () C:\Users\aldrich
 
\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-03 00:34 - 2010-09-27 04:17 - 00000000 ____D () C:\ProgramData
 
\Microsoft Help
2014-02-01 12:42 - 2014-02-01 12:40 - 00307200 _____ () C:\Users\aldrich
 
\Documents\corrupt dbase.accdb
2014-01-31 19:24 - 2013-01-11 14:38 - 00000000 ____D () C:\Users\aldrich
 
\AppData\Roaming\Skype
2014-01-31 17:36 - 2012-08-01 21:53 - 00000000 ____D () C:\Users\aldrich
 
\Software
2014-01-31 14:44 - 2014-01-31 14:44 - 00027501 _____ () C:\Users\aldrich
 
\Documents\ASR bevestiging niet accoord omzetting.htm
2014-01-31 14:44 - 2014-01-31 14:44 - 00000000 ____D () C:\Users\aldrich
 
\Documents\ASR bevestiging niet accoord omzetting_bestanden
2014-01-30 23:04 - 2014-01-30 23:04 - 00001367 _____ () C:\Users\Public
 
\Desktop\IB 2013.lnk
2014-01-30 21:36 - 2013-12-10 17:08 - 00014673 _____ () C:\Users\aldrich
 
\Desktop\maandlasten thailand_2013.xlsx
2014-01-24 17:51 - 2014-01-24 17:51 - 00000000 ____D () C:\Users\aldrich
 
\Documents\New folder (2)
2014-01-24 17:51 - 2014-01-24 17:50 - 00000000 ____D () C:\Users\aldrich
 
\Documents\POST
2014-01-24 14:50 - 2010-09-27 04:17 - 00000000 ____D () C:\Windows\SHELLNEW
2014-01-23 13:19 - 2014-01-23 13:19 - 00050537 _____ () C:\Users\aldrich
 
\Documents\Lynx_Activity 2_12013-31_12_2013.xlsx
2014-01-23 13:13 - 2014-01-23 13:13 - 00175836 _____ () C:\Users\aldrich
 
\Desktop\Lynx_20130102_20131231.xls
2014-01-23 12:53 - 2014-01-23 12:53 - 00014496 _____ () C:\Users\aldrich
 
\Documents\LYNX  hoe_jaaropgave.htm
2014-01-23 12:53 - 2014-01-23 12:53 - 00000000 ____D () C:\Users\aldrich
 
\Documents\LYNX  hoe_jaaropgave_files
2014-01-23 12:36 - 2012-02-22 20:31 - 00000000 ____D () C:\Jts
2014-01-21 22:46 - 2012-12-13 16:29 - 00000000 ____D () C:\Users\aldrich
 
\AppData\Roaming\Azureus
2014-01-20 22:35 - 2014-01-20 22:35 - 00000979 _____ () C:\Users\Public
 
\Desktop\BankTrans.lnk
2014-01-20 22:35 - 2014-01-20 22:35 - 00000000 ____D () C:\Users\aldrich
 
\Documents\BankTrans
2014-01-20 22:35 - 2014-01-20 22:35 - 00000000 ____D () C:\Program Files 
 
(x86)\BankTrans
2014-01-19 14:33 - 2010-09-22 13:11 - 00270496 ____N (Microsoft Corporation) C:
 
\Windows\system32\MpSigStub.exe
2014-01-18 16:03 - 2014-01-18 16:03 - 00000000 ____D () C:\Users\aldrich
 
\Documents\New folder
2014-01-18 14:39 - 2011-03-27 23:35 - 00000000 ____D () C:\Program Files (x86)\ 
 
Firefox
2014-01-18 10:34 - 2011-10-02 06:22 - 00000000 ____D () C:\Users\aldrich
 
\Documents\Belastingdienst
2014-01-17 16:38 - 2014-01-17 16:17 - 00000093 _____ () C:\Windows\wininit.ini
2014-01-17 13:50 - 2014-01-17 13:50 - 00002172 _____ () C:\Users\Public
 
\Desktop\Google Earth.lnk
2014-01-17 13:49 - 2010-09-22 23:02 - 00000000 ____D () C:\Users\aldrich
 
\AppData\Local\Google
2014-01-17 12:36 - 2013-12-27 16:42 - 00000000 ____D () C:\Program Files 
 
(x86)\Glary Utilities 4
2014-01-16 17:53 - 2013-06-19 15:18 - 00012841 _____ () C:\Users\aldrich
 
\Desktop\Saldi Spaar en Deposito 19_6_13.xlsx
2014-01-16 16:38 - 2013-12-30 15:24 - 00010566 _____ () C:\Users\aldrich
 
\Desktop\Lijfrentes & Banksparen per dec 2013.xlsx
2014-01-15 20:59 - 2013-07-23 15:44 - 00000000 ____D () C:\Windows
 
\system32\MRT
2014-01-15 20:56 - 2010-09-23 18:06 - 86054176 _____ (Microsoft Corporation) C:
 
\Windows\system32\MRT.exe
2014-01-13 20:29 - 2009-07-14 12:08 - 00032644 _____ () C:\Windows\Tasks
 
\SCHEDLGU.TXT
 
Some content of TEMP:
====================
C:\Users\aldrich\AppData\Local\Temp\ntdll_dump.dll
C:\Users\aldrich\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check 
 
=================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD 
 
================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {705a19a8-bb20-11df-919e-a1cbc866c8c4}
 
Windows Boot Loader
-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0 
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
Windows Boot Loader
-------------------
identifier              {705a19a8-bb20-11df-919e-a1cbc866c8c4}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{705a19a9-
 
bb20-11df-919e-a1cbc866c8c4}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{705a19a9-
 
bb20-11df-919e-a1cbc866c8c4}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {705a19a8-bb20-11df-919e-a1cbc866c8c4}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {c279be75-9b51-11de-9b93-a29d207e6d0e}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {705a19a9-bb20-11df-919e-a1cbc866c8c4}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
 
 
LastRegBack: 2014-02-10 12:48
 
============================================ End Of Log =========================================
Link to post
Share on other sites

And this is the Farbar Addition:

 

FARBAR ADDITION
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by aldrich at 2014-02-11 09:57:49
Running from C:\Users\aldrich\Desktop\FARBAR
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
7-Zip 4.47 beta (x32 Version:  - )
Aangifte inkomstenbelasting 2009 (x32 Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2010 (x32 Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2012 (x32 Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2013 (x32 Version:  - Belastingdienst)
Acronis True Image Home (x32 Version: 13.0.6053 - Acronis)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (x32 Version: 10.2.159.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe InDesign CS5.5 (x32 Version: 7.5 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (x32 Version: 12.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKCU Version:  - Amazon)
Any Video Converter 3.5.8 (x32 Version:  - Any-Video-Converter.com)
Apple Application Support (x32 Version: 1.4.1 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.1.116 - Apple Inc.)
ArcSoft Panorama Maker 3.0 (x32 Version:  - )
ASUS Android USB Drivers (Version: 4.0.6442 - ASUSTeK Computer Inc.)
ASUS Sync (x32 Version: 1.0.96 - FutureDial Inc.)
Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team)
BankTrans versie 2.10 (x32 Version: 2.10 - BankTrans)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BlueStacks App Player (x32 Version: 0.7.16.910 - BlueStack Systems, Inc.)
BlueStacks Notification Center (x32 Version: 0.7.16.910 - BlueStack Systems, Inc.)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6 - Broadcom Corporation)
Bullzip PDF Printer 7.2.0.1338 (Version: 7.2.0.1338 - Bullzip)
Camtasia Studio 4 (x32 Version: 4.0.1 - TechSmith Corporation)
Canon iP2700 series Printer Driver (Version:  - )
CCleaner (Version: 4.10 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cool Edit Pro 2.0 (x32 Version:  - )
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.1.3130 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3130 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
doPDF 7.3 printer (Version: 7.3.393 - Softland)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (x32 Version:  - Lars Hederer)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (x32 Version:  - )
ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Feedback Tool (x32 Version: 1.1.0 - Microsoft Corporation)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Foxit PDF Editor (x32 Version:  - )
Foxit PDF Preview Handler (x32 Version: 1.0.0 - Tim Heuer)
Foxit Phantom (x32 Version: 2.2.4.0225 - Foxit Software Company)
Foxit Reader (x32 Version: 3.1.4.1125 - Foxit Software)
Glary Utilities 4.3 (x32 Version: 4.3.0.80 - Glarysoft Ltd)
GOM Player (x32 Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
HP Advisor (x32 Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.0.0.0 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (x32 Version: 1.0.1.3 - WildTangent)
HP Power Manager (x32 Version: 1.4.7 - Hewlett-Packard Company)
HP Product Detection (x32 Version: 11.15.0004 - HP)
HP Quick Launch (x32 Version: 2.6.3 - Hewlett-Packard Company)
HP Setup (x32 Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (x32 Version: 3.5.23.1 - Hewlett-Packard Company)
HP Wireless Assistant (Version: 4.0.9.0 - Hewlett-Packard)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 9.6.2.1001 - Intel Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kindle Converter (x32 Version: 1.2.1 - eBook Converter)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LAME v3.99.3 (for Windows) (x32 Version:  - )
LG United Mobile Driver (x32 Version: 3.7.2.0 - LG Electronics)
LightScribe System Software (x32 Version: 1.18.15.1 - LightScribe)
Logitech SetPoint 6.52 (Version: 6.52.74 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Dutch) 2007 (x32 Version: 12.0.4518.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Dutch) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MiniTool Partition Wizard Home Edition 8.1.1 (x32 Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery (x32 Version:  - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
MyBKS 2.0 (HKCU Version: MyBKS 2.0 3.1.2 - Memorylab)
Neat Image v6.0 Pro+ (x32 Version:  - Neat Image team, ABSoft)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Burning ROM 10 (x32 Version: 10.0.11100.10.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero BurnRights 10 (x32 Version: 4.0.11000.12.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (x32 Version: 5.0.10900.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (x32 Version: 6.0.10800.7.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (x32 Version: 10.0.11000.10.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (x32 Version: 7.0.10800.8.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (x32 Version: 1.0.13400.11.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 (x32 Version: 10.0.13100 - Nero AG)
Nero Recode 10 (x32 Version: 4.6.10900.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero RescueAgent 10 (x32 Version: 3.0.10900.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero SoundTrax 10 (x32 Version: 4.6.10600.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero StartSmart 10 (x32 Version: 10.0.11200.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Vision 10 (x32 Version: 7.0.11100.8.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero WaveEditor 10 (x32 Version: 5.6.10600.2.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Opera Stable 18.0.1284.68 (x32 Version: 18.0.1284.68 - Opera Software ASA)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF-XChange Editor (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (x32 Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PowerISO (x32 Version: 4.6 - PowerISO Computing, Inc.)
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
QuickTime Alternative 3.2.2 (x32 Version: 3.2.2 - )
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Register-x64 (Version: 1.0.0.0 - Pliek@2010) Hidden
RtVOsd (Version: 1.0.3 - Realtek Semiconductor Corp.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SiSoftware Sandra Lite 2014.RTM (Version: 20.10.2014.2 - SiSoftware)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (x32 Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab for Intel (x32 Version: 4.5.13.0 - Husdawg, LLC)
Tablet Driver With Macrokey Manager (Version: 4.13 - )
Trader Workstation 4.0 (x32 Version:  - )
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Verzoek of wijziging voorlopige aanslag 2014 (x32 Version:  - Belastingdienst)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.7 (x32 Version: 2.0.7 - VideoLAN)
Vodafone Mobile Connect Lite (x32 Version: 9.4.5.19931 - Vodafone)
VoipDiscount (x32 Version: 4.05 build 579 - Finarea S.A. Switzerland)
VSO Image Resizer 2.2.0.1c (x32 Version: 2.2.0.1c - VSO-Software)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0 - Microsoft Corporation)
Windows Phone app for desktop (x32 Version: 1.0.1720.1 - Microsoft Corporation)
WinPatrol (Version: 20.0.2011.2 - BillP Studios)
WinRAR (x32 Version:  - )
x64 Components v2.2.4 (Version: 2.2.4 - Shark007)
Yahoo! Messenger (x32 Version:  - Yahoo! Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zune (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
23-01-2014 08:45:56 Windows Update
26-01-2014 11:05:46 Windows Update
29-01-2014 14:36:32 Windows Update
02-02-2014 04:11:34 Windows Update
05-02-2014 13:42:50 Windows Update
07-02-2014 15:40:39 HP 3500c Scanner 64bit vista driver
08-02-2014 11:34:29 Restore Operation
08-02-2014 14:57:39 Windows Update
10-02-2014 09:24:28 Windows Update
10-02-2014 22:35:54 Removed Java 7 Update 45
 
==================== Hosts content: ==========================
 
2012-12-13 22:12 - 2012-12-13 22:44 - 00421206 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1  adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com 
127.0.0.1 ereg.wip.adobe.com 
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1  ereg.wip2.adobe.com 
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com 
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1  www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {04AFC289-2BFC-4F44-8925-8ECF7B00DAA5} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2013-12-24] (Glarysoft Ltd)
Task: {0EF7547B-71C1-4DF7-BFA3-EFE70F9C5E90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)
Task: {1E62D4F6-BE47-4FFB-A62C-086A3AEDF6F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {547C34EC-B6AC-455E-89B5-A56704BD4779} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1478587639-2446437974-398429350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {78FAF867-AAB8-4F24-8066-C3469044FF81} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1478587639-2446437974-398429350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7C7B577D-2776-41DE-8528-C89D16C00743} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {7CA735FF-2005-487B-BB27-0B093DC19DCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {82306E91-0490-4B7D-8742-832A0FF7BDD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {82D52742-54F3-4710-8195-26ADDAB49B26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {9178312A-1935-4881-9361-293177C6C0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-01-31] (Hewlett-Packard)
Task: {A7775512-5048-41F3-966A-8A6A6D26AD64} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1478587639-2446437974-398429350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {AA3B5437-CEEA-40B6-9C1A-5ACCA3A8B9F4} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [2013-02-22] (Futuredial Inc.)
Task: {AAF9B859-F153-471B-ACED-72890437E9F2} - System32\Tasks\Baidu PC Faster Update => $szInstallingDir\Updater.exe
Task: {B686D9BD-ACE8-4591-8B57-57629D2BF419} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1478587639-2446437974-398429350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {BCF09DFB-1999-4DA1-B283-0C3CF6C530E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-1000Core => C:\Users\aldrich\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24] (Google Inc.)
Task: {D09F13C2-E079-46E9-A221-FA30914609B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-1000UA => C:\Users\aldrich\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24] (Google Inc.)
Task: {FC49904A-25A8-494D-873F-96F517ECC389} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-1000Core.job => C:\Users\aldrich\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-1000UA.job => C:\Users\aldrich\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-09-27 04:16 - 2005-06-07 17:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-02-26 19:46 - 2009-02-26 19:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 17:46 - 2011-06-22 17:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HP Wireless Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: lxda_device => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: RtVOsdService => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VMCService => 2
MSCONFIG\Services: WTService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^aldrich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk => C:\Windows\pss\Logitech . Productregistratie.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Google Update => "C:\Users\aldrich\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: LogiScrollApp => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
MSCONFIG\startupreg: MacrokeyManager => WTMKM.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: RegClean Expert Scheduler => "C:\Program Files (x86)\Registry Clean Expert\RCHelper.exe" /startup
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: VoipBuster => "C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\WinPatrol\winpatrol.exe -expressboot
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/11/2014 09:49:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/11/2014 07:40:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/11/2014 07:36:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/11/2014 07:36:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (02/11/2014 07:37:30 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (02/11/2014 07:37:30 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (02/11/2014 07:07:48 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (02/11/2014 07:07:48 AM) (Source: ipnathlp) (User: )
Description: 0
 
 
Microsoft Office Sessions:
=========================
Error: (03/26/2013 01:29:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/25/2013 00:28:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9960 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error: (12/13/2012 04:30:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 22868 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (02/24/2012 06:59:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3380 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (09/26/2011 08:53:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8000 seconds with 1080 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-08 19:00:47.548
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-08 19:00:47.376
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-08 19:00:47.173
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-08 19:00:47.002
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-08 19:00:46.768
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-08 19:00:46.596
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-08 19:00:46.393
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-08 19:00:46.222
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-08 19:00:46.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-08 19:00:45.832
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 7989.86 MB
Available physical RAM: 5656.63 MB
Total Pagefile: 15977.9 MB
Available Pagefile: 13769.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:449.47 GB) (Free:336.51 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.99 GB) (Free:2.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 754EA8AB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.