jim0777 Posted February 8, 2014 ID:788426 Share Posted February 8, 2014 I suspect that my computer has maybe struck a DNS Leak, because my Malwarebytes Pro keeps blocking outgoing svchost.exe with IPs 5.45.75.11 and 5.45.75.36, which aren’t IPs familiar to me.The only way I can now access the internet is by putting these IPs on the Malwarebytes ignore list. In trying to solve the matter I first ran a quick scan with both Malwarebytes and MSE, and when that didn’t help I ran full scans, which didn’t solve the problem either.I then let Trend’s HouseCall scan my computer but they couldn’t find anything either, so now I’m at my wits’ end and turn to you for help.In addition to the Malwarebytes log file, I’ve also extracted the following logs, which I will put in subsequent posts:-DDS-Rogue Killer-TDSS KillerThese are fresh installs, never used before and I didn’t let these programs repair anything. I just let them produce reports.I hope you can help me.Jim Link to post Share on other sites More sharing options...
jim0777 Posted February 8, 2014 Author ID:788428 Share Posted February 8, 2014 This is my malwarebytes log:2014/02/08 16:51:35 +0700 UW-HP ulrich MESSAGE Starting database refresh2014/02/08 16:51:35 +0700 UW-HP ulrich MESSAGE Stopping IP protection2014/02/08 16:51:35 +0700 UW-HP ulrich MESSAGE IP Protection stopped successfully2014/02/08 16:51:35 +0700 UW-HP ulrich MESSAGE Scheduled update executed successfully: database updated from version v2014.02.07.03 to version v2014.02.08.042014/02/08 16:51:38 +0700 UW-HP ulrich MESSAGE Database refreshed successfully2014/02/08 16:51:38 +0700 UW-HP ulrich MESSAGE Starting IP protection2014/02/08 16:51:40 +0700 UW-HP ulrich MESSAGE IP Protection started successfully2014/02/08 16:51:46 +0700 UW-HP ulrich IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 63323, Process: svchost.exe)2014/02/08 16:51:46 +0700 UW-HP ulrich IP-BLOCK 5.45.75.11 (Type: outgoing, Port: 63323, Process: svchost.exe)2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 63323, Process: svchost.exe)2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 49572, Process: svchost.exe)2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 59591, Process: svchost.exe)2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 63323, Process: svchost.exe)2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.11 (Type: outgoing, Port: 63323, Process: svchost.exe)2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.11 (Type: outgoing, Port: 49572, Process: svchost.exe)2014/02/08 16:51:54 +0700 UW-HP ulrich IP-BLOCK 5.45.75.11 (Type: outgoing, Port: 59591, Process: svchost.exe) Link to post Share on other sites More sharing options...
jim0777 Posted February 8, 2014 Author ID:788430 Share Posted February 8, 2014 This is the DDS log:DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by aldrich at 0:06:46 on 2014-02-09#Option Extended Search is enabled.Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.7990.5317 [GMT 7:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\SysWOW64\ezSharedSvcHost.exeC:\Windows\system32\taskhost.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\Dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\System32\alg.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\SearchProtocolHost.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\ Firefox\firefox.exeC:\Windows\explorer.exeC:\Windows\splwow64.exeC:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXEC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllmRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScriptuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: EnableShellExecuteHooks = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: HideFastUserSwitching = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeIE: {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTOIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllTCP: NameServer = 5.45.75.36 5.45.75.11TCP: Interfaces\{46798D80-566F-493D-8A36-97D62BF20DC8} : DHCPNameServer = 5.45.75.36 5.45.75.11TCP: Interfaces\{46798D80-566F-493D-8A36-97D62BF20DC8}\44F6E60244965676F6 : DHCPNameServer = 62.113.218.182 8.8.8.8TCP: Interfaces\{A642EB03-A823-46B5-B41B-3CE542B79BF2} : DHCPNameServer = 5.45.75.36 5.45.75.11Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: igfxcui - <no file>SSODL: WebCheck - <orphaned>STS: {E31004D1-A431-41B8-826F-E902F9D95C81} - <orphaned>mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: WebCheck - <orphaned>Hosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\FF - prefs.js: network.proxy.type - 2FF - component: C:\Program Files (x86)\ Firefox\components\browserdirprovider.dllFF - component: C:\Program Files (x86)\ Firefox\components\brwsrcmp.dllFF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\VLC\npvlc.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\aldrich\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Users\aldrich\AppData\Roaming\Mozilla\plugins\np-mswmp.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll.============= SERVICES / DRIVERS ===============.R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2013-12-27 17088]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2011-10-4 1477728]R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-7-17 70984]R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-28 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-28 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-8-2 32880]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-28 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-10-4 251488]S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-9-12 19456]S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-9-12 27648]S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-9-12 27136]S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-9-12 34304]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-12-14 19152]S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-12-14 12504]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-8 225280]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe [2013-12-27 72344]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2013-10-28 204568]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-3 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-23 1255736]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]S4 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-4 2480048]S4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-7-17 393032]S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-7-17 384840]S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-8 13336]S4 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-17 315392]S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-27 1153368]S4 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-12 1300264]S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-8 2320920]S4 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-11-17 9216]S4 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?].=============== File Associations ===============.ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1".=============== Created Last 60 ================.2014-02-08 14:58:38 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4831FE3A-78EE-46F3-88F3-09633CB31937}\mpengine.dll2014-02-08 11:41:53 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-02-03 11:56:21 -------- d-----w- C:\Users\aldrich\AppData\Roaming\rmi2014-01-23 08:47:39 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFFE2579-F5A7-4F29-9EC0-58C476467580}\gapaengine.dll2014-01-20 15:35:49 -------- d-----w- C:\Program Files (x86)\BankTrans2014-01-15 13:09:27 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-15 13:09:26 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-15 13:09:26 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-15 13:09:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-15 13:09:26 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-15 13:09:26 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-15 13:09:26 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-15 13:03:42 3156480 ----a-w- C:\Windows\System32\win32k.sys2013-12-29 12:40:17 -------- d-----w- C:\Users\aldrich\AppData\Roaming\calibre2013-12-29 12:36:34 -------- d-----w- C:\Program Files (x86)\eBookConverter2013-12-29 09:55:14 -------- d-----w- C:\Users\aldrich\AppData\Local\Amazon2013-12-28 05:18:48 -------- d-----w- C:\ProgramData\Oracle2013-12-28 05:18:12 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-12-28 04:49:00 -------- d-----w- C:\ProgramData\Baidu Security2013-12-28 04:48:24 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Baidu Security2013-12-28 03:53:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-12-27 10:11:07 -------- d--h--w- C:\Windows\msdownld.tmp2013-12-27 10:10:56 -------- d-----w- C:\Windows\SysWow64\directx2013-12-27 10:10:39 -------- d-s---w- C:\Program Files\SiSoftware Sandra Lite 2014.RTM2013-12-27 09:42:57 -------- d-----w- C:\ProgramData\GlarySoft2013-12-27 09:42:55 17088 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys2013-12-27 09:42:55 117024 ----a-w- C:\Windows\System32\BootDefrag.exe2013-12-27 09:42:45 -------- d-----w- C:\Program Files (x86)\Glary Utilities 42013-12-26 07:37:05 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Tracker Software2013-12-26 07:36:31 -------- d-----w- C:\Program Files\PDF-XChange2013-12-26 07:33:11 -------- d-----w- C:\ProgramData\Package Cache2013-12-26 06:21:45 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Softland2013-12-26 06:21:44 25920 ----a-w- C:\Windows\System32\dopdfmn7.dll2013-12-26 06:21:44 21312 ----a-w- C:\Windows\System32\dopdfmi7.dll2013-12-26 06:21:44 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll2013-12-26 06:21:42 -------- d-----w- C:\Program Files\DoPDF 72013-12-18 15:54:50 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA4.DLL2013-12-18 15:54:50 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA4.DLL2013-12-18 15:54:29 385024 ----a-w- C:\Windows\System32\CNMLMA4.DLL2013-12-17 15:49:12 -------- d-----w- C:\Users\aldrich\AppData\Local\Opera Software2013-12-17 15:49:11 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Opera Software2013-12-16 14:04:14 -------- d-----r- C:\Program Files (x86)\Skype2013-12-14 09:44:10 3050808 ----a-w- C:\Windows\System32\pwNative.exe2013-12-14 09:44:10 19152 ------w- C:\Windows\System32\pwdrvio.sys2013-12-14 09:44:09 12504 ------w- C:\Windows\System32\pwdspio.sys2013-12-14 09:43:40 -------- d-----w- C:\Program Files (x86)\MiniTool Partition Wizard2013-12-11 15:02:05 -------- d-----w- C:\Users\aldrich\AppData\Local\Samsung2013-12-11 15:02:02 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Samsung2013-12-11 14:52:53 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll2013-12-11 14:52:43 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll2013-12-11 14:49:44 -------- d-----w- C:\Program Files (x86)\Samsung Kies2013-12-11 14:49:06 -------- d-----w- C:\Users\aldrich\New folder2013-12-11 09:28:01 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll2013-12-11 09:28:01 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-12-11 09:28:01 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-12-11 09:28:01 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll2013-12-11 09:28:00 7211520 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll2013-12-11 09:28:00 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe2013-12-11 09:28:00 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe2013-12-11 09:28:00 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-12-11 09:28:00 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll2013-12-11 09:28:00 270848 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll2013-12-11 09:28:00 251392 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll2013-12-11 09:10:15 -------- d-----w- C:\USB DRIVERS2013-12-11 08:53:52 -------- d-----w- C:\Program Files\SAMSUNG2013-12-11 08:51:22 -------- d-----w- C:\ProgramData\Samsung2013-12-11 01:12:05 81408 ----a-w- C:\Windows\System32\imagehlp.dll2013-12-11 01:12:03 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-12-11 01:11:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-12-11 01:11:54 2048 ----a-w- C:\Windows\System32\tzres.dll2013-12-11 01:11:44 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys2013-12-11 01:11:44 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys2013-12-11 01:11:41 202752 ----a-w- C:\Windows\System32\scrrun.dll2013-12-11 01:11:41 168960 ----a-w- C:\Windows\System32\wscript.exe2013-12-11 01:11:41 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll2013-12-11 01:11:41 156160 ----a-w- C:\Windows\System32\cscript.exe2013-12-11 01:11:41 150016 ----a-w- C:\Windows\System32\wshom.ocx2013-12-11 01:11:41 141824 ----a-w- C:\Windows\SysWow64\wscript.exe2013-12-11 01:11:41 126976 ----a-w- C:\Windows\SysWow64\cscript.exe2013-12-11 01:11:41 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx.==================== Find6M ====================.2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe2013-12-06 09:30:53 878080 ----a-w- C:\Windows\System32\advapi32.dll2013-12-06 09:29:47 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-12-06 09:29:47 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-12-06 09:29:47 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-12-03 09:33:42 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-12-03 09:33:42 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-10-30 05:07:00 90112 ----a-w- C:\Windows\MAMCityDownload.ocx2013-10-30 05:07:00 330240 ----a-w- C:\Windows\MASetupCaller.dll2013-10-30 05:07:00 30568 ----a-w- C:\Windows\MusiccityDownload.exe2013-10-27 18:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudobex.sys2013-10-27 18:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2013-10-27 18:12:12 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll2013-10-27 18:12:10 107288 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe.============= FINISH: 0:07:31.72 =============== Link to post Share on other sites More sharing options...
jim0777 Posted February 8, 2014 Author ID:788432 Share Posted February 8, 2014 This is the DDS Attach:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 22-9-2010 13:03:51System Uptime: 8-2-2014 18:54:35 (6 hours ago).Motherboard: Hewlett-Packard | | 1439Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU | 2381/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 449 GiB total, 339.077 GiB free.D: is FIXED (NTFS) - 16 GiB total, 2.269 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP480: 18-1-2014 13:04:21 - Mask Surf Pro downloadRP481: 18-1-2014 13:16:40 - Restore OperationRP482: 19-1-2014 16:36:44 - Windows UpdateRP483: 23-1-2014 15:45:56 - Windows UpdateRP484: 26-1-2014 18:05:46 - Windows UpdateRP485: 29-1-2014 21:36:32 - Windows UpdateRP486: 2-2-2014 11:11:34 - Windows UpdateRP487: 5-2-2014 20:42:50 - Windows UpdateRP488: 7-2-2014 22:40:39 - HP 3500c Scanner 64bit vista driverRP489: 8-2-2014 18:34:29 - Restore OperationRP490: 8-2-2014 21:57:39 - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)7-Zip 4.47 betaAangifte inkomstenbelasting 2009Aangifte inkomstenbelasting 2010Aangifte inkomstenbelasting 2012Aangifte inkomstenbelasting 2013Acronis True Image HomeAdobe AIRAdobe Community HelpAdobe Content ViewerAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe InDesign CS5.5Adobe Photoshop CS5Agatha Christie - Death on the NileAmazon KindleAny Video Converter 3.5.8Apple Application SupportApple Software UpdateArcSoft Panorama Maker 3.0ASUS Android USB DriversASUS SyncAudacity 2.0.5BankTrans versie 2.10Bejeweled 2 DeluxeBlackhawk Striker 2BlueStacks App PlayerBlueStacks Notification CenterBroadcom 802.11 Wireless LAN AdapterBullzip PDF Printer 7.2.0.1338Camtasia Studio 4Canon iP2700 series Printer DriverCCleanerChuzzle DeluxeCool Edit Pro 2.0CyberLink DVD SuiteCyberLink PowerDVD 9CyberLink YouCamD3DX10doPDF 7.3 printerDora's Carnival AdventureEnergy Star Digital LogoeRegERUNT 1.1jEscape Rosecliff IslandESU for Microsoft Windows 7FATEFeedback ToolFinal Drive NitroFoxit PDF EditorFoxit PDF Preview HandlerFoxit PhantomFoxit ReaderGlary Utilities 4.3GOM PlayerGoogle ChromeGoogle DriveGoogle EarthGoogle Update HelperHewlett-Packard ACLM.NET v1.2.1.1High-Definition Video Playback 10HP AdvisorHP Customer Experience EnhancementsHP DocumentationHP Game ConsoleHP GamesHP Power ManagerHP Product DetectionHP Quick LaunchHP SetupHP Software FrameworkHP Wireless AssistantIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyJava 7 Update 45Java Auto UpdaterJewel Quest - HeritageJunk Mail filter updateKindle ConverterLabelPrintLAME v3.99.3 (for Windows)LG United Mobile DriverLightScribe System SoftwareLogitech SetPoint 6.52Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (Dutch) 2007Microsoft Office Excel MUI (Dutch) 2007Microsoft Office File Validation Add-InMicrosoft Office InfoPath MUI (Dutch) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Outlook MUI (Dutch) 2007Microsoft Office PowerPoint MUI (Dutch) 2007Microsoft Office Professional Plus 2007Microsoft Office Proof (Dutch) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (German) 2007Microsoft Office Proofing (Dutch) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (Dutch) 2007Microsoft Office Shared 64-bit MUI (Dutch) 2007Microsoft Office Shared MUI (Dutch) 2007Microsoft Office Word MUI (Dutch) 2007Microsoft Primary Interoperability Assemblies 2005Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Microsoft_VC90_MFCLOC_x86MiniTool Partition Wizard Home Edition 8.1.1MiniTool Power Data RecoveryMovie MakerMozilla Firefox 12.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSVCRT110MSVCRT110_amd64MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2758694)MyBKS 2.0Neat Image v6.0 Pro+Nero 10 Menu TemplatePack BasicNero 10 Movie ThemePack BasicNero BackItUp 10 Help (CHM)Nero Burning ROM 10Nero BurningROM 10 Help (CHM)Nero BurnRights 10Nero BurnRights 10 Help (CHM)Nero Control Center 10Nero ControlCenter 10 Help (CHM)Nero Core Components 10Nero CoverDesigner 10Nero CoverDesigner 10 Help (CHM)Nero DiscSpeed 10Nero DiscSpeed 10 Help (CHM)Nero Dolby Files 10Nero Express 10Nero Express 10 Help (CHM)Nero InfoTool 10Nero InfoTool 10 Help (CHM)Nero MediaHub 10Nero MediaHub 10 Help (CHM)Nero Multimedia Suite 10Nero Recode 10Nero Recode 10 Help (CHM)Nero RescueAgent 10Nero RescueAgent 10 Help (CHM)Nero SoundTrax 10Nero SoundTrax 10 Help (CHM)Nero StartSmart 10Nero StartSmart 10 Help (CHM)Nero Vision 10Nero Vision 10 Help (CHM)Nero WaveEditor 10Nero WaveEditor 10 Help (CHM)Opera Stable 18.0.1284.68PDF-XChange EditorPDF Settings CS5Penguins!Perfect Uninstaller v6.3.3.8Photo CommonPhoto GalleryPhotoNow!Picasa 3Plants vs. ZombiesPoker Superstars IIIPolar BowlerPolar GolferPower2GoPowerDirectorPowerISOQuickTimeQuickTime Alternative 3.2.2Realtek Ethernet Controller Driver For Windows 7Realtek High Definition Audio DriverRealtek USB 2.0 Card ReaderRecovery ManagerRegister-x64Registry Clean ExpertRtVOsdSamsung KiesSAMSUNG USB Driver for Mobile PhonesSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition SiSoftware Sandra Lite 2014.RTMSkype™ 6.11Spybot - Search & DestroySynaptics Gesture Suite featuring SYNAPTICS | ScrybeSynaptics Pointing Device DriverSystem Requirements Lab for IntelTablet Driver With Macrokey ManagerTrader Workstation 4.0Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate voor Microsoft Office Excel 2007 Help (KB963678)Update voor Microsoft Office Powerpoint 2007 Help (KB963669)Update voor Microsoft Office Word 2007 Help (KB963665)VBA (2627.01)Verzoek of wijziging voorlopige aanslag 2014Virtual Villagers - The Secret CityVisual C++ 8.0 Runtime Setup Package (x64)VLC media player 2.0.7Vodafone Mobile Connect LiteVoipDiscountVSO Image Resizer 2.2.0.1cVuzeWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginWindows Mobile Device Updater ComponentWindows Movie Maker 2.6Windows Phone app for desktopWinPatrolWinRARx64 Components v2.2.4Yahoo! MessengerZuma DeluxeZuneZune Language Pack (CHS)Zune Language Pack (CHT)Zune Language Pack (CSY)Zune Language Pack (DAN)Zune Language Pack (DEU)Zune Language Pack (ELL)Zune Language Pack (ESP)Zune Language Pack (FIN)Zune Language Pack (FRA)Zune Language Pack (HUN)Zune Language Pack (IND)Zune Language Pack (ITA)Zune Language Pack (JPN)Zune Language Pack (KOR)Zune Language Pack (MSL)Zune Language Pack (NLD)Zune Language Pack (NOR)Zune Language Pack (PLK)Zune Language Pack (PTB)Zune Language Pack (PTG)Zune Language Pack (RUS)Zune Language Pack (SVE).==== Event Viewer Messages From Past Week ========.8-2-2014 21:49:48, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.8-2-2014 19:00:47, Error: Application Popup [1060] - \??\C:\Program Files\Perfect Uninstaller\FKFAP.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.8-2-2014 18:57:38, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3520.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 8-2-2014 18:47:25, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.7, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.8-2-2014 18:41:53, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.08-2-2014 18:31:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.8-2-2014 18:31:28, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8-2-2014 18:31:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}8-2-2014 18:30:58, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.8-2-2014 18:30:58, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.7-2-2014 11:44:11, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.6-2-2014 23:25:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3360.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6-2-2014 23:25:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3360.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 5-2-2014 13:14:14, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1..==== End Of File =========================== Link to post Share on other sites More sharing options...
jim0777 Posted February 8, 2014 Author ID:788433 Share Posted February 8, 2014 This is the Rogue Killer Report:RogueKiller V8.8.6 _x64_ [Feb 7 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : aldrich [Admin rights]Mode : Scan -- Date : 02/09/2014 00:52:41| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Schijfstation +++++--- User ---[MBR] b04f7fcfca751ada733635f8ee5c8d76[bSP] f11230797304b70fa2a565c3ad8eb680 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460262 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943026176 | Size: 16374 Mo3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) CBM1180 Flash Disk USB Device +++++--- User ---[MBR] 47de8f4e815a12bcafc0ba2fa942045f[bSP] adfd752585d15d71712c75d739b2d829 : Windows XP MBR CodePartition table:0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 124 MoUser = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_02092014_005241.txt >> Link to post Share on other sites More sharing options...
jim0777 Posted February 8, 2014 Author ID:788434 Share Posted February 8, 2014 This is the TDSS Killer Report:01:07:55.0339 3792 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:4201:07:55.0354 3792 ============================================================01:07:55.0354 3792 Current date / time: 2014/02/09 01:07:55.035401:07:55.0354 3792 SystemInfo:01:07:55.0354 3792 01:07:55.0354 3792 OS Version: 6.1.7601 ServicePack: 1.001:07:55.0354 3792 Product type: Workstation01:07:55.0354 3792 ComputerName: UW-HP01:07:55.0354 3792 UserName: aldrich01:07:55.0354 3792 Windows directory: C:\Windows01:07:55.0354 3792 System windows directory: C:\Windows01:07:55.0354 3792 Running under WOW6401:07:55.0354 3792 Processor architecture: Intel x6401:07:55.0354 3792 Number of processors: 401:07:55.0354 3792 Page size: 0x100001:07:55.0354 3792 Boot type: Normal boot01:07:55.0354 3792 ============================================================01:07:55.0900 3792 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004001:07:55.0916 3792 Drive \Device\Harddisk1\DR1 - Size: 0x7C9FE00 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'01:07:55.0916 3792 ============================================================01:07:55.0916 3792 \Device\Harddisk0\DR0:01:07:55.0916 3792 MBR partitions:01:07:55.0916 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6380001:07:55.0916 3792 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x382F300001:07:55.0916 3792 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38357000, BlocksNum 0x1FFB00001:07:55.0916 3792 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x3383001:07:55.0916 3792 \Device\Harddisk1\DR1:01:07:55.0916 3792 MBR partitions:01:07:55.0916 3792 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3E4C001:07:55.0916 3792 ============================================================01:07:55.0931 3792 C: <-> \Device\Harddisk0\DR0\Partition201:07:56.0009 3792 D: <-> \Device\Harddisk0\DR0\Partition301:07:56.0009 3792 ============================================================01:07:56.0009 3792 Initialize success01:07:56.0009 3792 ============================================================01:07:58.0537 2408 ============================================================01:07:58.0537 2408 Scan started01:07:58.0537 2408 Mode: Manual; 01:07:58.0537 2408 ============================================================01:07:59.0020 2408 ================ Scan system memory ========================01:07:59.0020 2408 System memory - ok01:07:59.0020 2408 ================ Scan services =============================01:07:59.0145 2408 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys01:07:59.0145 2408 1394ohci - ok01:07:59.0161 2408 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys01:07:59.0161 2408 ACPI - ok01:07:59.0192 2408 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys01:07:59.0192 2408 AcpiPmi - ok01:07:59.0270 2408 [ 00BFC7A51046CBD77E2A71F237ED2838 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe01:07:59.0285 2408 AcrSch2Svc - ok01:07:59.0301 2408 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys01:07:59.0301 2408 adfs - ok01:07:59.0363 2408 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys01:07:59.0363 2408 adp94xx - ok01:07:59.0379 2408 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys01:07:59.0379 2408 adpahci - ok01:07:59.0410 2408 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys01:07:59.0410 2408 adpu320 - ok01:07:59.0441 2408 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll01:07:59.0441 2408 AeLookupSvc - ok01:07:59.0613 2408 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe01:07:59.0613 2408 AERTFilters - ok01:07:59.0644 2408 [ 3F5FDC12FFA4794FC3A178A26D48E7CF ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys01:07:59.0644 2408 afcdp - ok01:07:59.0707 2408 [ B8C03E224E49E0F9726CDDEF872237EB ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe01:07:59.0707 2408 afcdpsrv - ok01:07:59.0972 2408 [ 79059559E89D06E8B80CE2944BE20228 ] AFD C:\Windows\system32\drivers\afd.sys01:07:59.0972 2408 AFD - ok01:08:00.0019 2408 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys01:08:00.0019 2408 AgereSoftModem - ok01:08:00.0065 2408 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys01:08:00.0065 2408 agp440 - ok01:08:00.0081 2408 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe01:08:00.0081 2408 ALG - ok01:08:00.0097 2408 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys01:08:00.0097 2408 aliide - ok01:08:00.0112 2408 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys01:08:00.0112 2408 amdide - ok01:08:00.0143 2408 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys01:08:00.0143 2408 AmdK8 - ok01:08:00.0159 2408 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys01:08:00.0159 2408 AmdPPM - ok01:08:00.0206 2408 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys01:08:00.0206 2408 amdsata - ok01:08:00.0237 2408 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys01:08:00.0237 2408 amdsbs - ok01:08:00.0253 2408 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys01:08:00.0253 2408 amdxata - ok01:08:00.0284 2408 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\Windows\system32\DRIVERS\lgandbus64.sys01:08:00.0284 2408 Andbus - ok01:08:00.0284 2408 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag64.sys01:08:00.0284 2408 AndDiag - ok01:08:00.0299 2408 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\Windows\system32\DRIVERS\lgandgps64.sys01:08:00.0299 2408 AndGps - ok01:08:00.0315 2408 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem64.sys01:08:00.0315 2408 ANDModem - ok01:08:00.0346 2408 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys01:08:00.0362 2408 AppID - ok01:08:00.0377 2408 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll01:08:00.0377 2408 AppIDSvc - ok01:08:00.0409 2408 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll01:08:00.0409 2408 Appinfo - ok01:08:00.0440 2408 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys01:08:00.0440 2408 arc - ok01:08:00.0471 2408 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys01:08:00.0471 2408 arcsas - ok01:08:00.0611 2408 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe01:08:00.0611 2408 aspnet_state - ok01:08:00.0627 2408 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys01:08:00.0627 2408 AsyncMac - ok01:08:00.0674 2408 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys01:08:00.0674 2408 atapi - ok01:08:00.0721 2408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll01:08:00.0721 2408 AudioEndpointBuilder - ok01:08:00.0752 2408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll01:08:00.0752 2408 AudioSrv - ok01:08:00.0783 2408 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll01:08:00.0799 2408 AxInstSV - ok01:08:00.0955 2408 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys01:08:00.0955 2408 b06bdrv - ok01:08:00.0986 2408 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys01:08:00.0986 2408 b57nd60a - ok01:08:01.0064 2408 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys01:08:01.0079 2408 BCM43XX - ok01:08:01.0111 2408 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll01:08:01.0111 2408 BDESVC - ok01:08:01.0126 2408 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys01:08:01.0126 2408 Beep - ok01:08:01.0189 2408 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll01:08:01.0204 2408 BFE - ok01:08:01.0220 2408 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll01:08:01.0251 2408 BITS - ok01:08:01.0282 2408 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys01:08:01.0282 2408 blbdrive - ok01:08:01.0345 2408 [ 85E239DE26774AFD66A6305BC7C39662 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys01:08:01.0360 2408 BootDefragDriver - ok01:08:01.0376 2408 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys01:08:01.0376 2408 bowser - ok01:08:01.0407 2408 BprotectEx - ok01:08:01.0423 2408 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys01:08:01.0423 2408 BrFiltLo - ok01:08:01.0438 2408 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys01:08:01.0438 2408 BrFiltUp - ok01:08:01.0485 2408 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll01:08:01.0485 2408 Browser - ok01:08:01.0501 2408 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys01:08:01.0501 2408 Brserid - ok01:08:01.0516 2408 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys01:08:01.0532 2408 BrSerWdm - ok01:08:01.0547 2408 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys01:08:01.0547 2408 BrUsbMdm - ok01:08:01.0563 2408 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys01:08:01.0563 2408 BrUsbSer - ok01:08:01.0625 2408 [ 565042698F48738D4E62AAE8473B9300 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe01:08:01.0625 2408 BstHdAndroidSvc - ok01:08:01.0688 2408 [ E9030B35175CAA68F96F4F73DB9E4902 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys01:08:01.0688 2408 BstHdDrv - ok01:08:01.0735 2408 [ 5D723B3E6F8C6857B4D40BF05E3143D4 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe01:08:01.0735 2408 BstHdLogRotatorSvc - ok01:08:01.0766 2408 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys01:08:01.0766 2408 BthEnum - ok01:08:01.0797 2408 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys01:08:01.0797 2408 BTHMODEM - ok01:08:01.0813 2408 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys01:08:01.0813 2408 BthPan - ok01:08:01.0844 2408 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys01:08:01.0844 2408 BTHPORT - ok01:08:01.0891 2408 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll01:08:01.0891 2408 bthserv - ok01:08:01.0906 2408 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys01:08:01.0906 2408 BTHUSB - ok01:08:01.0937 2408 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys01:08:01.0937 2408 cdfs - ok01:08:01.0969 2408 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys01:08:01.0969 2408 cdrom - ok01:08:02.0000 2408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll01:08:02.0000 2408 CertPropSvc - ok01:08:02.0031 2408 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys01:08:02.0031 2408 circlass - ok01:08:02.0047 2408 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys01:08:02.0047 2408 CLFS - ok01:08:02.0125 2408 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe01:08:02.0125 2408 clr_optimization_v2.0.50727_32 - ok01:08:02.0140 2408 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe01:08:02.0140 2408 clr_optimization_v2.0.50727_64 - ok01:08:02.0203 2408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe01:08:02.0203 2408 clr_optimization_v4.0.30319_32 - ok01:08:02.0218 2408 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe01:08:02.0218 2408 clr_optimization_v4.0.30319_64 - ok01:08:02.0249 2408 [ 45379507ECC5E406237BFF32C7390675 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys01:08:02.0249 2408 clwvd - ok01:08:02.0265 2408 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys01:08:02.0265 2408 CmBatt - ok01:08:02.0281 2408 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys01:08:02.0296 2408 cmdide - ok01:08:02.0327 2408 [ EBF28856F69CF094A902F884CF989706 ] CNG C:\Windows\system32\Drivers\cng.sys01:08:02.0327 2408 CNG - ok01:08:02.0343 2408 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys01:08:02.0343 2408 Compbatt - ok01:08:02.0374 2408 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys01:08:02.0374 2408 CompositeBus - ok01:08:02.0390 2408 COMSysApp - ok01:08:02.0405 2408 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys01:08:02.0405 2408 crcdisk - ok01:08:02.0468 2408 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll01:08:02.0468 2408 CryptSvc - ok01:08:02.0561 2408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll01:08:02.0561 2408 DcomLaunch - ok01:08:02.0577 2408 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll01:08:02.0593 2408 defragsvc - ok01:08:02.0624 2408 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys01:08:02.0624 2408 DfsC - ok01:08:02.0686 2408 [ 955FFE2B1D74A9E0E3E0E558E6A17F3B ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys01:08:02.0686 2408 dg_ssudbus - ok01:08:02.0702 2408 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll01:08:02.0717 2408 Dhcp - ok01:08:02.0858 2408 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys01:08:02.0858 2408 discache - ok01:08:02.0873 2408 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys01:08:02.0873 2408 Disk - ok01:08:02.0889 2408 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll01:08:02.0905 2408 Dnscache - ok01:08:02.0936 2408 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll01:08:02.0951 2408 dot3svc - ok01:08:02.0983 2408 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll01:08:02.0983 2408 DPS - ok01:08:03.0014 2408 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys01:08:03.0029 2408 drmkaud - ok01:08:03.0076 2408 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys01:08:03.0076 2408 DXGKrnl - ok01:08:03.0139 2408 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll01:08:03.0139 2408 EapHost - ok01:08:03.0232 2408 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys01:08:03.0248 2408 ebdrv - ok01:08:03.0279 2408 [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS C:\Windows\System32\lsass.exe01:08:03.0279 2408 EFS - ok01:08:03.0341 2408 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe01:08:03.0341 2408 ehRecvr - ok01:08:03.0373 2408 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe01:08:03.0373 2408 ehSched - ok01:08:03.0404 2408 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys01:08:03.0419 2408 elxstor - ok01:08:03.0435 2408 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys01:08:03.0435 2408 ErrDev - ok01:08:03.0451 2408 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll01:08:03.0451 2408 EventSystem - ok01:08:03.0466 2408 ewusbnet - ok01:08:03.0466 2408 ew_hwusbdev - ok01:08:03.0482 2408 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys01:08:03.0482 2408 exfat - ok01:08:03.0497 2408 ezSharedSvc - ok01:08:03.0513 2408 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys01:08:03.0529 2408 fastfat - ok01:08:03.0560 2408 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe01:08:03.0575 2408 Fax - ok01:08:03.0607 2408 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys01:08:03.0607 2408 fdc - ok01:08:03.0622 2408 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll01:08:03.0638 2408 fdPHost - ok01:08:03.0638 2408 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll01:08:03.0638 2408 FDResPub - ok01:08:03.0653 2408 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys01:08:03.0653 2408 FileInfo - ok01:08:03.0669 2408 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys01:08:03.0669 2408 Filetrace - ok01:08:03.0685 2408 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys01:08:03.0685 2408 flpydisk - ok01:08:03.0731 2408 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys01:08:03.0731 2408 FltMgr - ok01:08:03.0778 2408 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll01:08:03.0809 2408 FontCache - ok01:08:03.0856 2408 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe01:08:03.0856 2408 FontCache3.0.0.0 - ok01:08:03.0887 2408 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys01:08:03.0887 2408 FsDepends - ok01:08:03.0919 2408 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys01:08:03.0919 2408 Fs_Rec - ok01:08:03.0965 2408 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys01:08:03.0965 2408 fvevol - ok01:08:03.0981 2408 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys01:08:03.0981 2408 gagp30kx - ok01:08:04.0012 2408 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe01:08:04.0028 2408 GameConsoleService - ok01:08:04.0106 2408 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll01:08:04.0121 2408 gpsvc - ok01:08:04.0262 2408 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe01:08:04.0262 2408 gupdate - ok01:08:04.0277 2408 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe01:08:04.0277 2408 gupdatem - ok01:08:04.0309 2408 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe01:08:04.0309 2408 gusvc - ok01:08:04.0355 2408 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys01:08:04.0355 2408 hcw85cir - ok01:08:04.0387 2408 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys01:08:04.0387 2408 HdAudAddService - ok01:08:04.0402 2408 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys01:08:04.0402 2408 HDAudBus - ok01:08:04.0418 2408 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys01:08:04.0418 2408 HECIx64 - ok01:08:04.0449 2408 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys01:08:04.0449 2408 HidBatt - ok01:08:04.0511 2408 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys01:08:04.0511 2408 HidBth - ok01:08:04.0511 2408 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys01:08:04.0527 2408 HidIr - ok01:08:04.0543 2408 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll01:08:04.0543 2408 hidserv - ok01:08:04.0574 2408 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys01:08:04.0574 2408 HidUsb - ok01:08:04.0621 2408 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll01:08:04.0621 2408 hkmsvc - ok01:08:04.0652 2408 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll01:08:04.0652 2408 HomeGroupListener - ok01:08:04.0699 2408 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll01:08:04.0699 2408 HomeGroupProvider - ok01:08:04.0792 2408 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe01:08:04.0792 2408 HP Support Assistant Service - ok01:08:04.0839 2408 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe01:08:04.0839 2408 HP Wireless Assistant Service - ok01:08:04.0901 2408 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe01:08:04.0901 2408 hpqwmiex - ok01:08:04.0933 2408 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys01:08:04.0933 2408 HpSAMD - ok01:08:05.0026 2408 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe01:08:05.0026 2408 HPWMISVC - ok01:08:05.0073 2408 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys01:08:05.0073 2408 HTTP - ok01:08:05.0089 2408 huawei_enumerator - ok01:08:05.0089 2408 hwdatacard - ok01:08:05.0120 2408 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys01:08:05.0120 2408 hwpolicy - ok01:08:05.0120 2408 hwusbfake - ok01:08:05.0151 2408 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys01:08:05.0151 2408 i8042prt - ok01:08:05.0182 2408 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys01:08:05.0198 2408 iaStor - ok01:08:05.0260 2408 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe01:08:05.0260 2408 IAStorDataMgrSvc - ok01:08:05.0323 2408 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys01:08:05.0323 2408 iaStorV - ok01:08:05.0385 2408 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe01:08:05.0401 2408 idsvc - ok01:08:05.0432 2408 IEEtwCollectorService - ok01:08:05.0650 2408 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys01:08:05.0697 2408 igfx - ok01:08:05.0713 2408 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys01:08:05.0713 2408 iirsp - ok01:08:05.0775 2408 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT C:\Windows\System32\ikeext.dll01:08:05.0791 2408 IKEEXT - ok01:08:05.0806 2408 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys01:08:05.0822 2408 Impcd - ok01:08:05.0884 2408 [ E76FDFFF07F8A2FA81FF250DDA0F6BBA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys01:08:05.0900 2408 IntcAzAudAddService - ok01:08:05.0931 2408 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys01:08:05.0931 2408 IntcDAud - ok01:08:05.0947 2408 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys01:08:05.0947 2408 intelide - ok01:08:05.0978 2408 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys01:08:05.0978 2408 intelppm - ok01:08:05.0993 2408 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll01:08:06.0009 2408 IPBusEnum - ok01:08:06.0040 2408 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys01:08:06.0040 2408 IpFilterDriver - ok01:08:06.0056 2408 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll01:08:06.0071 2408 iphlpsvc - ok01:08:06.0103 2408 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys01:08:06.0103 2408 IPMIDRV - ok01:08:06.0118 2408 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys01:08:06.0118 2408 IPNAT - ok01:08:06.0149 2408 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys01:08:06.0149 2408 IRENUM - ok01:08:06.0165 2408 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys01:08:06.0165 2408 isapnp - ok01:08:06.0196 2408 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys01:08:06.0212 2408 iScsiPrt - ok01:08:06.0212 2408 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys01:08:06.0227 2408 kbdclass - ok01:08:06.0243 2408 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys01:08:06.0243 2408 kbdhid - ok01:08:06.0259 2408 [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso C:\Windows\system32\lsass.exe01:08:06.0259 2408 KeyIso - ok01:08:06.0290 2408 [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys01:08:06.0290 2408 KSecDD - ok01:08:06.0305 2408 [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys01:08:06.0321 2408 KSecPkg - ok01:08:06.0337 2408 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys01:08:06.0337 2408 ksthunk - ok01:08:06.0368 2408 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll01:08:06.0383 2408 KtmRm - ok01:08:06.0430 2408 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll01:08:06.0430 2408 LanmanServer - ok01:08:06.0461 2408 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll01:08:06.0477 2408 LanmanWorkstation - ok01:08:06.0571 2408 [ 70FB6254E29150A7A4A39FDFFD306C33 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe01:08:06.0571 2408 LBTServ - ok01:08:06.0617 2408 [ 1470EF17E02E82E4F43346DF9E9F11E1 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys01:08:06.0617 2408 LHidFilt - ok01:08:06.0664 2408 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe01:08:06.0664 2408 LightScribeService - ok01:08:06.0695 2408 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys01:08:06.0711 2408 lltdio - ok01:08:06.0929 2408 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll01:08:06.0961 2408 lltdsvc - ok01:08:06.0976 2408 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll01:08:06.0992 2408 lmhosts - ok01:08:07.0007 2408 [ 12814AE119E959437BEA3110F81BD188 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys01:08:07.0007 2408 LMouFilt - ok01:08:07.0117 2408 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe01:08:07.0117 2408 LMS - ok01:08:07.0148 2408 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys01:08:07.0148 2408 LSI_FC - ok01:08:07.0163 2408 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys01:08:07.0163 2408 LSI_SAS - ok01:08:07.0179 2408 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys01:08:07.0179 2408 LSI_SAS2 - ok01:08:07.0195 2408 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys01:08:07.0195 2408 LSI_SCSI - ok01:08:07.0226 2408 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys01:08:07.0226 2408 luafv - ok01:08:07.0273 2408 lxda_device - ok01:08:07.0319 2408 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys01:08:07.0319 2408 MBAMProtector - ok01:08:07.0397 2408 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe01:08:07.0413 2408 MBAMScheduler - ok01:08:07.0444 2408 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe01:08:07.0444 2408 MBAMService - ok01:08:07.0491 2408 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll01:08:07.0491 2408 Mcx2Svc - ok01:08:07.0569 2408 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe01:08:07.0569 2408 MDM - ok01:08:07.0600 2408 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys01:08:07.0600 2408 megasas - ok01:08:07.0616 2408 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys01:08:07.0616 2408 MegaSR - ok01:08:07.0631 2408 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll01:08:07.0647 2408 MMCSS - ok01:08:07.0647 2408 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys01:08:07.0647 2408 Modem - ok01:08:07.0663 2408 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys01:08:07.0663 2408 monitor - ok01:08:07.0694 2408 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys01:08:07.0694 2408 mouclass - ok01:08:07.0741 2408 [ 21B7ACEA1BB49C3371DD5427BF309D6A ] moufiltr C:\Windows\system32\DRIVERS\moufiltr.sys01:08:07.0741 2408 moufiltr - ok01:08:07.0787 2408 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys01:08:07.0787 2408 mouhid - ok01:08:07.0834 2408 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys01:08:07.0834 2408 mountmgr - ok01:08:08.0021 2408 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe01:08:08.0021 2408 MozillaMaintenance - ok01:08:08.0131 2408 [ C6B88D62F20AC646C6BD5C032EC2FAF9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys01:08:08.0131 2408 MpFilter - ok01:08:08.0193 2408 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys01:08:08.0193 2408 mpio - ok01:08:08.0224 2408 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys01:08:08.0224 2408 mpsdrv - ok01:08:08.0271 2408 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll01:08:08.0302 2408 MpsSvc - ok01:08:08.0333 2408 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys01:08:08.0333 2408 MRxDAV - ok01:08:08.0365 2408 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys01:08:08.0365 2408 mrxsmb - ok01:08:08.0396 2408 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys01:08:08.0411 2408 mrxsmb10 - ok01:08:08.0427 2408 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys01:08:08.0427 2408 mrxsmb20 - ok01:08:08.0443 2408 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys01:08:08.0443 2408 msahci - ok01:08:08.0474 2408 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys01:08:08.0474 2408 msdsm - ok01:08:08.0489 2408 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe01:08:08.0489 2408 MSDTC - ok01:08:08.0536 2408 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys01:08:08.0536 2408 Msfs - ok01:08:08.0552 2408 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys01:08:08.0552 2408 mshidkmdf - ok01:08:08.0567 2408 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys01:08:08.0567 2408 msisadrv - ok01:08:08.0599 2408 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll01:08:08.0614 2408 MSiSCSI - ok01:08:08.0614 2408 msiserver - ok01:08:08.0630 2408 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys01:08:08.0645 2408 MSKSSRV - ok01:08:08.0755 2408 [ 7675E15D1B2180745E4DA4D26AAD7385 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe01:08:08.0755 2408 MsMpSvc - ok01:08:08.0770 2408 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys01:08:08.0770 2408 MSPCLOCK - ok01:08:08.0786 2408 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys01:08:08.0786 2408 MSPQM - ok01:08:08.0833 2408 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys01:08:08.0833 2408 MsRPC - ok01:08:08.0864 2408 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys01:08:08.0864 2408 mssmbios - ok01:08:08.0895 2408 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys01:08:08.0895 2408 MSTEE - ok01:08:08.0895 2408 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys01:08:08.0911 2408 MTConfig - ok01:08:08.0926 2408 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys01:08:08.0926 2408 Mup - ok01:08:09.0145 2408 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll01:08:09.0176 2408 napagent - ok01:08:09.0207 2408 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys01:08:09.0207 2408 NativeWifiP - ok01:08:09.0269 2408 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys01:08:09.0285 2408 NDIS - ok01:08:09.0301 2408 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys01:08:09.0301 2408 NdisCap - ok01:08:09.0316 2408 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys01:08:09.0316 2408 NdisTapi - ok01:08:09.0363 2408 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys01:08:09.0363 2408 Ndisuio - ok01:08:09.0394 2408 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys01:08:09.0394 2408 NdisWan - ok01:08:09.0410 2408 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys01:08:09.0410 2408 NDProxy - ok01:08:09.0441 2408 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys01:08:09.0441 2408 NetBIOS - ok01:08:09.0488 2408 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys01:08:09.0488 2408 NetBT - ok01:08:09.0503 2408 [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon C:\Windows\system32\lsass.exe01:08:09.0503 2408 Netlogon - ok01:08:09.0535 2408 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll01:08:09.0550 2408 Netman - ok01:08:09.0628 2408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe01:08:09.0628 2408 NetMsmqActivator - ok01:08:09.0675 2408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe01:08:09.0675 2408 NetPipeActivator - ok01:08:09.0722 2408 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll01:08:09.0722 2408 netprofm - ok01:08:09.0737 2408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe01:08:09.0737 2408 NetTcpActivator - ok01:08:09.0737 2408 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe01:08:09.0737 2408 NetTcpPortSharing - ok01:08:09.0862 2408 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys01:08:09.0893 2408 netw5v64 - ok01:08:09.0925 2408 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys01:08:09.0925 2408 nfrd960 - ok01:08:09.0987 2408 [ ACE8C64C57E4A711473C8BC10ADF692B ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys01:08:09.0987 2408 NisDrv - ok01:08:10.0081 2408 [ 6247E8B31ED0A9D6BC5A26276E49BEB3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe01:08:10.0081 2408 NisSrv - ok01:08:10.0143 2408 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll01:08:10.0159 2408 NlaSvc - ok01:08:10.0190 2408 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys01:08:10.0190 2408 Npfs - ok01:08:10.0221 2408 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll01:08:10.0221 2408 nsi - ok01:08:10.0237 2408 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys01:08:10.0237 2408 nsiproxy - ok01:08:10.0315 2408 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys01:08:10.0315 2408 Ntfs - ok01:08:10.0346 2408 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys01:08:10.0346 2408 Null - ok01:08:10.0393 2408 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys01:08:10.0393 2408 nvraid - ok01:08:10.0424 2408 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys01:08:10.0424 2408 nvstor - ok01:08:10.0455 2408 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys01:08:10.0455 2408 nv_agp - ok01:08:10.0517 2408 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE01:08:10.0517 2408 odserv - ok01:08:10.0533 2408 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys01:08:10.0533 2408 ohci1394 - ok01:08:10.0564 2408 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE01:08:10.0564 2408 ose - ok01:08:10.0611 2408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll01:08:10.0611 2408 p2pimsvc - ok01:08:10.0658 2408 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll01:08:10.0658 2408 p2psvc - ok01:08:10.0705 2408 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys01:08:10.0705 2408 Parport - ok01:08:10.0736 2408 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys01:08:10.0736 2408 partmgr - ok01:08:10.0767 2408 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll01:08:10.0767 2408 PcaSvc - ok01:08:10.0814 2408 PCFApiUtil - ok01:08:10.0845 2408 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys01:08:10.0845 2408 pci - ok01:08:10.0876 2408 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys01:08:10.0876 2408 pciide - ok01:08:10.0907 2408 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys01:08:10.0907 2408 pcmcia - ok01:08:10.0939 2408 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys01:08:10.0939 2408 pcw - ok01:08:10.0970 2408 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys01:08:10.0970 2408 PEAUTH - ok01:08:11.0001 2408 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe01:08:11.0001 2408 PerfHost - ok01:08:11.0079 2408 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll01:08:11.0110 2408 pla - ok01:08:11.0157 2408 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll01:08:11.0173 2408 PlugPlay - ok01:08:11.0188 2408 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll01:08:11.0188 2408 PNRPAutoReg - ok01:08:11.0219 2408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll01:08:11.0219 2408 PNRPsvc - ok01:08:11.0266 2408 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll01:08:11.0266 2408 PolicyAgent - ok01:08:11.0297 2408 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll01:08:11.0297 2408 Power - ok01:08:11.0344 2408 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys01:08:11.0344 2408 PptpMiniport - ok01:08:11.0375 2408 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys01:08:11.0375 2408 Processor - ok01:08:11.0422 2408 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll01:08:11.0422 2408 ProfSvc - ok01:08:11.0438 2408 [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe01:08:11.0438 2408 ProtectedStorage - ok01:08:11.0469 2408 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe01:08:11.0469 2408 ProtexisLicensing - ok01:08:11.0516 2408 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys01:08:11.0516 2408 Psched - ok01:08:11.0609 2408 [ C32ECB99AD25E9A04F01C8665DF29EF8 ] pwdrvio C:\Windows\system32\pwdrvio.sys01:08:11.0609 2408 pwdrvio - ok01:08:11.0672 2408 [ D619356B955EEFA642F5FF72755E8B3C ] pwdspio C:\Windows\system32\pwdspio.sys01:08:11.0672 2408 pwdspio - ok01:08:11.0719 2408 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys01:08:11.0719 2408 ql2300 - ok01:08:11.0750 2408 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys01:08:11.0750 2408 ql40xx - ok01:08:11.0781 2408 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll01:08:11.0781 2408 QWAVE - ok01:08:11.0812 2408 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys01:08:11.0812 2408 QWAVEdrv - ok01:08:11.0828 2408 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys01:08:11.0828 2408 RasAcd - ok01:08:11.0843 2408 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys01:08:11.0843 2408 RasAgileVpn - ok01:08:11.0875 2408 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll01:08:11.0890 2408 RasAuto - ok01:08:11.0999 2408 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys01:08:11.0999 2408 Rasl2tp - ok01:08:12.0077 2408 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll01:08:12.0077 2408 RasMan - ok01:08:12.0124 2408 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys01:08:12.0124 2408 RasPppoe - ok01:08:12.0140 2408 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys01:08:12.0140 2408 RasSstp - ok01:08:12.0171 2408 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys01:08:12.0171 2408 rdbss - ok01:08:12.0202 2408 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys01:08:12.0202 2408 rdpbus - ok01:08:12.0218 2408 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys01:08:12.0218 2408 RDPCDD - ok01:08:12.0233 2408 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys01:08:12.0233 2408 RDPENCDD - ok01:08:12.0249 2408 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys01:08:12.0249 2408 RDPREFMP - ok01:08:12.0296 2408 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys01:08:12.0296 2408 RDPWD - ok01:08:12.0343 2408 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys01:08:12.0343 2408 rdyboost - ok01:08:12.0389 2408 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll01:08:12.0389 2408 RemoteAccess - ok01:08:12.0452 2408 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll01:08:12.0452 2408 RemoteRegistry - ok01:08:12.0483 2408 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys01:08:12.0483 2408 RFCOMM - ok01:08:12.0499 2408 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll01:08:12.0499 2408 RpcEptMapper - ok01:08:12.0514 2408 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe01:08:12.0514 2408 RpcLocator - ok01:08:12.0561 2408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll01:08:12.0561 2408 RpcSs - ok01:08:12.0592 2408 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys01:08:12.0592 2408 rspndr - ok01:08:12.0623 2408 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys01:08:12.0623 2408 RSUSBSTOR - ok01:08:12.0670 2408 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys01:08:12.0670 2408 RTL8167 - ok01:08:12.0733 2408 [ FEBFB5730E12F62CA38F86A066E7348D ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe01:08:12.0733 2408 RtVOsdService - ok01:08:12.0764 2408 [ 33E3B5497741E11609F5C19A4BABECE5 ] s116bus C:\Windows\system32\DRIVERS\s116bus.sys01:08:12.0764 2408 s116bus - ok01:08:12.0779 2408 [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs C:\Windows\system32\lsass.exe01:08:12.0779 2408 SamSs - ok01:08:12.0920 2408 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys01:08:12.0920 2408 SANDRA - ok01:08:12.0998 2408 [ 7C8A8167C82999867BFF84844E02BB05 ] SandraAgentSrv C:\Program Files\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe01:08:12.0998 2408 SandraAgentSrv - ok01:08:13.0013 2408 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys01:08:13.0013 2408 sbp2port - ok01:08:13.0076 2408 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe01:08:13.0076 2408 SBSDWSCService - ok01:08:13.0107 2408 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll01:08:13.0123 2408 SCardSvr - ok01:08:13.0138 2408 [ 07237C66E05DA6778E9F3CB67FA00736 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys01:08:13.0138 2408 SCDEmu - ok01:08:13.0185 2408 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys01:08:13.0185 2408 scfilter - ok01:08:13.0247 2408 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll01:08:13.0263 2408 Schedule - ok01:08:13.0310 2408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll01:08:13.0310 2408 SCPolicySvc - ok01:08:13.0372 2408 [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe01:08:13.0388 2408 ScrybeUpdater - ok01:08:13.0419 2408 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys01:08:13.0419 2408 sdbus - ok01:08:13.0466 2408 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll01:08:13.0466 2408 SDRSVC - ok01:08:13.0497 2408 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys01:08:13.0497 2408 secdrv - ok01:08:13.0528 2408 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll01:08:13.0528 2408 seclogon - ok01:08:13.0559 2408 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll01:08:13.0559 2408 SENS - ok01:08:13.0591 2408 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll01:08:13.0591 2408 SensrSvc - ok01:08:13.0606 2408 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys01:08:13.0606 2408 Serenum - ok01:08:13.0622 2408 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys01:08:13.0622 2408 Serial - ok01:08:13.0653 2408 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys01:08:13.0653 2408 sermouse - ok01:08:13.0715 2408 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll01:08:13.0715 2408 SessionEnv - ok01:08:13.0747 2408 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys01:08:13.0747 2408 sffdisk - ok01:08:13.0762 2408 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys01:08:13.0762 2408 sffp_mmc - ok01:08:13.0778 2408 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys01:08:13.0778 2408 sffp_sd - ok01:08:13.0809 2408 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys01:08:13.0809 2408 sfloppy - ok01:08:13.0856 2408 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll01:08:13.0871 2408 SharedAccess - ok01:08:13.0918 2408 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll01:08:13.0934 2408 ShellHWDetection - ok01:08:13.0965 2408 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys01:08:13.0965 2408 SiSRaid2 - ok01:08:13.0996 2408 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys01:08:14.0012 2408 SiSRaid4 - ok01:08:14.0090 2408 [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe01:08:14.0090 2408 SkypeUpdate - ok01:08:14.0121 2408 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys01:08:14.0121 2408 Smb - ok01:08:14.0199 2408 [ 27BA49F89468FDDAE6C2B311C53BCE3A ] snapman C:\Windows\system32\DRIVERS\snapman.sys01:08:14.0199 2408 snapman - ok01:08:14.0230 2408 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe01:08:14.0230 2408 SNMPTRAP - ok01:08:14.0246 2408 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys01:08:14.0246 2408 spldr - ok01:08:14.0293 2408 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe01:08:14.0293 2408 Spooler - ok01:08:14.0402 2408 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe01:08:14.0417 2408 sppsvc - ok01:08:14.0464 2408 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll01:08:14.0464 2408 sppuinotify - ok01:08:14.0495 2408 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys01:08:14.0495 2408 srv - ok01:08:14.0558 2408 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys01:08:14.0558 2408 srv2 - ok01:08:14.0605 2408 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS01:08:14.0605 2408 SrvHsfHDA - ok01:08:14.0651 2408 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS01:08:14.0667 2408 SrvHsfV92 - ok01:08:14.0807 2408 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS01:08:14.0807 2408 SrvHsfWinac - ok01:08:14.0839 2408 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys01:08:14.0839 2408 srvnet - ok01:08:14.0885 2408 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll01:08:14.0885 2408 SSDPSRV - ok01:08:14.0932 2408 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll01:08:14.0948 2408 SstpSvc - ok01:08:14.0979 2408 [ BB94A5E2CEE5FD83BA5A72A37AECADDF ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys01:08:14.0979 2408 ssudmdm - ok01:08:15.0041 2408 [ 3B92524D6A8BA23EFB3158A6AD0ADF79 ] ssudobex C:\Windows\system32\DRIVERS\ssudobex.sys01:08:15.0041 2408 ssudobex - ok01:08:15.0057 2408 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys01:08:15.0057 2408 stexstor - ok01:08:15.0104 2408 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll01:08:15.0119 2408 stisvc - ok01:08:15.0151 2408 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys01:08:15.0151 2408 swenum - ok01:08:15.0229 2408 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe01:08:15.0229 2408 SwitchBoard - ok01:08:15.0260 2408 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll01:08:15.0275 2408 swprv - ok01:08:15.0307 2408 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys01:08:15.0307 2408 SynTP - ok01:08:15.0369 2408 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll01:08:15.0416 2408 SysMain - ok01:08:15.0478 2408 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll01:08:15.0478 2408 TabletInputService - ok01:08:15.0525 2408 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll01:08:15.0525 2408 TapiSrv - ok01:08:15.0556 2408 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll01:08:15.0556 2408 TBS - ok01:08:15.0634 2408 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip C:\Windows\system32\drivers\tcpip.sys01:08:15.0650 2408 Tcpip - ok01:08:15.0712 2408 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys01:08:15.0712 2408 TCPIP6 - ok01:08:15.0775 2408 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys01:08:15.0775 2408 tcpipreg - ok01:08:15.0821 2408 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys01:08:15.0821 2408 TDPIPE - ok01:08:15.0884 2408 [ BF7AC81DF6FBE09438D9DC7188178EA9 ] tdrpman258 C:\Windows\system32\DRIVERS\tdrpm258.sys01:08:15.0884 2408 tdrpman258 - ok01:08:15.0946 2408 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys01:08:15.0946 2408 TDTCP - ok01:08:15.0977 2408 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys01:08:15.0977 2408 tdx - ok01:08:16.0009 2408 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys01:08:16.0009 2408 TermDD - ok01:08:16.0040 2408 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll01:08:16.0055 2408 TermService - ok01:08:16.0087 2408 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll01:08:16.0087 2408 Themes - ok01:08:16.0118 2408 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll01:08:16.0118 2408 THREADORDER - ok01:08:16.0211 2408 [ 2C1CAF5563548A15515EAB07D2A069C6 ] timounter C:\Windows\system32\DRIVERS\timntr.sys01:08:16.0211 2408 timounter - ok01:08:16.0243 2408 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll01:08:16.0243 2408 TrkWks - ok01:08:16.0321 2408 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe01:08:16.0336 2408 TrustedInstaller - ok01:08:16.0383 2408 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys01:08:16.0383 2408 tssecsrv - ok01:08:16.0414 2408 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys01:08:16.0414 2408 TsUsbFlt - ok01:08:16.0461 2408 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys01:08:16.0461 2408 tunnel - ok01:08:16.0492 2408 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys01:08:16.0492 2408 uagp35 - ok01:08:16.0539 2408 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys01:08:16.0539 2408 udfs - ok01:08:16.0586 2408 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe01:08:16.0586 2408 UI0Detect - ok01:08:16.0617 2408 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys01:08:16.0617 2408 uliagpkx - ok01:08:16.0648 2408 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys01:08:16.0648 2408 umbus - ok01:08:16.0679 2408 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys01:08:16.0695 2408 UmPass - ok01:08:16.0804 2408 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe01:08:16.0820 2408 UNS - ok01:08:16.0851 2408 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll01:08:16.0867 2408 upnphost - ok01:08:16.0898 2408 [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys01:08:16.0898 2408 usbccgp - ok01:08:16.0929 2408 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir C:\Windows\system32\drivers\usbcir.sys01:08:16.0929 2408 usbcir - ok01:08:16.0976 2408 [ 18A85013A3E0F7E1755365D287443965 ] usbehci C:\Windows\system32\drivers\usbehci.sys01:08:16.0976 2408 usbehci - ok01:08:17.0007 2408 [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys01:08:17.0007 2408 usbhub - ok01:08:17.0054 2408 [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci C:\Windows\system32\drivers\usbohci.sys01:08:17.0054 2408 usbohci - ok01:08:17.0085 2408 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys01:08:17.0085 2408 usbprint - ok01:08:17.0147 2408 [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys01:08:17.0147 2408 usbscan - ok01:08:17.0179 2408 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS01:08:17.0179 2408 USBSTOR - ok01:08:17.0225 2408 [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys01:08:17.0225 2408 usbuhci - ok01:08:17.0288 2408 [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys01:08:17.0288 2408 usbvideo - ok01:08:17.0319 2408 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll01:08:17.0335 2408 UxSms - ok01:08:17.0366 2408 [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc C:\Windows\system32\lsass.exe01:08:17.0366 2408 VaultSvc - ok01:08:17.0428 2408 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys01:08:17.0428 2408 vdrvroot - ok01:08:17.0475 2408 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe01:08:17.0475 2408 vds - ok01:08:17.0522 2408 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys01:08:17.0522 2408 vga - ok01:08:17.0537 2408 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys01:08:17.0537 2408 VgaSave - ok01:08:17.0553 2408 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys01:08:17.0569 2408 vhdmp - ok01:08:17.0615 2408 [ C2C95D62C90CA809240112B41C1765F2 ] vhidmini C:\Windows\system32\DRIVERS\walvhid.sys01:08:17.0615 2408 vhidmini - ok01:08:17.0631 2408 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys01:08:17.0631 2408 viaide - ok01:08:17.0693 2408 [ 2C9965F11443A82538C79FCAC5969183 ] VMCService C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe01:08:17.0693 2408 VMCService - ok01:08:17.0709 2408 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys01:08:17.0709 2408 volmgr - ok01:08:17.0756 2408 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys01:08:17.0756 2408 volmgrx - ok01:08:17.0771 2408 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys01:08:17.0787 2408 volsnap - ok01:08:17.0818 2408 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys01:08:17.0818 2408 vsmraid - ok01:08:17.0881 2408 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe01:08:17.0896 2408 VSS - ok01:08:17.0912 2408 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys01:08:17.0912 2408 vwifibus - ok01:08:17.0912 2408 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys01:08:17.0912 2408 vwififlt - ok01:08:17.0974 2408 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll01:08:17.0990 2408 W32Time - ok01:08:18.0021 2408 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys01:08:18.0021 2408 WacomPen - ok01:08:18.0052 2408 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys01:08:18.0052 2408 WANARP - ok01:08:18.0099 2408 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys01:08:18.0099 2408 Wanarpv6 - ok01:08:18.0146 2408 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe01:08:18.0161 2408 WatAdminSvc - ok01:08:18.0224 2408 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe01:08:18.0224 2408 wbengine - ok01:08:18.0286 2408 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll01:08:18.0302 2408 WbioSrvc - ok01:08:18.0333 2408 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll01:08:18.0349 2408 wcncsvc - ok01:08:18.0364 2408 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll01:08:18.0364 2408 WcsPlugInService - ok01:08:18.0395 2408 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys01:08:18.0395 2408 Wd - ok01:08:18.0458 2408 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys01:08:18.0458 2408 Wdf01000 - ok01:08:18.0473 2408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll01:08:18.0473 2408 WdiServiceHost - ok01:08:18.0489 2408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll01:08:18.0489 2408 WdiSystemHost - ok01:08:18.0536 2408 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll01:08:18.0536 2408 WebClient - ok01:08:18.0567 2408 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll01:08:18.0567 2408 Wecsvc - ok01:08:18.0583 2408 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll01:08:18.0583 2408 wercplsupport - ok01:08:18.0614 2408 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll01:08:18.0614 2408 WerSvc - ok01:08:18.0645 2408 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys01:08:18.0645 2408 WfpLwf - ok01:08:18.0676 2408 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys01:08:18.0676 2408 WIMMount - ok01:08:18.0692 2408 WinDefend - ok01:08:18.0739 2408 WinHttpAutoProxySvc - ok01:08:18.0801 2408 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll01:08:18.0801 2408 Winmgmt - ok01:08:18.0879 2408 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll01:08:18.0926 2408 WinRM - ok01:08:18.0988 2408 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys01:08:18.0988 2408 WinUsb - ok01:08:19.0066 2408 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll01:08:19.0097 2408 Wlansvc - ok01:08:19.0207 2408 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE01:08:19.0207 2408 wlidsvc - ok01:08:19.0253 2408 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys01:08:19.0253 2408 WmiAcpi - ok01:08:19.0300 2408 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe01:08:19.0300 2408 wmiApSrv - ok01:08:19.0331 2408 WMPNetworkSvc - ok01:08:19.0394 2408 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe01:08:19.0394 2408 WMZuneComm - ok01:08:19.0425 2408 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll01:08:19.0425 2408 WPCSvc - ok01:08:19.0472 2408 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll01:08:19.0472 2408 WPDBusEnum - ok01:08:19.0503 2408 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys01:08:19.0503 2408 ws2ifsl - ok01:08:19.0519 2408 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll01:08:19.0519 2408 wscsvc - ok01:08:19.0534 2408 WSearch - ok01:08:19.0565 2408 WTService - ok01:08:19.0643 2408 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll01:08:19.0706 2408 wuauserv - ok01:08:19.0753 2408 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys01:08:19.0753 2408 WudfPf - ok01:08:19.0768 2408 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys01:08:19.0784 2408 WUDFRd - ok01:08:19.0815 2408 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll01:08:19.0831 2408 wudfsvc - ok01:08:19.0862 2408 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll01:08:19.0862 2408 WwanSvc - ok01:08:19.0909 2408 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys01:08:19.0909 2408 yukonw7 - ok01:08:20.0205 2408 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe01:08:20.0236 2408 ZuneNetworkSvc - ok01:08:20.0314 2408 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe01:08:20.0314 2408 ZuneWlanCfgSvc - ok01:08:20.0345 2408 ================ Scan global ===============================01:08:20.0423 2408 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll01:08:20.0455 2408 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll01:08:20.0470 2408 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll01:08:20.0501 2408 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll01:08:20.0501 2408 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe01:08:20.0517 2408 [Global] - ok01:08:20.0517 2408 ================ Scan MBR ==================================01:08:20.0533 2408 [ 1F0D861CA015F6CB0AD18F2337A4BE71 ] \Device\Harddisk0\DR001:08:20.0876 2408 \Device\Harddisk0\DR0 - ok01:08:20.0907 2408 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR101:08:27.0272 2408 \Device\Harddisk1\DR1 - ok01:08:27.0272 2408 ================ Scan VBR ==================================01:08:27.0334 2408 [ 583550FFDB2BCE497E71000678121B13 ] \Device\Harddisk0\DR0\Partition101:08:27.0334 2408 \Device\Harddisk0\DR0\Partition1 - ok01:08:27.0350 2408 [ 417655DE8D20EE6D971A5C6CE75428D9 ] \Device\Harddisk0\DR0\Partition201:08:27.0350 2408 \Device\Harddisk0\DR0\Partition2 - ok01:08:27.0381 2408 [ CE5B56C10A1ED240B405A49BA0F84134 ] \Device\Harddisk0\DR0\Partition301:08:27.0381 2408 \Device\Harddisk0\DR0\Partition3 - ok01:08:27.0428 2408 [ 0D799C7C0221DB039327F4F5A2034DEE ] \Device\Harddisk0\DR0\Partition401:08:27.0443 2408 \Device\Harddisk0\DR0\Partition4 - ok01:08:27.0443 2408 [ DA730842C32BCF9EAE190543087E3571 ] \Device\Harddisk1\DR1\Partition101:08:27.0443 2408 \Device\Harddisk1\DR1\Partition1 - ok01:08:27.0443 2408 ============================================================01:08:27.0443 2408 Scan finished01:08:27.0443 2408 ============================================================01:08:27.0459 3936 Detected object count: 001:08:27.0459 3936 Actual detected object count: 0 Link to post Share on other sites More sharing options...
jim0777 Posted February 9, 2014 Author ID:788613 Share Posted February 9, 2014 My suspicion about the DNS Leak proved to be true when I checked it with dnsleaktest.com this morning.I have completely reconfigured my TP Link TD-W8901G modem/router and the MBAM alerts and blockages have stopped.However, I am still wondering if the cause of all this was a malware infection, so I would be very grateful if you could check the posted logs for me for irregularities.Thanks! Link to post Share on other sites More sharing options...
jim0777 Posted February 9, 2014 Author ID:788646 Share Posted February 9, 2014 I'm very sorry to advise that in spite of the modem reconfiguration the threat still exists.I just got the same alert like before:IP-BLOCK 5.45.75.11 (Type: outgoing, Port: 63809, Process: svchost.exe)IP-BLOCK 5.45.75.36 (Type: outgoing, Port: 63809, Process: svchost.exe) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 10, 2014 Root Admin ID:789016 Share Posted February 10, 2014 Instead of just running random scans it would have been better to read some of the pinned topics and waited for help. Let's start over and see if we can get this fixed up for you. I know you've posted logs but you've also played with the system so let me get all new logs please and follow the directions below. If you've not already done so please start here and post back the 2 log files DDS.txt and Attach.txtIf you've already posted the DDS logs then please read the following information below and post back the requested logs when ready.General P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Before we proceed further, please read all of the following instructions carefully.If there is anything that you do not understand kindly ask before proceeding.If needed please print out these instructions.Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic:Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)STEP 0RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processesso that your normal security software can then run and clean your computer of infections.When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policiesthat stop us from using certain tools. When finished it will display a log file that shows the processes that wereterminated while the program was running.As RKill only terminates a program's running process, and does not delete any files, after running it you should not rebootyour computer as any malware processes that are configured to start automatically will just be started again.Instead, after running RKill you should immediately scan your computer using the requested scans I've included.Please download Rkill by Grinler from one of the links below and save it to your desktop.Link 1Link 2On Windows XP double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer, you will need to run the application again.STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Please download RogueKiller and save it to your desktop.You can check here if you're not sure if your computer is 32-bit or 64-bitRogueKiller 32-bit | RogueKiller 64-bit Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes Close the program > Don't Fix anything! Don't run any other options, they're not all bad!! Post back the report which should be located on your desktop. Link to post Share on other sites More sharing options...
jim0777 Posted February 10, 2014 Author ID:789113 Share Posted February 10, 2014 I'm glad you're willing to help. Thank you.OK, here goes: DDS LOG DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by aldrich at 19:09:51 on 2014-02-10#Option Extended Search is enabled.Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.7990.5736 [GMT 7:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\SysWOW64\ezSharedSvcHost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\System32\alg.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Windows\explorer.exeC:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\taskeng.exeC:\Users\aldrich\AppData\Local\Google\Chrome\Application\chrome.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dlluPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: EnableShellExecuteHooks = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: HideFastUserSwitching = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeIE: {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTOIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{46798D80-566F-493D-8A36-97D62BF20DC8} : DHCPNameServer = 5.45.75.36 5.45.75.11TCP: Interfaces\{46798D80-566F-493D-8A36-97D62BF20DC8}\44F6E60244965676F6 : DHCPNameServer = 62.113.218.182 8.8.8.8TCP: Interfaces\{A642EB03-A823-46B5-B41B-3CE542B79BF2} : DHCPNameServer = 192.168.1.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: igfxcui - <no file>SSODL: WebCheck - <orphaned>STS: {E31004D1-A431-41B8-826F-E902F9D95C81} - <orphaned>mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: WebCheck - <orphaned>Hosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\FF - prefs.js: network.proxy.type - 2FF - component: C:\Program Files (x86)\ Firefox\components\browserdirprovider.dllFF - component: C:\Program Files (x86)\ Firefox\components\brwsrcmp.dllFF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\VLC\npvlc.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\aldrich\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Users\aldrich\AppData\Roaming\Mozilla\plugins\np-mswmp.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll.============= SERVICES / DRIVERS ===============.R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2013-12-27 17088]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2011-10-4 1477728]R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-7-17 70984]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-28 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-28 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-8-2 32880]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-28 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-10-4 251488]S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-9-12 19456]S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-9-12 27648]S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-9-12 27136]S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-9-12 34304]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-12-14 19152]S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-12-14 12504]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-8 225280]S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe [2013-12-27 72344]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2013-10-28 204568]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-3 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-23 1255736]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]S4 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-4 2480048]S4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-7-17 393032]S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-7-17 384840]S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-8 13336]S4 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-17 315392]S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-27 1153368]S4 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-12 1300264]S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-8 2320920]S4 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-11-17 9216]S4 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?].=============== File Associations ===============.ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1".=============== Created Last 60 ================.2014-02-10 10:41:09 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFDBD96D-49A3-4AE9-ACFB-781D922D4C5E}\mpengine.dll2014-02-10 09:19:12 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2014-02-10 09:19:12 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2014-02-10 09:17:56 461312 ----a-w- C:\Windows\System32\scavengeui.dll2014-02-10 09:15:24 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys2014-02-09 15:02:36 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-02-09 11:51:44 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-09 11:46:53 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-02-08 18:13:14 -------- d-----w- C:\AdwCleaner2014-02-03 11:56:21 -------- d-----w- C:\Users\aldrich\AppData\Roaming\rmi2014-01-23 08:47:39 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFFE2579-F5A7-4F29-9EC0-58C476467580}\gapaengine.dll2014-01-20 15:35:49 -------- d-----w- C:\Program Files (x86)\BankTrans2014-01-15 13:09:27 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-15 13:09:26 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-15 13:09:26 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-15 13:09:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-15 13:09:26 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-15 13:09:26 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-15 13:09:26 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-15 13:03:42 3156480 ----a-w- C:\Windows\System32\win32k.sys2013-12-29 12:40:17 -------- d-----w- C:\Users\aldrich\AppData\Roaming\calibre2013-12-29 12:36:34 -------- d-----w- C:\Program Files (x86)\eBookConverter2013-12-29 09:55:14 -------- d-----w- C:\Users\aldrich\AppData\Local\Amazon2013-12-28 05:18:48 -------- d-----w- C:\ProgramData\Oracle2013-12-28 05:18:12 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-12-28 04:49:00 -------- d-----w- C:\ProgramData\Baidu Security2013-12-28 04:48:24 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Baidu Security2013-12-28 03:53:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-12-27 10:11:07 -------- d--h--w- C:\Windows\msdownld.tmp2013-12-27 10:10:56 -------- d-----w- C:\Windows\SysWow64\directx2013-12-27 10:10:39 -------- d-s---w- C:\Program Files\SiSoftware Sandra Lite 2014.RTM2013-12-27 09:42:57 -------- d-----w- C:\ProgramData\GlarySoft2013-12-27 09:42:55 17088 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys2013-12-27 09:42:55 117024 ----a-w- C:\Windows\System32\BootDefrag.exe2013-12-27 09:42:45 -------- d-----w- C:\Program Files (x86)\Glary Utilities 42013-12-26 07:37:05 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Tracker Software2013-12-26 07:36:31 -------- d-----w- C:\Program Files\PDF-XChange2013-12-26 07:33:11 -------- d-----w- C:\ProgramData\Package Cache2013-12-26 06:21:45 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Softland2013-12-26 06:21:44 25920 ----a-w- C:\Windows\System32\dopdfmn7.dll2013-12-26 06:21:44 21312 ----a-w- C:\Windows\System32\dopdfmi7.dll2013-12-26 06:21:44 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll2013-12-26 06:21:42 -------- d-----w- C:\Program Files\DoPDF 72013-12-18 15:54:50 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA4.DLL2013-12-18 15:54:50 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA4.DLL2013-12-18 15:54:29 385024 ----a-w- C:\Windows\System32\CNMLMA4.DLL2013-12-17 15:49:12 -------- d-----w- C:\Users\aldrich\AppData\Local\Opera Software2013-12-17 15:49:11 -------- d-----w- C:\Users\aldrich\AppData\Roaming\Opera Software2013-12-16 14:04:14 -------- d-----r- C:\Program Files (x86)\Skype2013-12-14 09:44:10 3050808 ----a-w- C:\Windows\System32\pwNative.exe2013-12-14 09:44:10 19152 ------w- C:\Windows\System32\pwdrvio.sys2013-12-14 09:44:09 12504 ------w- C:\Windows\System32\pwdspio.sys2013-12-14 09:43:40 -------- d-----w- C:\Program Files (x86)\MiniTool Partition Wizard.==================== Find6M ====================.2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe2013-12-06 09:30:53 878080 ----a-w- C:\Windows\System32\advapi32.dll2013-12-06 09:29:47 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-12-06 09:29:47 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-12-06 09:29:47 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-12-03 09:33:42 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-12-03 09:33:42 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-10-30 05:13:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll2013-10-30 05:07:00 90112 ----a-w- C:\Windows\MAMCityDownload.ocx2013-10-30 05:07:00 330240 ----a-w- C:\Windows\MASetupCaller.dll2013-10-30 05:07:00 30568 ----a-w- C:\Windows\MusiccityDownload.exe2013-10-27 18:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudobex.sys2013-10-27 18:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2013-10-27 18:12:12 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll2013-10-27 18:12:10 107288 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe.============= FINISH: 19:11:01.46 =============== ATTACH .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 22-9-2010 13:03:51System Uptime: 10-2-2014 17:15:10 (2 hours ago).Motherboard: Hewlett-Packard | | 1439Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU | 2534/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 449 GiB total, 338.754 GiB free.D: is FIXED (NTFS) - 16 GiB total, 2.269 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP483: 23-1-2014 15:45:56 - Windows UpdateRP484: 26-1-2014 18:05:46 - Windows UpdateRP485: 29-1-2014 21:36:32 - Windows UpdateRP486: 2-2-2014 11:11:34 - Windows UpdateRP487: 5-2-2014 20:42:50 - Windows UpdateRP488: 7-2-2014 22:40:39 - HP 3500c Scanner 64bit vista driverRP489: 8-2-2014 18:34:29 - Restore OperationRP490: 8-2-2014 21:57:39 - Windows UpdateRP491: 10-2-2014 16:24:28 - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)7-Zip 4.47 betaAangifte inkomstenbelasting 2009Aangifte inkomstenbelasting 2010Aangifte inkomstenbelasting 2012Aangifte inkomstenbelasting 2013Acronis True Image HomeAdobe AIRAdobe Community HelpAdobe Content ViewerAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe InDesign CS5.5Adobe Photoshop CS5Agatha Christie - Death on the NileAmazon KindleAny Video Converter 3.5.8Apple Application SupportApple Software UpdateArcSoft Panorama Maker 3.0ASUS Android USB DriversASUS SyncAudacity 2.0.5BankTrans versie 2.10Bejeweled 2 DeluxeBlackhawk Striker 2BlueStacks App PlayerBlueStacks Notification CenterBroadcom 802.11 Wireless LAN AdapterBullzip PDF Printer 7.2.0.1338Camtasia Studio 4Canon iP2700 series Printer DriverCCleanerChuzzle DeluxeCool Edit Pro 2.0CyberLink DVD SuiteCyberLink PowerDVD 9CyberLink YouCamD3DX10doPDF 7.3 printerDora's Carnival AdventureEnergy Star Digital LogoeRegEscape Rosecliff IslandESU for Microsoft Windows 7FATEFeedback ToolFinal Drive NitroFoxit PDF EditorFoxit PDF Preview HandlerFoxit PhantomFoxit ReaderGlary Utilities 4.3GOM PlayerGoogle ChromeGoogle DriveGoogle EarthGoogle Update HelperHewlett-Packard ACLM.NET v1.2.1.1High-Definition Video Playback 10HP AdvisorHP Customer Experience EnhancementsHP DocumentationHP Game ConsoleHP GamesHP Power ManagerHP Product DetectionHP Quick LaunchHP SetupHP Software FrameworkHP Wireless AssistantIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyJava 7 Update 45Java Auto UpdaterJewel Quest - HeritageJunk Mail filter updateKindle ConverterLabelPrintLAME v3.99.3 (for Windows)LG United Mobile DriverLightScribe System SoftwareLogitech SetPoint 6.52Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (Dutch) 2007Microsoft Office Excel MUI (Dutch) 2007Microsoft Office File Validation Add-InMicrosoft Office InfoPath MUI (Dutch) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Outlook MUI (Dutch) 2007Microsoft Office PowerPoint MUI (Dutch) 2007Microsoft Office Professional Plus 2007Microsoft Office Proof (Dutch) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (German) 2007Microsoft Office Proofing (Dutch) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (Dutch) 2007Microsoft Office Shared 64-bit MUI (Dutch) 2007Microsoft Office Shared MUI (Dutch) 2007Microsoft Office Word MUI (Dutch) 2007Microsoft Primary Interoperability Assemblies 2005Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Microsoft_VC90_MFCLOC_x86MiniTool Partition Wizard Home Edition 8.1.1MiniTool Power Data RecoveryMovie MakerMSVCRTMSVCRT_amd64MSVCRT110MSVCRT110_amd64MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2758694)MyBKS 2.0Neat Image v6.0 Pro+Nero 10 Menu TemplatePack BasicNero 10 Movie ThemePack BasicNero BackItUp 10 Help (CHM)Nero Burning ROM 10Nero BurningROM 10 Help (CHM)Nero BurnRights 10Nero BurnRights 10 Help (CHM)Nero Control Center 10Nero ControlCenter 10 Help (CHM)Nero Core Components 10Nero CoverDesigner 10Nero CoverDesigner 10 Help (CHM)Nero DiscSpeed 10Nero DiscSpeed 10 Help (CHM)Nero Dolby Files 10Nero Express 10Nero Express 10 Help (CHM)Nero InfoTool 10Nero InfoTool 10 Help (CHM)Nero MediaHub 10Nero MediaHub 10 Help (CHM)Nero Multimedia Suite 10Nero Recode 10Nero Recode 10 Help (CHM)Nero RescueAgent 10Nero RescueAgent 10 Help (CHM)Nero SoundTrax 10Nero SoundTrax 10 Help (CHM)Nero StartSmart 10Nero StartSmart 10 Help (CHM)Nero Vision 10Nero Vision 10 Help (CHM)Nero WaveEditor 10Nero WaveEditor 10 Help (CHM)Opera Stable 18.0.1284.68PDF-XChange EditorPDF Settings CS5Penguins!Perfect Uninstaller v6.3.3.8Photo CommonPhoto GalleryPhotoNow!Picasa 3Plants vs. ZombiesPoker Superstars IIIPolar BowlerPolar GolferPower2GoPowerDirectorPowerISOQuickTimeQuickTime Alternative 3.2.2Realtek Ethernet Controller Driver For Windows 7Realtek High Definition Audio DriverRealtek USB 2.0 Card ReaderRecovery ManagerRegister-x64Registry Clean ExpertRtVOsdSamsung KiesSAMSUNG USB Driver for Mobile PhonesSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition SiSoftware Sandra Lite 2014.RTMSkype™ 6.11Spybot - Search & DestroySynaptics Gesture Suite featuring SYNAPTICS | ScrybeSynaptics Pointing Device DriverSystem Requirements Lab for IntelTablet Driver With Macrokey ManagerTrader Workstation 4.0Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate voor Microsoft Office Excel 2007 Help (KB963678)Update voor Microsoft Office Powerpoint 2007 Help (KB963669)Update voor Microsoft Office Word 2007 Help (KB963665)VBA (2627.01)Verzoek of wijziging voorlopige aanslag 2014Virtual Villagers - The Secret CityVisual C++ 8.0 Runtime Setup Package (x64)VLC media player 2.0.7Vodafone Mobile Connect LiteVoipDiscountVSO Image Resizer 2.2.0.1cWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginWindows Mobile Device Updater ComponentWindows Movie Maker 2.6Windows Phone app for desktopWinPatrolWinRARx64 Components v2.2.4Yahoo! MessengerZuma DeluxeZuneZune Language Pack (CHS)Zune Language Pack (CHT)Zune Language Pack (CSY)Zune Language Pack (DAN)Zune Language Pack (DEU)Zune Language Pack (ELL)Zune Language Pack (ESP)Zune Language Pack (FIN)Zune Language Pack (FRA)Zune Language Pack (HUN)Zune Language Pack (IND)Zune Language Pack (ITA)Zune Language Pack (JPN)Zune Language Pack (KOR)Zune Language Pack (MSL)Zune Language Pack (NLD)Zune Language Pack (NOR)Zune Language Pack (PLK)Zune Language Pack (PTB)Zune Language Pack (PTG)Zune Language Pack (RUS)Zune Language Pack (SVE).==== Event Viewer Messages From Past Week ========.8-2-2014 21:49:48, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.8-2-2014 19:00:47, Error: Application Popup [1060] - \??\C:\Program Files\Perfect Uninstaller\FKFAP.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.8-2-2014 18:57:38, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3520.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 8-2-2014 18:47:25, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.7, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.8-2-2014 18:41:53, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.08-2-2014 18:31:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.8-2-2014 18:31:28, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8-2-2014 18:31:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}8-2-2014 18:30:58, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.8-2-2014 18:30:58, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.6-2-2014 23:25:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3360.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6-2-2014 23:25:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3360.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10-2-2014 18:20:58, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.10-2-2014 18:06:50, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.10-2-2014 16:36:38, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3678.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10-2-2014 16:36:38, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3678.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10-2-2014 16:36:38, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3678.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10-2-2014 16:24:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3678.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10-2-2014 16:24:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3678.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10-2-2014 16:24:42, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3678.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 10-2-2014 10:16:35, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error..==== End Of File =========================== ROGUEKILLERRogueKiller V8.8.6 _x64_ [Feb 7 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : aldrich [Admin rights]Mode : Scan -- Date : 02/10/2014 19:39:40| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Schijfstation +++++--- User ---[MBR] b04f7fcfca751ada733635f8ee5c8d76[bSP] f11230797304b70fa2a565c3ad8eb680 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460262 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943026176 | Size: 16374 Mo3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_02102014_193940.txt >> Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 10, 2014 Root Admin ID:789237 Share Posted February 10, 2014 Thank you. Okay let's start off with a couple of removals and then we'll run some other scans. First please uninstall ALL versions of Java. Go into your Control Panel, Add/Remove and uninstall Java.Then run the following. Please download JavaRa-1.16 and save it to your computer.Double click to open the zip file and then select all and choose Copy.Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.Quit all browsers and other running applications.Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.From the drop-down menu, choose English and click on Select.JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.A logfile will pop up. Please save it to a convenient location and post it in your next reply. Note: These type of programs can do more harm to your computer than good. Registry Clean ExpertI would recommend you uninstall that program and not use any type of registry cleaners.Do I need a Windows Registry Cleaner? Once you've run the Java removal from Control Panel and using JavaRA and have restarted the computer then run the following steps. Please go ahead and run through the following steps and post back the logs when ready.STEP 03Please download Malwarebytes Anti-Rootkit from hereUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 04Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.The tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next reply messageWhen completed make sure to re-enable your antivirusSTEP 05Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.STEP 06Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is untickedClick on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick ScanWait for the scan to finishIf any threats were found, click the 'List of found threats' , then click Export to text file....Save it to your desktop, then please copy and paste that log as a reply to this topic.STEP 07Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer.Press the Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
jim0777 Posted February 11, 2014 Author ID:789522 Share Posted February 11, 2014 I've finished running the scan you instructed me to do and obtained the following results: JAVARA JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Feb 11 05:53:40 2014 Found and removed: C:\Program Files (x86)\Java\jre6Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\.jnlpFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Classes\JNLPFileFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\MozillaPlugins------------------------------------Finished reporting. ======================================================================================== MBAR Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.02.10.09 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476aldrich :: UW-HP [administrator] Protection: Enabled 11-2-2014 7:34:36mbam-log-2014-02-11 (07-34-36).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 219572Time elapsed: 7 minute(s), 29 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)========================================================================================================== MBAR SYSTEM-LOG.txt ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.533000 GHzMemory total: 8377974784, free: 5853609984 Downloaded database version: v2014.02.09.02Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 02/09/2014 18:51:42------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\timntr.sys\SystemRoot\system32\DRIVERS\wd.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\tdrpm258.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\system32\DRIVERS\snapman.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\drivers\BootDefragDriver.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\System32\Drivers\SCDEmu.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\walvhid.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\moufiltr.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\Drivers\adfs.SYS\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\drivers\ipnat.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\DRIVERS\monitor.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800a0b5060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8008063050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800a0b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8009f16e30, DeviceName: Unknown, DriverName: \Driver\tdrpman258\DevicePointer: 0xfffffa8009f12880, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xfffffa8009f12b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800a0b5950, DeviceName: Unknown, DriverName: \Driver\tdrpman258\DevicePointer: 0xfffffa800a0b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8008063050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 754EA8AB Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 942616576 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 943026176 Numsec = 33533952 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.533000 GHzMemory total: 8377974784, free: 6186954752 ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.533000 GHzMemory total: 8377974784, free: 6042103808 Downloaded database version: v2014.02.09.03Downloaded database version: v2014.02.09.04Downloaded database version: v2014.02.09.05Downloaded database version: v2014.02.09.06Downloaded database version: v2014.02.09.07Downloaded database version: v2014.02.10.01Downloaded database version: v2014.02.10.02Downloaded database version: v2014.02.10.03Downloaded database version: v2014.02.10.04Downloaded database version: v2014.02.10.05Downloaded database version: v2014.02.10.06Downloaded database version: v2014.02.10.07Downloaded database version: v2014.02.10.08Initializing...======================------------ Kernel report ------------ 02/11/2014 06:09:17------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\timntr.sys\SystemRoot\system32\DRIVERS\wd.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\tdrpm258.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\system32\DRIVERS\snapman.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\drivers\BootDefragDriver.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\System32\Drivers\SCDEmu.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\walvhid.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\moufiltr.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\Drivers\adfs.SYS\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\drivers\ipnat.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800836d060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8008079050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800836d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80081d1940, DeviceName: Unknown, DriverName: \Driver\tdrpman258\DevicePointer: 0xfffffa80081d0980, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xfffffa80081d0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800836de30, DeviceName: Unknown, DriverName: \Driver\tdrpman258\DevicePointer: 0xfffffa800836d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8008079050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 754EA8AB Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 942616576 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 943026176 Numsec = 33533952 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished ======================================================================================================== JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.1 (02.04.2014:1)OS: Windows 7 Home Premium x64Ran by aldrich on di 11-02-2014 at 7:00:33.22~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstallerstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstallerstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8F7331A2-B6FB-4761-86AC-C430DC53D665}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8F7331A2-B6FB-4761-86AC-C430DC53D665} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\aldrich\AppData\Roaming\dvdvideosoftiehelpers"Successfully deleted: [Folder] "C:\Users\aldrich\appdata\local\cre"Successfully deleted: [Folder] "C:\Users\aldrich\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" ~~~ Chrome Successfully deleted: [Folder] C:\Users\aldrich\appdata\local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkkSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkkSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on di 11-02-2014 at 7:07:06.99End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ====================================================================================================== ADW CLEANER # AdwCleaner v3.018 - Report created 11/02/2014 at 07:22:25# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : aldrich - UW-HP# Running from : C:\Users\aldrich\Desktop\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\SmartbarFolder Deleted : C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\CT2504091Folder Deleted : C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}File Deleted : C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v12.0 (en-US) [ File : C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\prefs.js ] Line Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT2504091.FirstTime", "true");Line Deleted : user_pref("CT2504091.FirstTimeFF3", "true");Line Deleted : user_pref("CT2504091.UserID", "UN10601929464692839");Line Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");Line Deleted : user_pref("CT2504091.autoDisableScopes", -1);Line Deleted : user_pref("CT2504091.cbcountry_001", "TH");Line Deleted : user_pref("CT2504091.cbfirsttime", "Wed Jul 04 2012 09:59:24 GMT+0700 (SE Asia Standard Time)");Line Deleted : user_pref("CT2504091.defaultSearch", "false");Line Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]Line Deleted : user_pref("CT2504091.enableAlerts", "false");Line Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");Line Deleted : user_pref("CT2504091.firstTimeDialogOpened", "true");Line Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");Line Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");Line Deleted : user_pref("CT2504091.fixUrls", true);Line Deleted : user_pref("CT2504091.installId", "ConduitNSISIntegration");Line Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");Line Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT2504091.isNewTabEnabled", true);Line Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");Line Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");Line Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.udonmap.com%2Fudonthaniforum%2Fposting.php%3Fmode%3Dreply%26f%3D36%26t%3D25364%26sid%3Da6da1df061fc388bcd6d9d6f7[...]Line Deleted : user_pref("CT2504091.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");Line Deleted : user_pref("CT2504091.openThankYouPage", "false");Line Deleted : user_pref("CT2504091.openUninstallPage", "false");Line Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");Line Deleted : user_pref("CT2504091.search.searchCount", "0");Line Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");Line Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");Line Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}");Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote\"}");Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");Line Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1341370761555");Line Deleted : user_pref("CT2504091.serviceLayer_services_appTracking_lastUpdate", "1341370762947");Line Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1341888700800");Line Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1341370761974");Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.12.5_lastUpdate", "1341888701469");Line Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1341370761602");Line Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1341370761955");Line Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1341888701048");Line Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1341888700758");Line Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1341370762155");Line Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1341888701052");Line Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1341888701093");Line Deleted : user_pref("CT2504091.settingsINI", true);Line Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");Line Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");Line Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");Line Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");Line Deleted : user_pref("CT2504091.startPage", "false");Line Deleted : user_pref("CT2504091.toolbarBornServerTime", "4-7-2012");Line Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "10-7-2012"); -\\ Google Chrome v [ File : C:\Users\aldrich\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [10580 octets] - [09/02/2014 01:13:16]AdwCleaner[R1].txt - [7809 octets] - [11/02/2014 07:18:08]AdwCleaner[s0].txt - [7854 octets] - [11/02/2014 07:22:25] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7914 octets] ########## ================================================================================================== MBAM Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.02.10.09 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476aldrich :: UW-HP [administrator] Protection: Enabled 11-2-2014 7:34:36mbam-log-2014-02-11 (07-34-36).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 219572Time elapsed: 7 minute(s), 29 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) ====================================================================================================== ESET ESETSmartInstaller@High as downloader log:Can not read file from internet.ESETSmartInstaller@High as downloader log:Can not read file from internet.Can not open internetESETSmartInstaller@High as downloader log:all ok# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=ff6e4fe766bb8b4e971f1c913c0500e1# engine=17021# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2014-02-11 02:44:21# local_time=2014-02-11 09:44:21 (+0700, SE Asia Standard Time)# country="Netherlands"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=5893 16776574 100 94 17749284 143716511 0 0# scanned=298112# found=2# cleaned=0# scan_time=4772sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\aldrich\AppData\Roaming\rmi\ccleaner-4.07.4369.exe"sh=5927002122E8205CBE1E491CDB59223BA9ACED0A ft=1 fh=9150854d0b27c805 vn="Win32/WinloadSDA.C potentially unwanted application" ac=I fn="C:\Users\aldrich\Desktop\SAMSUNG GALAXY Y\SuperOneClick\nw_28548_superoneclicksetupex.exe" ============================================================================================================ Link to post Share on other sites More sharing options...
jim0777 Posted February 11, 2014 Author ID:789524 Share Posted February 11, 2014 As the previous post was too long, I'm posting the Farbar logs here: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01Ran by aldrich (administrator) on UW-HP on 11-02-2014 09:56:58Running from C:\Users\aldrich\Desktop\FARBARWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst- tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamservice.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared \VS7DEBUG\mdm.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live \WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live \WLIDSvcM.exe(Microsoft Corporation) C:\Windows\System32\alg.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamgui.exe(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE(Google Inc.) C:\Program Files (x86)\Google\Update \1.3.22.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update \1.3.22.5\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth \LBTWlgn.dll (Logitech, Inc.)HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\Policies\system: [DisableChangePassword] 0HKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: G - G: \setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: {066dd63e-c679-11df-aaea-f81e84cd26b7} - F:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: {066dd64f-c679-11df-aaea-f81e84cd26b7} - G:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: {134e6b86-9c1a-11e0-896d-c446197c0af0} - F:\AutoRun.exeHKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: {134e6b94-9c1a-11e0-896d-c446197c0af0} - F:\AutoRun.exeHKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: {66e5ab0f-ad2b-11e1-8dc2-90fba6a58c5b} - F:\NetTV-Stick.exeHKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: {6a1de9ce-d070-11df-9fc7-c446197c0af0} - F:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: {7363d01b-d0a3-11df-b50d-c446197c0af0} - F:\setup_vmc_lite.exe /checkApplicationPresenceHKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: {d4b9ed63-a50c-11e0-84bf-001e101fb4df} - F:\AutoRun.exeHKU\S-1-5-21-1478587639-2446437974-398429350-1000\...\MountPoints2: {d4b9ed7b-a50c-11e0-84bf-001e101fb4df} - F:\AutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.comSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {8F7331A2-B6FB-4761-86AC-C430DC53D665} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM - {C414E19D-65E3-47CE-B769-989A9616743A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding} &fr=chr-hp-psg&type=HPNTDFSearchScopes: HKLM-x32 - {C414E19D-65E3-47CE-B769-989A9616743A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding} &fr=chr-hp-psg&type=HPNTDFSearchScopes: HKCU - MSKBnumber URL = http://support.microsoft.com/?kbid= {SearchTerms}SearchScopes: HKCU - MSKBString URL = http://support.microsoft.com/search/default.aspx?query={SearchTerms}SearchScopes: HKCU - {B631BD26-8685-4C33-B3D0-4E337B7D7633} URL = http://th.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf- 8&ilc=12&type=407453&p={searchTerms}SearchScopes: HKCU - {C414E19D-65E3-47CE-B769-989A9616743A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding} &fr=chr-hp-psg&type=HPNTDFBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC- 5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live \WindowsLiveLogin.dll (Microsoft Corp.)BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C: \Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C: \Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles \lu1pyrvi.default 8&ilc=12&type=407453&p=FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"FF NetworkProxy: "type", 2FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash \NPSWF64_11_8_800_94.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\aldrich \AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\aldrich \AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins \np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins \npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins \NPOFF12.DLL (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins \npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins \npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins \npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins \npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins \npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\aldrich\AppData\Roaming\mozilla \plugins\np-mswmp.dll (Microsoft Corporation)FF Extension: Windows Media Player Extension for Firefox - C:\Users\aldrich \AppData\Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\Extensions\jid0- nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2012-08-22]FF Extension: Hola Unblocker - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-02-05]FF Extension: Print pages to PDF - C:\Users\aldrich\AppData\Roaming\Mozilla \Firefox\Profiles\lu1pyrvi.default\Extensions\printPages2Pdf@reinhold.ripper [2014 -01-18]FF Extension: Stylish-Custom - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\Stylish-Custom@choggi.dyndns.org [2011-06- 03]FF Extension: Adblock Plus Pop-up Addon - C:\Users\aldrich\AppData\Roaming \Mozilla\Firefox\Profiles\lu1pyrvi.default\Extensions \adblockpopups@jessehakanen.net.xpi [2011-06-03]FF Extension: App Button Clear - C:\Users\aldrich\AppData\Roaming\Mozilla \Firefox\Profiles\lu1pyrvi.default\Extensions\appbuttonclear@mozilla.org.xpi [2011 -06-03]FF Extension: App Button Color - C:\Users\aldrich\AppData\Roaming\Mozilla \Firefox\Profiles\lu1pyrvi.default\Extensions\appbuttoncolor@mozilla.org.xpi [2011 -06-03]FF Extension: ChromEdit Plus - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\chromeditplus@webdesigns.ms11.net.xpi [2011-06-01]FF Extension: anonymoX - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\client@anonymox.net.xpi [2014-02-05]FF Extension: Media Hint - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\mediahint@jetpack.xpi [2013-04-16]FF Extension: NASA Night Launch - C:\Users\aldrich\AppData\Roaming\Mozilla \Firefox\Profiles\lu1pyrvi.default\Extensions\nasanightlaunch@example.com.xpi [2011-06-01]FF Extension: Noia 4 Theme Manager - C:\Users\aldrich\AppData\Roaming\Mozilla \Firefox\Profiles\lu1pyrvi.default\Extensions\Noia4Options@ArisT2.xpi [2011-06-10]FF Extension: Print Edit - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\printedit@DW-dev.xpi [2013-04-16]FF Extension: ShareMeNot - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\sharemenot@franziroesner.com.xpi [2014-01- 27]FF Extension: Silvermel - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\silvermel@pardal.de.xpi [2011-06-01]FF Extension: Silvermel and Charamel XT - C:\Users\aldrich\AppData\Roaming \Mozilla\Firefox\Profiles\lu1pyrvi.default\Extensions\silvermelxt@pardal.de.xpi [2011-06-01]FF Extension: Test Pilot - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-08-01]FF Extension: Stylish - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles \lu1pyrvi.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2011-06-03]FF Extension: Media Converter - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi [2013-04-16]FF Extension: NoScript - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles \lu1pyrvi.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011- 06-03]FF Extension: ImTranslator - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\{9AA46F4F-4DC7-4c06-97AF- 5035170634FE}.xpi [2011-06-03]FF Extension: FireFTP button - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\{9BAE5926-8513-417d-8E47- 774955A7C60D}.xpi [2011-05-25]FF Extension: FireFTP - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles \lu1pyrvi.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011- 05-25]FF Extension: Easy YouTube Video Downloader - C:\Users\aldrich\AppData \Roaming\Mozilla\Firefox\Profiles\lu1pyrvi.default\Extensions\{c0c9a2c7-2e5c- 4447-bc53-97718bc91e1b}.xpi [2013-03-03]FF Extension: Adblock Plus - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-30]FF Extension: QuickJava - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox \Profiles\lu1pyrvi.default\Extensions\{E6C1199F-E687-42da-8C24- E7770CC3AE66}.xpi [2013-01-13]FF Extension: Noia 4 - C:\Users\aldrich\AppData\Roaming\Mozilla\Firefox\Profiles \lu1pyrvi.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi [2011- 06-01]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions \{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-09-27]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions \{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-22]FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4- 350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP \LogiSmoothFirefoxExt [2013-07-01]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6- 365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader \BrowserPlugins\Firefox\ExtFF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\ Firefox\firefox.exe Chrome: =======CHR DefaultSearchURL: http://www.google.com/search?{google:RLZ} {google:acceptedSuggestion}{google:originalQueryForSuggestion} sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR DefaultNewTabURL: CHR Extension: (Google Drive) - C:\Users\aldrich\AppData\Local\Google\Chrome \User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-16]CHR Extension: (Logitech SetPoint) - C:\Users\aldrich\AppData\Local\Google \Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-07-01]CHR Extension: (Google Wallet) - C:\Users\aldrich\AppData\Local\Google\Chrome \User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users \aldrich\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-16]CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C: \ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-01]CHR StartMenuInternet: Google Chrome - C:\Users\aldrich\AppData\Local\Google \Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-07-17] (BlueStack Systems, Inc.)S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD- LogRotatorService.exe [384840 2013-07-17] (BlueStack Systems, Inc.)S4 lxda_device; C:\Windows\SysWOW64\lxdacoms.exe [566192 2007-04-26] ( )R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware \mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10- 23] (Microsoft Corporation)S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()S3 SandraAgentSrv; C:\Program Files\SiSoftware Sandra Lite 2014.RTM \RpcAgentSrv.exe [72344 2008-11-25] (SiSoftware)S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy \SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)S4 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service \ScrybeUpdater.exe [1300264 2011-05-12] (Synaptics, Inc.)S4 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin \VMCService.exe [9216 2009-11-17] (Vodafone)S4 WTService; C:\Windows\system32\atwtusb.exe [916992 2011-04-27] () ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012 -03-02] (LG Electronics Inc.)R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2013-12-23] (Glarysoft Ltd)R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-07-17] (BlueStack Systems)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09- 23] (Realtek Semiconductor Corp.)S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [108296 2007-04-03] (MCCI Corporation)S3 SANDRA; C:\Program Files\SiSoftware Sandra Lite 2014.RTM \WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [204568 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr))R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2011-10 -04] (Acronis)R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster \3.7.0.0\PCFApiUtil64.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legitC:\Windows\System32\drivers\ACPI.sys ==> MD5 is legitC:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legitC:\Windows\System32\Drivers\adfs.sys 2F0683FD2DF1D92E891CACA14B45A8C1C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\afcdp.sys 3F5FDC12FFA4794FC3A178A26D48E7CFC:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6C:\Windows\system32\drivers\agp440.sys ==> MD5 is legitC:\Windows\system32\drivers\aliide.sys ==> MD5 is legitC:\Windows\system32\drivers\amdide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legitC:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legitC:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048C:\Windows\System32\DRIVERS\lgandbus64.sys 48CD7E6520D47D62EAB0E6CE3EC30C65C:\Windows\System32\DRIVERS\lganddiag64.sys 08CBACC00D15DCDBBAAE1A7C8F231C61C:\Windows\System32\DRIVERS\lgandgps64.sys CEA9A4CD6B3A83428CE8501240833668C:\Windows\System32\DRIVERS\lgandmodem64.sys E2B5663E547FA5E756B253EFA8EC8286C:\Windows\system32\drivers\appid.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legitC:\Windows\System32\drivers\atapi.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bcmwl664.sys 0E7A9264576B40638A3FBC804DE1FF76C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legitC:\Windows\System32\drivers\BootDefragDriver.sys 85E239DE26774AFD66A6305BC7C39662C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legitC:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legitC:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys E9030B35175CAA68F96F4F73DB9E4902C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FFC:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legitC:\Windows\System32\CLFS.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\clwvd.sys 45379507ECC5E406237BFF32C7390675C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legitC:\Windows\system32\drivers\cmdide.sys ==> MD5 is legitC:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legitC:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legitC:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ssudbus.sys 955FFE2B1D74A9E0E3E0E558E6A17F3BC:\Windows\System32\drivers\discache.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legitC:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legitC:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legitC:\Windows\system32\drivers\errdev.sys ==> MD5 is legitC:\Windows\System32\Drivers\exfat.sys ==> MD5 is legitC:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legitC:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legitC:\Windows\System32\drivers\filetrace.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitC:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legitC:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7BC:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legitC:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legitC:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373AC:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AFC:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legitC:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legitC:\Windows\System32\drivers\HTTP.sys ==> MD5 is legitC:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\iaStor.sys 1384872112E8E7FD5786ECEB8BDDF4C9C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366C:\Windows\System32\DRIVERS\igdkmd64.sys 1BE8D9CA4F2363B8E8015621878E0043C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9C:\Windows\System32\drivers\RTKVHD64.sys E76FDFFF07F8A2FA81FF250DDA0F6BBAC:\Windows\System32\DRIVERS\IntcDAud.sys 58CF58DEE26C909BD6F977B61D246295C:\Windows\system32\drivers\intelide.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legitC:\Windows\System32\drivers\ipnat.sys ==> MD5 is legitC:\Windows\System32\drivers\irenum.sys ==> MD5 is legitC:\Windows\system32\drivers\isapnp.sys ==> MD5 is legitC:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legitC:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54CC:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\LHidFilt.Sys 1470EF17E02E82E4F43346DF9E9F11E1C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\LMouFilt.Sys 12814AE119E959437BEA3110F81BD188C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legitC:\Windows\system32\drivers\luafv.sys ==> MD5 is legitC:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legitC:\Windows\System32\drivers\modem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\moufiltr.sys 21B7ACEA1BB49C3371DD5427BF309D6AC:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legitC:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9C:\Windows\system32\drivers\mpio.sys ==> MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68ACC:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30CC:\Windows\System32\drivers\msahci.sys ==> MD5 is legitC:\Windows\system32\drivers\msdsm.sys ==> MD5 is legitC:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legitC:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legitC:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legitC:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legitC:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legitC:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legitC:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legitC:\Windows\System32\Drivers\mup.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legitC:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legitC:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692BC:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legitC:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0C:\Windows\System32\Drivers\Null.sys ==> MD5 is legitC:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66ADC:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4AC:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legitC:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legitC:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9CC:\Windows\System32\drivers\pci.sys ==> MD5 is legitC:\Windows\system32\drivers\pciide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legitC:\Windows\System32\drivers\pcw.sys ==> MD5 is legitC:\Windows\System32\drivers\peauth.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legitC:\Windows\system32\pwdrvio.sys C32ECB99AD25E9A04F01C8665DF29EF8C:\Windows\system32\pwdspio.sys D619356B955EEFA642F5FF72755E8B3CC:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legitC:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legitC:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legitC:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0AC:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legitC:\Windows\System32\Drivers\RtsUStor.sys 483DF0B58CA532E5240E59DC41F30AA2C:\Windows\SysWOW64\Drivers\RtsUStor.sys 483DF0B58CA532E5240E59DC41F30AA2C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0C:\Windows\System32\DRIVERS\s116bus.sys 33E3B5497741E11609F5C19A4BABECE5C:\Program Files\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys 5EFBBFCC6ADAC121C8E2FE76641ED329C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legitC:\Windows\System32\Drivers\SCDEmu.sys 07237C66E05DA6778E9F3CB67FA00736C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legitC:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legitC:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\snapman.sys 27BA49F89468FDDAE6C2B311C53BCE3AC:\Windows\System32\Drivers\spldr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0BC:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3C:\Windows\System32\DRIVERS\ssudmdm.sys BB94A5E2CEE5FD83BA5A72A37AECADDFC:\Windows\System32\DRIVERS\ssudobex.sys 3B92524D6A8BA23EFB3158A6AD0ADF79C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legitC:\Windows\system32\drivers\swenum.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legitC:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tdrpm258.sys BF7AC81DF6FBE09438D9DC7188178EA9C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legitC:\Windows\system32\drivers\termdd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\timntr.sys 2C1CAF5563548A15515EAB07D2A069C6C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legitC:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legitC:\Windows\system32\drivers\umbus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83AC:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BAC:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DCC:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitC:\Windows\System32\drivers\vga.sys ==> MD5 is legitC:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\walvhid.sys C2C95D62C90CA809240112B41C1765F2C:\Windows\system32\drivers\viaide.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legitC:\Windows\System32\drivers\volsnap.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legitC:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legitC:\Windows\System32\drivers\wimmount.sys ==> MD5 is legitC:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906DC:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legitC:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legitC:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-11 09:54 - 2014-02-11 09:56 - 00000000 ____D () C:\FRST2014-02-11 07:39 - 2014-02-11 07:39 - 02347384 _____ (ESET) C:\Users\aldrich \Downloads\esetsmartinstaller_enu (1).exe2014-02-11 07:36 - 2014-02-11 07:36 - 00000000 ____D () C:\Program Files (x86)\ESET2014-02-11 07:07 - 2014-02-11 07:07 - 00004486 _____ () C:\Users\aldrich \Desktop\JRT.txt2014-02-11 07:00 - 2014-02-11 07:00 - 00000000 ____D () C:\Windows\ERUNT2014-02-11 06:17 - 2014-02-11 09:56 - 00000000 ____D () C:\Users\aldrich \Desktop\FARBAR2014-02-11 06:11 - 2014-02-11 06:14 - 00000000 ____D () C:\Users\aldrich \Desktop\JUNK REMOVAL2014-02-11 05:53 - 2014-02-11 05:53 - 00001564 _____ () C:\JavaRa.log2014-02-11 05:43 - 2014-02-11 05:52 - 00000000 ____D () C:\Users\aldrich \Desktop\REMOVE JAVA2014-02-10 19:39 - 2014-02-10 19:39 - 00002672 _____ () C:\Users\aldrich \Desktop\RKreport[0]_S_02102014_193940.txt2014-02-10 19:32 - 2014-02-10 19:32 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-10 19:24 - 2014-02-10 19:25 - 00791393 _____ (Lars Hederer ) C:\Users \aldrich\Downloads\erunt-setup.exe2014-02-10 19:05 - 2014-02-11 09:52 - 00000000 ____D () C:\Users\aldrich \Desktop\LOGS_NEW2014-02-10 17:15 - 2014-02-11 07:24 - 00000280 _____ () C:\Windows \setupact.log2014-02-10 17:15 - 2014-02-10 17:15 - 00000000 _____ () C:\Windows \setuperr.log2014-02-10 17:14 - 2014-02-10 17:14 - 00003288 ____N () C:\bootsqm.dat2014-02-10 16:22 - 2014-02-10 16:22 - 00013365 _____ () C:\Users\aldrich \Desktop\CCleaner64.exe.lnk2014-02-10 16:19 - 2013-04-17 14:02 - 01230336 _____ (Microsoft Corporation) C: \Windows\SysWOW64\WindowsCodecs.dll2014-02-10 16:19 - 2013-04-17 13:24 - 01424384 _____ (Microsoft Corporation) C: \Windows\system32\WindowsCodecs.dll2014-02-10 16:17 - 2013-08-28 08:12 - 00461312 _____ (Microsoft Corporation) C: \Windows\system32\scavengeui.dll2014-02-10 16:15 - 2013-01-24 13:01 - 00223752 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\fvevol.sys2014-02-09 18:51 - 2014-02-11 06:50 - 00000000 ____D () C:\ProgramData \Malwarebytes' Anti-Malware (portable)2014-02-09 18:46 - 2014-02-11 06:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-09 18:43 - 2014-02-09 18:46 - 00000000 ____D () C:\Users\aldrich \Desktop\MBAM Rootkit2014-02-09 17:47 - 2014-02-09 17:47 - 02347384 _____ (ESET) C:\Users\aldrich \Downloads\esetsmartinstaller_enu.exe2014-02-09 01:31 - 2014-02-11 06:47 - 00000000 ____D () C:\Users\aldrich \Desktop\LOGS_OLD2014-02-09 01:13 - 2014-02-11 07:22 - 00000000 ____D () C:\AdwCleaner2014-02-09 00:49 - 2014-02-09 01:07 - 00000000 ____D () C:\Users\aldrich \Desktop\RK_Quarantine2014-02-08 21:51 - 2014-02-08 21:52 - 00688992 ____R (Swearware) C:\Users \aldrich\Desktop\dds.com2014-02-08 21:25 - 2014-02-08 21:27 - 04403200 _____ () C:\Users\aldrich \Desktop\RogueKillerX64.exe2014-02-08 20:59 - 2014-02-08 21:00 - 02406064 _____ (Trend Micro Inc.) C: \Users\aldrich\Desktop\HousecallLauncher64.exe2014-02-08 20:40 - 2014-02-08 20:41 - 03809792 _____ () C:\Users\aldrich \Desktop\RogueKiller.exe2014-02-08 20:39 - 2014-02-08 20:40 - 02237968 _____ (Kaspersky Lab ZAO) C: \Users\aldrich\Desktop\tdsskiller.exe2014-02-08 20:38 - 2014-02-08 20:39 - 01166132 _____ () C:\Users\aldrich \Desktop\adwcleaner.exe2014-02-08 20:33 - 2014-02-10 19:33 - 00000000 ____D () C:\Windows\ERDNT2014-02-07 16:30 - 2014-02-07 16:30 - 00073669 _____ () C:\Users\aldrich \Desktop\Emailing img003.zip2014-02-05 13:30 - 2014-02-05 13:31 - 00000000 ____D () C:\Users\aldrich \Desktop\Einde Rentevast2014-02-04 19:40 - 2014-02-04 19:40 - 00025813 _____ () C:\Users\aldrich \Documents\Delta Lloyd bevestiging opheffen rekening.htm2014-02-04 19:40 - 2014-02-04 19:40 - 00000000 ____D () C:\Users\aldrich \Documents\Delta Lloyd bevestiging opheffen rekening_bestanden2014-02-03 18:56 - 2014-02-03 18:58 - 00000000 ____D () C:\Users\aldrich \AppData\Roaming\rmi2014-02-02 23:24 - 2014-02-05 13:23 - 00000000 ____D () C:\Users\aldrich \Desktop\SOFINUMMER YING2014-02-01 17:29 - 2014-02-05 11:04 - 00626688 _____ () C:\Users\aldrich \Documents\thaise vertalers translators.accdb2014-02-01 12:40 - 2014-02-01 12:42 - 00307200 _____ () C:\Users\aldrich \Documents\corrupt dbase.accdb2014-01-31 14:44 - 2014-01-31 14:44 - 00027501 _____ () C:\Users\aldrich \Documents\ASR bevestiging niet accoord omzetting.htm2014-01-31 14:44 - 2014-01-31 14:44 - 00000000 ____D () C:\Users\aldrich \Documents\ASR bevestiging niet accoord omzetting_bestanden2014-01-30 23:04 - 2014-01-30 23:04 - 00001367 _____ () C:\Users\Public \Desktop\IB 2013.lnk2014-01-24 17:51 - 2014-01-24 17:51 - 00000000 ____D () C:\Users\aldrich \Documents\New folder (2)2014-01-24 17:50 - 2014-01-24 17:51 - 00000000 ____D () C:\Users\aldrich \Documents\POST2014-01-23 13:19 - 2014-01-23 13:19 - 00050537 _____ () C:\Users\aldrich \Documents\Lynx_Activity 2_12013-31_12_2013.xlsx2014-01-23 13:13 - 2014-01-23 13:13 - 00175836 _____ () C:\Users\aldrich \Desktop\Lynx_20130102_20131231.xls2014-01-23 12:53 - 2014-01-23 12:53 - 00014496 _____ () C:\Users\aldrich \Documents\LYNX hoe_jaaropgave.htm2014-01-23 12:53 - 2014-01-23 12:53 - 00000000 ____D () C:\Users\aldrich \Documents\LYNX hoe_jaaropgave_files2014-01-20 22:35 - 2014-01-20 22:35 - 00000979 _____ () C:\Users\Public \Desktop\BankTrans.lnk2014-01-20 22:35 - 2014-01-20 22:35 - 00000000 ____D () C:\Users\aldrich \Documents\BankTrans2014-01-20 22:35 - 2014-01-20 22:35 - 00000000 ____D () C:\Program Files (x86)\BankTrans2014-01-18 16:03 - 2014-01-18 16:03 - 00000000 ____D () C:\Users\aldrich \Documents\New folder2014-01-17 16:17 - 2014-01-17 16:38 - 00000093 _____ () C:\Windows\wininit.ini2014-01-17 13:50 - 2014-01-17 13:50 - 00002172 _____ () C:\Users\Public \Desktop\Google Earth.lnk2014-01-15 20:09 - 2013-11-27 08:41 - 00343040 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\usbhub.sys2014-01-15 20:09 - 2013-11-27 08:41 - 00325120 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\usbport.sys2014-01-15 20:09 - 2013-11-27 08:41 - 00099840 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\usbccgp.sys2014-01-15 20:09 - 2013-11-27 08:41 - 00053248 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\usbehci.sys2014-01-15 20:09 - 2013-11-27 08:41 - 00030720 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\usbuhci.sys2014-01-15 20:09 - 2013-11-27 08:41 - 00025600 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\usbohci.sys2014-01-15 20:09 - 2013-11-27 08:41 - 00007808 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\usbd.sys2014-01-15 20:03 - 2013-11-26 17:32 - 03156480 _____ (Microsoft Corporation) C: \Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2014-02-11 09:56 - 2014-02-11 09:54 - 00000000 ____D () C:\FRST2014-02-11 09:56 - 2014-02-11 06:17 - 00000000 ____D () C:\Users\aldrich \Desktop\FARBAR2014-02-11 09:52 - 2014-02-10 19:05 - 00000000 ____D () C:\Users\aldrich \Desktop\LOGS_NEW2014-02-11 09:47 - 2013-02-23 18:14 - 00001070 _____ () C:\Windows\Tasks \GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-1000UA.job2014-02-11 09:06 - 2013-03-16 08:40 - 00001056 _____ () C:\Windows\Tasks \GoogleUpdateTaskMachineUA.job2014-02-11 08:47 - 2010-09-24 18:01 - 00001018 _____ () C:\Windows\Tasks \GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350- 1000Core.job2014-02-11 07:39 - 2014-02-11 07:39 - 02347384 _____ (ESET) C:\Users\aldrich \Downloads\esetsmartinstaller_enu (1).exe2014-02-11 07:37 - 2012-04-19 14:59 - 01863190 _____ () C:\Windows \WindowsUpdate.log2014-02-11 07:36 - 2014-02-11 07:36 - 00000000 ____D () C:\Program Files (x86)\ESET2014-02-11 07:31 - 2009-07-14 11:45 - 00023248 ____H () C:\Windows \system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d- 8115-601632D005A02014-02-11 07:31 - 2009-07-14 11:45 - 00023248 ____H () C:\Windows \system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d- 8115-601632D005A02014-02-11 07:24 - 2014-02-10 17:15 - 00000280 _____ () C:\Windows \setupact.log2014-02-11 07:24 - 2013-12-27 16:42 - 00000334 _____ () C:\Windows\Tasks \GlaryInitialize 4.job2014-02-11 07:24 - 2013-03-16 08:40 - 00001052 _____ () C:\Windows\Tasks \GoogleUpdateTaskMachineCore.job2014-02-11 07:24 - 2013-03-13 20:33 - 00000430 _____ () C:\Windows \system32\Drivers\etc\hosts.ics2014-02-11 07:24 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks \SA.DAT2014-02-11 07:22 - 2014-02-09 01:13 - 00000000 ____D () C:\AdwCleaner2014-02-11 07:07 - 2014-02-11 07:07 - 00004486 _____ () C:\Users\aldrich \Desktop\JRT.txt2014-02-11 07:00 - 2014-02-11 07:00 - 00000000 ____D () C:\Windows\ERUNT2014-02-11 06:50 - 2014-02-09 18:51 - 00000000 ____D () C:\ProgramData \Malwarebytes' Anti-Malware (portable)2014-02-11 06:47 - 2014-02-09 01:31 - 00000000 ____D () C:\Users\aldrich \Desktop\LOGS_OLD2014-02-11 06:14 - 2014-02-11 06:11 - 00000000 ____D () C:\Users\aldrich \Desktop\JUNK REMOVAL2014-02-11 06:07 - 2014-02-09 18:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-11 05:53 - 2014-02-11 05:53 - 00001564 _____ () C:\JavaRa.log2014-02-11 05:53 - 2010-09-27 05:13 - 00000000 ____D () C:\Program Files (x86)\Java2014-02-11 05:52 - 2014-02-11 05:43 - 00000000 ____D () C:\Users\aldrich \Desktop\REMOVE JAVA2014-02-10 19:39 - 2014-02-10 19:39 - 00002672 _____ () C:\Users\aldrich \Desktop\RKreport[0]_S_02102014_193940.txt2014-02-10 19:33 - 2014-02-08 20:33 - 00000000 ____D () C:\Windows\ERDNT2014-02-10 19:32 - 2014-02-10 19:32 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-10 19:25 - 2014-02-10 19:24 - 00791393 _____ (Lars Hederer ) C:\Users \aldrich\Downloads\erunt-setup.exe2014-02-10 18:26 - 2009-07-14 12:13 - 00783374 _____ () C:\Windows \system32\PerfStringBackup.INI2014-02-10 18:06 - 2013-11-23 16:27 - 00000000 ____D () C:\Users\aldrich \Desktop\SDCard MemoPad2014-02-10 17:15 - 2014-02-10 17:15 - 00000000 _____ () C:\Windows \setuperr.log2014-02-10 17:14 - 2014-02-10 17:14 - 00003288 ____N () C:\bootsqm.dat2014-02-10 16:36 - 2010-12-09 09:31 - 00769286 _____ () C:\Windows \SysWOW64\PerfStringBackup.INI2014-02-10 16:22 - 2014-02-10 16:22 - 00013365 _____ () C:\Users\aldrich \Desktop\CCleaner64.exe.lnk2014-02-10 16:11 - 2010-09-27 04:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-02-10 16:10 - 2012-02-29 12:58 - 00000000 ____D () C:\Program Files \CCleaner2014-02-09 18:46 - 2014-02-09 18:43 - 00000000 ____D () C:\Users\aldrich \Desktop\MBAM Rootkit2014-02-09 17:47 - 2014-02-09 17:47 - 02347384 _____ (ESET) C:\Users\aldrich \Downloads\esetsmartinstaller_enu.exe2014-02-09 02:37 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows \system32\NDF2014-02-09 01:07 - 2014-02-09 00:49 - 00000000 ____D () C:\Users\aldrich \Desktop\RK_Quarantine2014-02-08 22:06 - 2012-01-13 23:24 - 00433796 _____ () C:\Users\aldrich \AppData\Local\census.cache2014-02-08 22:06 - 2012-01-13 23:23 - 00144573 _____ () C:\Users\aldrich \AppData\Local\ars.cache2014-02-08 21:52 - 2014-02-08 21:51 - 00688992 ____R (Swearware) C:\Users \aldrich\Desktop\dds.com2014-02-08 21:27 - 2014-02-08 21:25 - 04403200 _____ () C:\Users\aldrich \Desktop\RogueKillerX64.exe2014-02-08 21:16 - 2010-09-22 13:03 - 00000000 ____D () C:\Users\aldrich2014-02-08 21:00 - 2014-02-08 20:59 - 02406064 _____ (Trend Micro Inc.) C: \Users\aldrich\Desktop\HousecallLauncher64.exe2014-02-08 20:41 - 2014-02-08 20:40 - 03809792 _____ () C:\Users\aldrich \Desktop\RogueKiller.exe2014-02-08 20:40 - 2014-02-08 20:39 - 02237968 _____ (Kaspersky Lab ZAO) C: \Users\aldrich\Desktop\tdsskiller.exe2014-02-08 20:39 - 2014-02-08 20:38 - 01166132 _____ () C:\Users\aldrich \Desktop\adwcleaner.exe2014-02-08 18:40 - 2010-09-24 18:35 - 00000000 ____D () C:\Users\aldrich \AppData\Local\Mozilla2014-02-08 18:40 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows \registration2014-02-07 16:30 - 2014-02-07 16:30 - 00073669 _____ () C:\Users\aldrich \Desktop\Emailing img003.zip2014-02-06 14:01 - 2013-03-16 08:40 - 00004052 _____ () C:\Windows \System32\Tasks\GoogleUpdateTaskMachineUA2014-02-06 14:01 - 2013-03-16 08:40 - 00003800 _____ () C:\Windows \System32\Tasks\GoogleUpdateTaskMachineCore2014-02-05 15:17 - 2010-11-29 15:26 - 00000000 ____D () C:\Users\aldrich \AppData\Roaming\Belastingdienst2014-02-05 13:31 - 2014-02-05 13:30 - 00000000 ____D () C:\Users\aldrich \Desktop\Einde Rentevast2014-02-05 13:30 - 2010-11-29 15:26 - 00000000 ____D () C:\Users\aldrich \Documents\Belastingdienst Aangifte IB2014-02-05 13:23 - 2014-02-02 23:24 - 00000000 ____D () C:\Users\aldrich \Desktop\SOFINUMMER YING2014-02-05 13:23 - 2013-12-15 08:00 - 00000000 ____D () C:\Users\aldrich \Desktop\Prognose Aangifte 20132014-02-05 12:31 - 2012-08-28 20:46 - 00000000 ____D () C:\Users\aldrich \Documents\handtekeningen2014-02-05 12:31 - 2011-05-14 20:53 - 00000132 _____ () C:\Users\aldrich \AppData\Roaming\Adobe PNG Format CS5 Prefs2014-02-05 11:04 - 2014-02-01 17:29 - 00626688 _____ () C:\Users\aldrich \Documents\thaise vertalers translators.accdb2014-02-04 23:30 - 2013-03-16 08:43 - 00000000 ___RD () C:\Users\aldrich\Google Drive2014-02-04 21:09 - 2011-06-06 06:00 - 00001456 _____ () C:\Users\aldrich \AppData\Local\Adobe Save for Web 12.0 Prefs2014-02-04 19:40 - 2014-02-04 19:40 - 00025813 _____ () C:\Users\aldrich \Documents\Delta Lloyd bevestiging opheffen rekening.htm2014-02-04 19:40 - 2014-02-04 19:40 - 00000000 ____D () C:\Users\aldrich \Documents\Delta Lloyd bevestiging opheffen rekening_bestanden2014-02-03 18:58 - 2014-02-03 18:56 - 00000000 ____D () C:\Users\aldrich \AppData\Roaming\rmi2014-02-03 10:25 - 2012-08-05 15:24 - 00495616 _____ () C:\Users\aldrich \Documents\thai translators.accdb2014-02-03 10:16 - 2009-07-14 11:45 - 05289000 _____ () C:\Windows \system32\FNTCACHE.DAT2014-02-03 00:43 - 2012-03-10 11:32 - 00000000 ____D () C:\Users\aldrich \Documents\House Land Marriage Thailand2014-02-03 00:39 - 2010-09-22 13:05 - 00269952 _____ () C:\Users\aldrich \AppData\Local\GDIPFONTCACHEV1.DAT2014-02-03 00:34 - 2010-09-27 04:17 - 00000000 ____D () C:\ProgramData \Microsoft Help2014-02-01 12:42 - 2014-02-01 12:40 - 00307200 _____ () C:\Users\aldrich \Documents\corrupt dbase.accdb2014-01-31 19:24 - 2013-01-11 14:38 - 00000000 ____D () C:\Users\aldrich \AppData\Roaming\Skype2014-01-31 17:36 - 2012-08-01 21:53 - 00000000 ____D () C:\Users\aldrich \Software2014-01-31 14:44 - 2014-01-31 14:44 - 00027501 _____ () C:\Users\aldrich \Documents\ASR bevestiging niet accoord omzetting.htm2014-01-31 14:44 - 2014-01-31 14:44 - 00000000 ____D () C:\Users\aldrich \Documents\ASR bevestiging niet accoord omzetting_bestanden2014-01-30 23:04 - 2014-01-30 23:04 - 00001367 _____ () C:\Users\Public \Desktop\IB 2013.lnk2014-01-30 21:36 - 2013-12-10 17:08 - 00014673 _____ () C:\Users\aldrich \Desktop\maandlasten thailand_2013.xlsx2014-01-24 17:51 - 2014-01-24 17:51 - 00000000 ____D () C:\Users\aldrich \Documents\New folder (2)2014-01-24 17:51 - 2014-01-24 17:50 - 00000000 ____D () C:\Users\aldrich \Documents\POST2014-01-24 14:50 - 2010-09-27 04:17 - 00000000 ____D () C:\Windows\SHELLNEW2014-01-23 13:19 - 2014-01-23 13:19 - 00050537 _____ () C:\Users\aldrich \Documents\Lynx_Activity 2_12013-31_12_2013.xlsx2014-01-23 13:13 - 2014-01-23 13:13 - 00175836 _____ () C:\Users\aldrich \Desktop\Lynx_20130102_20131231.xls2014-01-23 12:53 - 2014-01-23 12:53 - 00014496 _____ () C:\Users\aldrich \Documents\LYNX hoe_jaaropgave.htm2014-01-23 12:53 - 2014-01-23 12:53 - 00000000 ____D () C:\Users\aldrich \Documents\LYNX hoe_jaaropgave_files2014-01-23 12:36 - 2012-02-22 20:31 - 00000000 ____D () C:\Jts2014-01-21 22:46 - 2012-12-13 16:29 - 00000000 ____D () C:\Users\aldrich \AppData\Roaming\Azureus2014-01-20 22:35 - 2014-01-20 22:35 - 00000979 _____ () C:\Users\Public \Desktop\BankTrans.lnk2014-01-20 22:35 - 2014-01-20 22:35 - 00000000 ____D () C:\Users\aldrich \Documents\BankTrans2014-01-20 22:35 - 2014-01-20 22:35 - 00000000 ____D () C:\Program Files (x86)\BankTrans2014-01-19 14:33 - 2010-09-22 13:11 - 00270496 ____N (Microsoft Corporation) C: \Windows\system32\MpSigStub.exe2014-01-18 16:03 - 2014-01-18 16:03 - 00000000 ____D () C:\Users\aldrich \Documents\New folder2014-01-18 14:39 - 2011-03-27 23:35 - 00000000 ____D () C:\Program Files (x86)\ Firefox2014-01-18 10:34 - 2011-10-02 06:22 - 00000000 ____D () C:\Users\aldrich \Documents\Belastingdienst2014-01-17 16:38 - 2014-01-17 16:17 - 00000093 _____ () C:\Windows\wininit.ini2014-01-17 13:50 - 2014-01-17 13:50 - 00002172 _____ () C:\Users\Public \Desktop\Google Earth.lnk2014-01-17 13:49 - 2010-09-22 23:02 - 00000000 ____D () C:\Users\aldrich \AppData\Local\Google2014-01-17 12:36 - 2013-12-27 16:42 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 42014-01-16 17:53 - 2013-06-19 15:18 - 00012841 _____ () C:\Users\aldrich \Desktop\Saldi Spaar en Deposito 19_6_13.xlsx2014-01-16 16:38 - 2013-12-30 15:24 - 00010566 _____ () C:\Users\aldrich \Desktop\Lijfrentes & Banksparen per dec 2013.xlsx2014-01-15 20:59 - 2013-07-23 15:44 - 00000000 ____D () C:\Windows \system32\MRT2014-01-15 20:56 - 2010-09-23 18:06 - 86054176 _____ (Microsoft Corporation) C: \Windows\system32\MRT.exe2014-01-13 20:29 - 2009-07-14 12:08 - 00032644 _____ () C:\Windows\Tasks \SCHEDLGU.TXT Some content of TEMP:====================C:\Users\aldrich\AppData\Local\Temp\ntdll_dump.dllC:\Users\aldrich\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows Boot Manager--------------------identifier {bootmgr}device partition=\Device\HarddiskVolume1description Windows Boot Managerlocale en-USinherit {globalsettings}extendedinput Yesdefault {current}resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}displayorder {current}toolsdisplayorder {memdiag}timeout 30customactions 0x1000085000001 0x5400000fcustom:5400000f {705a19a8-bb20-11df-919e-a1cbc866c8c4} Windows Boot Loader-------------------identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}device ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}path \windows\system32\boot\winload.exedescription Microsoft Windows PE 2.0 osdevice ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}systemroot \windowsdetecthal Yeswinpe Yesems Yes Windows Boot Loader-------------------identifier {705a19a8-bb20-11df-919e-a1cbc866c8c4}device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{705a19a9- bb20-11df-919e-a1cbc866c8c4}path \windows\system32\winload.exedescription Windows Recovery Environmentinherit {bootloadersettings}osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{705a19a9- bb20-11df-919e-a1cbc866c8c4}systemroot \windowsnx OptInwinpe Yes Windows Boot Loader-------------------identifier {current}device partition=C:path \Windows\system32\winload.exedescription Windows 7locale en-USinherit {bootloadersettings}recoverysequence {705a19a8-bb20-11df-919e-a1cbc866c8c4}recoveryenabled Yesosdevice partition=C:systemroot \Windowsresumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}nx OptIn Resume from Hibernate---------------------identifier {c279be75-9b51-11de-9b93-a29d207e6d0e}device partition=C:path \Windows\system32\winresume.exedescription Windows Resume Applicationlocale en-USinherit {resumeloadersettings}filedevice partition=C:filepath \hiberfil.sysdebugoptionenabled No Windows Memory Tester---------------------identifier {memdiag}device partition=\Device\HarddiskVolume1path \boot\memtest.exedescription Windows Memory Diagnosticlocale en-USinherit {globalsettings}badmemoryaccess Yes EMS Settings------------identifier {emssettings}bootems Yes Debugger Settings-----------------identifier {dbgsettings}debugtype Serialdebugport 1baudrate 115200 RAM Defects-----------identifier {badmemory} Global Settings---------------identifier {globalsettings}inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings--------------------identifier {bootloadersettings}inherit {globalsettings} {hypervisorsettings} Hypervisor Settings-------------------identifier {hypervisorsettings}hypervisordebugtype Serialhypervisordebugport 1hypervisorbaudrate 115200 Resume Loader Settings----------------------identifier {resumeloadersettings}inherit {globalsettings} Device options--------------identifier {705a19a9-bb20-11df-919e-a1cbc866c8c4}description Ramdisk Optionsramdisksdidevice partition=D:ramdisksdipath \Recovery\WindowsRE\boot.sdi Setup Ramdisk Options---------------------identifier {ramdiskoptions}description Ramdisk Optionsramdisksdidevice bootramdisksdipath \boot\boot.sdi LastRegBack: 2014-02-10 12:48 ============================================ End Of Log ========================================= Link to post Share on other sites More sharing options...
jim0777 Posted February 11, 2014 Author ID:789526 Share Posted February 11, 2014 And this is the Farbar Addition: FARBAR ADDITION Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01Ran by aldrich at 2014-02-11 09:57:49Running from C:\Users\aldrich\Desktop\FARBARBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)7-Zip 4.47 beta (x32 Version: - )Aangifte inkomstenbelasting 2009 (x32 Version: - Belastingdienst)Aangifte inkomstenbelasting 2010 (x32 Version: - Belastingdienst)Aangifte inkomstenbelasting 2012 (x32 Version: - Belastingdienst)Aangifte inkomstenbelasting 2013 (x32 Version: - Belastingdienst)Acronis True Image Home (x32 Version: 13.0.6053 - Acronis)Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) HiddenAdobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.)Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) HiddenAdobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated)Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) HiddenAdobe Flash Player 10 ActiveX (x32 Version: 10.2.159.1 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94 - Adobe Systems Incorporated)Adobe InDesign CS5.5 (x32 Version: 7.5 - Adobe Systems Incorporated)Adobe Photoshop CS5 (x32 Version: 12.0 - Adobe Systems Incorporated)Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) HiddenAmazon Kindle (HKCU Version: - Amazon)Any Video Converter 3.5.8 (x32 Version: - Any-Video-Converter.com)Apple Application Support (x32 Version: 1.4.1 - Apple Inc.)Apple Software Update (x32 Version: 2.1.1.116 - Apple Inc.)ArcSoft Panorama Maker 3.0 (x32 Version: - )ASUS Android USB Drivers (Version: 4.0.6442 - ASUSTeK Computer Inc.)ASUS Sync (x32 Version: 1.0.96 - FutureDial Inc.)Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team)BankTrans versie 2.10 (x32 Version: 2.10 - BankTrans)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlueStacks App Player (x32 Version: 0.7.16.910 - BlueStack Systems, Inc.)BlueStacks Notification Center (x32 Version: 0.7.16.910 - BlueStack Systems, Inc.)Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6 - Broadcom Corporation)Bullzip PDF Printer 7.2.0.1338 (Version: 7.2.0.1338 - Bullzip)Camtasia Studio 4 (x32 Version: 4.0.1 - TechSmith Corporation)Canon iP2700 series Printer Driver (Version: - )CCleaner (Version: 4.10 - Piriform)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCool Edit Pro 2.0 (x32 Version: - )CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.)CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) HiddenCyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.)CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) HiddenCyberLink YouCam (x32 Version: 3.1.3130 - CyberLink Corp.)CyberLink YouCam (x32 Version: 3.1.3130 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddendoPDF 7.3 printer (Version: 7.3.393 - Softland)Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenEnergy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenERUNT 1.1j (x32 Version: - Lars Hederer)Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) HiddenESET Online Scanner v3 (x32 Version: - )ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)FATE (x32 Version: 2.2.0.95 - WildTangent) HiddenFeedback Tool (x32 Version: 1.1.0 - Microsoft Corporation)Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) HiddenFoxit PDF Editor (x32 Version: - )Foxit PDF Preview Handler (x32 Version: 1.0.0 - Tim Heuer)Foxit Phantom (x32 Version: 2.2.4.0225 - Foxit Software Company)Foxit Reader (x32 Version: 3.1.4.1125 - Foxit Software)Glary Utilities 4.3 (x32 Version: 4.3.0.80 - Glarysoft Ltd)GOM Player (x32 Version: 2.1.50.5145 - Gretech Corporation)Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)Google Earth (x32 Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHigh-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) HiddenHP Advisor (x32 Version: 3.4.10262.3295 - Hewlett-Packard)HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP Documentation (x32 Version: 1.0.0.0 - Hewlett-Packard)HP Game Console (x32 Version: - WildTangent) HiddenHP Games (x32 Version: 1.0.1.3 - WildTangent)HP Power Manager (x32 Version: 1.4.7 - Hewlett-Packard Company)HP Product Detection (x32 Version: 11.15.0004 - HP)HP Quick Launch (x32 Version: 2.6.3 - Hewlett-Packard Company)HP Setup (x32 Version: 8.1.4186.3400 - Hewlett-Packard)HP Software Framework (x32 Version: 3.5.23.1 - Hewlett-Packard Company)HP Wireless Assistant (Version: 4.0.9.0 - Hewlett-Packard)Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2182 - Intel Corporation)Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)Intel® Rapid Storage Technology (x32 Version: 9.6.2.1001 - Intel Corporation)Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) HiddenJunk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenKindle Converter (x32 Version: 1.2.1 - eBook Converter)LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.)LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) HiddenLAME v3.99.3 (for Windows) (x32 Version: - )LG United Mobile Driver (x32 Version: 3.7.2.0 - LG Electronics)LightScribe System Software (x32 Version: 1.18.15.1 - LightScribe)Logitech SetPoint 6.52 (Version: 6.52.74 - Logitech)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office InfoPath MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (Dutch) 2007 (x32 Version: 12.0.4518.1017 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (Dutch) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) HiddenMicrosoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMiniTool Partition Wizard Home Edition 8.1.1 (x32 Version: - MiniTool Solution Ltd.)MiniTool Power Data Recovery (x32 Version: - MiniTool Solution Ltd.)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)MyBKS 2.0 (HKCU Version: MyBKS 2.0 3.1.2 - Memorylab)Neat Image v6.0 Pro+ (x32 Version: - Neat Image team, ABSoft)Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) HiddenNero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) HiddenNero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) HiddenNero Burning ROM 10 (x32 Version: 10.0.11100.10.100 - Nero AG)Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) HiddenNero BurnRights 10 (x32 Version: 4.0.11000.12.100 - Nero AG)Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) HiddenNero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) HiddenNero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) HiddenNero Core Components 10 (x32 Version: 2.0.13700.0.1 - Nero AG) HiddenNero CoverDesigner 10 (x32 Version: 5.0.10900.11.100 - Nero AG)Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) HiddenNero DiscSpeed 10 (x32 Version: 6.0.10800.7.100 - Nero AG)Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) HiddenNero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) HiddenNero Express 10 (x32 Version: 10.0.11000.10.100 - Nero AG)Nero Express 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) HiddenNero InfoTool 10 (x32 Version: 7.0.10800.8.100 - Nero AG)Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) HiddenNero MediaHub 10 (x32 Version: 1.0.13400.11.100 - Nero AG)Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) HiddenNero Multimedia Suite 10 (x32 Version: 10.0.13100 - Nero AG)Nero Recode 10 (x32 Version: 4.6.10900.4.100 - Nero AG)Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) HiddenNero RescueAgent 10 (x32 Version: 3.0.10900.9.100 - Nero AG)Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) HiddenNero SoundTrax 10 (x32 Version: 4.6.10600.2.100 - Nero AG)Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) HiddenNero StartSmart 10 (x32 Version: 10.0.11200.12.100 - Nero AG)Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) HiddenNero Vision 10 (x32 Version: 7.0.11100.8.100 - Nero AG)Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) HiddenNero WaveEditor 10 (x32 Version: 5.6.10600.2.100 - Nero AG)Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) HiddenOpera Stable 18.0.1284.68 (x32 Version: 18.0.1284.68 - Opera Software ASA)PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) HiddenPDF-XChange Editor (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.) HiddenPDF-XChange Editor (x32 Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.)Penguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPhoto Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.)PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) HiddenPicasa 3 (x32 Version: 3.9 - Google, Inc.)Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) HiddenPoker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenPower2Go (x32 Version: 6.1.4204 - CyberLink Corp.)Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) HiddenPowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.)PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) HiddenPowerISO (x32 Version: 4.6 - PowerISO Computing, Inc.)QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)QuickTime Alternative 3.2.2 (x32 Version: 3.2.2 - )Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010 - Realtek)Realtek High Definition Audio Driver (x32 Version: 6.0.1.6066 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) HiddenRegister-x64 (Version: 1.0.0.0 - Pliek@2010) HiddenRtVOsd (Version: 1.0.3 - Realtek Semiconductor Corp.)Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)SiSoftware Sandra Lite 2014.RTM (Version: 20.10.2014.2 - SiSoftware)Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (x32 Version: 1.6.5.17120 - Synaptics Inc.)Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)System Requirements Lab for Intel (x32 Version: 4.5.13.0 - Husdawg, LLC)Tablet Driver With Macrokey Manager (Version: 4.13 - )Trader Workstation 4.0 (x32 Version: - )Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)Update voor Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)Update voor Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) HiddenVerzoek of wijziging voorlopige aanslag 2014 (x32 Version: - Belastingdienst)Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) HiddenVisual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)VLC media player 2.0.7 (x32 Version: 2.0.7 - VideoLAN)Vodafone Mobile Connect Lite (x32 Version: 9.4.5.19931 - Vodafone)VoipDiscount (x32 Version: 4.05 build 579 - Finarea S.A. Switzerland)VSO Image Resizer 2.2.0.1c (x32 Version: 2.2.0.1c - VSO-Software)Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) HiddenWindows Movie Maker 2.6 (x32 Version: 2.6.4037.0 - Microsoft Corporation)Windows Phone app for desktop (x32 Version: 1.0.1720.1 - Microsoft Corporation)WinPatrol (Version: 20.0.2011.2 - BillP Studios)WinRAR (x32 Version: - )x64 Components v2.2.4 (Version: 2.2.4 - Shark007)Yahoo! Messenger (x32 Version: - Yahoo! Inc.)Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenZune (Version: 04.08.2345.00 - Microsoft Corporation)Zune (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 23-01-2014 08:45:56 Windows Update26-01-2014 11:05:46 Windows Update29-01-2014 14:36:32 Windows Update02-02-2014 04:11:34 Windows Update05-02-2014 13:42:50 Windows Update07-02-2014 15:40:39 HP 3500c Scanner 64bit vista driver08-02-2014 11:34:29 Restore Operation08-02-2014 14:57:39 Windows Update10-02-2014 09:24:28 Windows Update10-02-2014 22:35:54 Removed Java 7 Update 45 ==================== Hosts content: ========================== 2012-12-13 22:12 - 2012-12-13 22:44 - 00421206 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com 127.0.0.1 ereg.wip.adobe.com 127.0.0.1 ereg.wip1.adobe.com127.0.0.1 ereg.wip2.adobe.com 127.0.0.1 ereg.wip3.adobe.com127.0.0.1 ereg.wip4.adobe.com 127.0.0.1 hl2rcv.adobe.com127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com127.0.0.1 ereg.adobe.com127.0.0.1 activate.wip.adobe.com127.0.0.1 activate.wip1.adobe.com127.0.0.1 activate.wip2.adobe.com127.0.0.1 activate.wip3.adobe.com127.0.0.1 activate.wip4.adobe.com127.0.0.1 wip3.adobe.com127.0.0.1 3dns-4.adobe.com127.0.0.1 3dns-3.adobe.com127.0.0.1 3dns-2.adobe.com127.0.0.1 3dns-1.adobe.com127.0.0.1 3dns.adobe.com127.0.0.1 adobe-dns.adobe.com127.0.0.1 adobe-dns-1.adobe.com127.0.0.1 adobe-dns-2.adobe.com127.0.0.1 adobe-dns-3.adobe.com127.0.0.1 adobe-dns-4.adobe.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {04AFC289-2BFC-4F44-8925-8ECF7B00DAA5} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2013-12-24] (Glarysoft Ltd)Task: {0EF7547B-71C1-4DF7-BFA3-EFE70F9C5E90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)Task: {1E62D4F6-BE47-4FFB-A62C-086A3AEDF6F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {547C34EC-B6AC-455E-89B5-A56704BD4779} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1478587639-2446437974-398429350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {78FAF867-AAB8-4F24-8066-C3469044FF81} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1478587639-2446437974-398429350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {7C7B577D-2776-41DE-8528-C89D16C00743} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()Task: {7CA735FF-2005-487B-BB27-0B093DC19DCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {82306E91-0490-4B7D-8742-832A0FF7BDD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)Task: {82D52742-54F3-4710-8195-26ADDAB49B26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)Task: {9178312A-1935-4881-9361-293177C6C0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-01-31] (Hewlett-Packard)Task: {A7775512-5048-41F3-966A-8A6A6D26AD64} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1478587639-2446437974-398429350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {AA3B5437-CEEA-40B6-9C1A-5ACCA3A8B9F4} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [2013-02-22] (Futuredial Inc.)Task: {AAF9B859-F153-471B-ACED-72890437E9F2} - System32\Tasks\Baidu PC Faster Update => $szInstallingDir\Updater.exeTask: {B686D9BD-ACE8-4591-8B57-57629D2BF419} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1478587639-2446437974-398429350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {BCF09DFB-1999-4DA1-B283-0C3CF6C530E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-1000Core => C:\Users\aldrich\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24] (Google Inc.)Task: {D09F13C2-E079-46E9-A221-FA30914609B1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-1000UA => C:\Users\aldrich\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24] (Google Inc.)Task: {FC49904A-25A8-494D-873F-96F517ECC389} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-1000Core.job => C:\Users\aldrich\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1478587639-2446437974-398429350-1000UA.job => C:\Users\aldrich\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-09-27 04:16 - 2005-06-07 17:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll2009-02-26 19:46 - 2009-02-26 19:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll2011-06-22 17:46 - 2011-06-22 17:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AcrSch2Svc => 2MSCONFIG\Services: AERTFilters => 2MSCONFIG\Services: BstHdAndroidSvc => 2MSCONFIG\Services: BstHdLogRotatorSvc => 2MSCONFIG\Services: GameConsoleService => 3MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: gusvc => 3MSCONFIG\Services: HP Health Check Service => 2MSCONFIG\Services: HP Support Assistant Service => 2MSCONFIG\Services: HP Wireless Assistant Service => 2MSCONFIG\Services: hpqwmiex => 3MSCONFIG\Services: HPWMISVC => 2MSCONFIG\Services: IAStorDataMgrSvc => 2MSCONFIG\Services: LBTServ => 3MSCONFIG\Services: LightScribeService => 2MSCONFIG\Services: LMS => 2MSCONFIG\Services: lxda_device => 2MSCONFIG\Services: NOBU => 2MSCONFIG\Services: ProtexisLicensing => 2MSCONFIG\Services: RtVOsdService => 2MSCONFIG\Services: SBSDWSCService => 2MSCONFIG\Services: SkypeUpdate => 2MSCONFIG\Services: SwitchBoard => 3MSCONFIG\Services: UNS => 2MSCONFIG\Services: VMCService => 2MSCONFIG\Services: WTService => 2MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnk.CommonStartupMSCONFIG\startupfolder: C:^Users^aldrich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk => C:\Windows\pss\Logitech . Productregistratie.lnk.StartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbyloginMSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exeMSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startupMSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exeMSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingMSCONFIG\startupreg: Google Update => "C:\Users\aldrich\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeMSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hiddenMSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenMSCONFIG\startupreg: LogiScrollApp => C:\Program Files\Logitech\FlowScroll\KhalScroll.exeMSCONFIG\startupreg: MacrokeyManager => WTMKM.exeMSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietMSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silentMSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyMSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundMSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeMSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXEMSCONFIG\startupreg: RegClean Expert Scheduler => "C:\Program Files (x86)\Registry Clean Expert\RCHelper.exe" /startupMSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sMSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeMSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exeMSCONFIG\startupreg: VoipBuster => "C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimizedMSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\WinPatrol\winpatrol.exe -expressbootMSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/11/2014 09:49:04 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/11/2014 07:40:09 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/11/2014 07:36:38 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/11/2014 07:36:30 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors:=============Error: (02/11/2014 07:37:30 AM) (Source: ipnathlp) (User: )Description: 0 Error: (02/11/2014 07:37:30 AM) (Source: ipnathlp) (User: )Description: 0 Error: (02/11/2014 07:07:48 AM) (Source: ipnathlp) (User: )Description: 0 Error: (02/11/2014 07:07:48 AM) (Source: ipnathlp) (User: )Description: 0 Microsoft Office Sessions:=========================Error: (03/26/2013 01:29:12 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/25/2013 00:28:03 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9960 seconds with 840 seconds of active time. This session ended with a crash. Error: (12/13/2012 04:30:10 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 22868 seconds with 240 seconds of active time. This session ended with a crash. Error: (02/24/2012 06:59:56 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3380 seconds with 720 seconds of active time. This session ended with a crash. Error: (09/26/2011 08:53:22 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8000 seconds with 1080 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2014-02-08 19:00:47.548 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-08 19:00:47.376 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-08 19:00:47.173 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-08 19:00:47.002 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-08 19:00:46.768 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-08 19:00:46.596 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-08 19:00:46.393 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-08 19:00:46.222 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-08 19:00:46.003 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-08 19:00:45.832 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Perfect Uninstaller\FKFAP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 29%Total physical RAM: 7989.86 MBAvailable physical RAM: 5656.63 MBTotal Pagefile: 15977.9 MBAvailable Pagefile: 13769.65 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:449.47 GB) (Free:336.51 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:15.99 GB) (Free:2.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 754EA8AB)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=449 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 11, 2014 Root Admin ID:789538 Share Posted February 11, 2014 This topic will now be closed due to evidence of cracked or pirated software on this system. The host file is setup to pirate software from AdobePiracy Policy Link to post Share on other sites More sharing options...
Recommended Posts